What is our primary use case?
We use Splunk ITSI to collect the infrastructure metrics and visualize them.
How has it helped my organization?
Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.
It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.
Splunk ITSI has reduced our alert noise by 30 percent.
Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.
Splunk ITSI has reduced our mean time to resolve.
What is most valuable?
We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.
What needs improvement?
In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.
While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.
The technical support has room for improvement.
For how long have I used the solution?
I have been using Splunk ITSI for one year.
What do I think about the stability of the solution?
I would rate the stability of Splunk ITSI nine out of ten.
What do I think about the scalability of the solution?
Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.
How are customer service and support?
We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.
How would you rate customer service and support?
How was the initial setup?
The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.
Two people were involved in the deployment.
Which other solutions did I evaluate?
We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.
What other advice do I have?
I would rate Splunk ITSI eight out of ten.
We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.
We have around 150 people using Splunk ITSI.
Two people are responsible for the maintenance of Splunk ITSI in our organization.
I would rate the resilience of Splunk ITSI nine out of ten.
In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.
I recommend Splunk ITSI.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.