Splunk ITSI (IT Service Intelligence) Reviews

Splunk ITSI is a product for operations. I use it for detecting issues in the operations and generating alerts for them.

It is an intelligence platform for operational excellence.

The end-to-end visibility is a great thing about Splunk ITSI. It provides an end-to-end view to any user, from a normal engineer to a high-level manager.

We were able to realize the benefits of Splunk ITSI immediately.

Splunk ITSI helps to right-size resources to match the demand. It improves the quality. It is more organized. It can definitely help in rightsizing.

It helps to avoid duplicated alerts. If rightly implemented, it can reduce the duplication of alerts and provide more specific and accurate context.

Splunk ITSI has helped reduce incident volume. The reduction is implementation-dependent. If it is rightly implemented, we can reduce it to a very low percentage. Out of 100, we get only 10 alerts. If the context is correct, we only need one alert. This can be achieved with ITSI.

Splunk ITSI has helped reduce our alert noise, but I do not have the numbers because the initial implementation was not right. There were so many alerts, but when we corrected the implementation, it reduced them by a lot. I do not have the numbers, but thousands have become hundreds.

Splunk ITSI has helped reduce our mean time to detect (MTTD). It is at least five minutes. The mean time to resolve is dependent on the team. I do not have control over that because, in Splunk ITSI, we generate alerts for multiple teams, not just one team. It all depends on their SLAs.

Splunk ITSI helps us to automate alerting and automatically generate alerts or create incidents. It is not an automation tool to reduce mundane tasks.

Splunk ITSI helped us save costs by reducing downtime and manpower costs or avoiding SLA penalties.

The service analyzer view and automatic creation of incidents are valuable.

Better documentation would definitely help. Many people do not know about it, so better documentation and use case explanations would be helpful. There should be more YouTube videos about how to implement ITSI

The biggest improvement area is making it open to developers. Right now, it is very closed. It can only be downloaded by people who have a license to and not everyone. If it is open to everybody, more people will use it.

It has been quite a long time. It has been more than four or five years.

It is pretty stable. If we have the proper infrastructure, this tool is very stable. It does not crash.

Its scalability is high. It can scale very well. You can increase the size of the cluster. You can increase the capacity vertically and horizontally. It is very scalable.

They are good. They respond based on the SLAs. The quality of service depends on how informative you are when you provide the case details to them, but they have the ability to escalate it to higher levels and get help. They have the skills, but sometimes, the support is not in the UK. It sometimes comes from the US, so there may be time constraints when you set up a call. Otherwise, they are good.

Neutral

I have used other solutions. In the old days, I used a BMC system. Splunk ITSI is a completely different type of alerting system.

The BMC solution is more monotonic. It does not have the intelligence like Splunk ITSI to reduce the noise. It just picks up a metric and alerts based on that threshold, whereas, in ITSI, we have the control to reduce the number of alerts generated on the same threshold by adding some intelligence to it. It has the ability to do that Intelligence part. That is why it is called ITSI.

We have both on-premises and cloud deployment models. Its deployment is difficult for a beginner user. You need a consultant or somebody experienced in Splunk ITSI to implement it properly. Splunk ITSI is a premium product. You need very good Splunk infrastructure initially to run this on top. To run it properly, you should have good knowledge. You should at least have Splunk Architect-level certification. Otherwise, you can implement it, but it will not work properly or as you expect.

It is mostly a clustered solution. It is not normally done on a single server. We need to build the entire cluster. The initial build probably can take two weeks. Configuring everything can take a long time. Six months can be considered a good time to make it run properly for enterprise usage.

It needs regular upgrades, backups, and time-to-time updates to the system configurations. It requires a dedicated team. Once it is properly set up, less than ten people can manage it.

I am an ITSI consultant, so I am not a user. I set it up for customers.

The number of people required depends on how much data we need to bring in. If we have a lot of data and a variety of systems, more people are required. If we are just focusing on a singular system, one person can do the job.

In an enterprise environment, there are a multitude of systems and monitoring requirements. Usually, there is a team onboarding data and setting it up. 10-15 people are a good choice for a big enterprise, like a banking client.

It is more of a premium product. I do not have much visibility into pricing because it is taken care of by high-level enterprise customers. I just ask for the license that I need and they negotiate. It all happens between Splunk and the company. I know that it is expensive, but I do not think there is another solution that can do similar things for that price.

To someone who already has an IT alerting and incident management solution but is considering switching to Splunk ITSI, I would say that it will add value to their organization. It can reduce a lot of noise. I would suggest going for it, but it should be the right implementation. You should have knowledgeable people to implement it from the beginning.

It is not something that you just buy and switch on and will start working. It needs a lot of configuration and proper configuration to make it run properly. That is an important part for Splunk ITSI. It is not just the product. The person who is implementing it should be very good. Then only its value can be seen. Otherwise, you have the application but may not get the right value out of it.

Overall, from my experience, I would rate Splunk ITSI an eight out of ten.

We use the solution for intelligence. For example, if I have a website that sells games, it might have a lot of things like databases, servers, et cetera. I can see how many users have logged in, what purchases can be made, and so on. Splunk provides the logs to see all of the data for all actions on the site. I can see things on a technical level, like how CPUs are performing.

I can see things in real-time, and it's based on real data. This is the advantage Splunk has. There is complete visibility and I can monitor KPIs as well.

I can look at how my database looks, how my sales look, et cetera, and all metrics are in one place.

There's machine learning as well, including anomaly detection. You can look at and understand the date very easily. It helps us provide a complete understanding of business so that I can understand anomalies better and watch the daily data. It gives me alerts in which I can take a deeper dive.

I have a ticketing system. If I have a Splunk power user, they can look at the data and create a ticket for future inspection. People can correlate and collaborate on the same ticket.

Basically, everything you need you can find on Splunk. You can also create custom actions. 

We can do actions right on the Splunk UI. 

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

If you are using Splunk ITS and Splunk Enterprise Security, you have to run different searches. You cannot run both on the same server. You can bifurcate it however you want, however.

The license cost is expensive. When I want a premium application it's extra. I need to pay for this on top of my base license. 

We'd like to see more use of artificial intelligence. There's no easy knowledge-base bot. It would help if they had a ChatGPT-like AI that could show them the knowledge base information they could use to address tickets.

I've used Splunk as a product for about five years. 

The solution is stable. 

The solution can scale. I'd rate it seven out of ten. There are some requirements on the backend in terms of scaling. If you want extra storage, it will cost more money. If you are adding a new server you will have to go and configure it and then you have to restart everything, so there may be downtime. 

I've contacted technical support. They were good in terms of experience. The cloud support is excellent. 

Positive

I did not previously use a different solution. 

You can install the solution on-premises or on the cloud. If you want to send the data to your own on-premises environment, you can do so.

I was involved in the initial deployment. The setup was very straightforward, however, the requirements gathering can be complex, as well as gathering the KPIs and developing an understanding of requirements. You need someone who has a complete understanding and a holistic view of the environment. 

How many people you need for the deployment depends on how big the infrastructure is, what you want to monitor, and the timeline you have.

The on-premises deployment requires maintenance as you have to monitor the server. The cloud requires less maintenance. 

We tend to implement the solution for our customers. 

The solution can be costly. You have to have a fixed license. It's very difficult for people to know beforehand how much they will be charged. 

We're Splunk partners. 

For someone who already has an APM solution and is considering switching to ITSI, I'd advise them to look at the licensing and their budget and to consider where their APM is currently lacking. If you aren't getting the alerts you need or you can't see how your infrastructure looks, it might make sense to switch. They need to be aware, however, there will be an extra cost.

Secondly, if you can't see the logs in your application and can't fetch the logs, for example, if you are on Dynatrace, and Dynatrace does not provide your login analysis, you can just go and write a query. However, it depends on what your end customer needs as well. If they need good dashboards and they need flexible dashboarding, to which you can add images, and customize the way you want, you may need something more robust, like Splunk. We were able to pull it off using Splunk ITSI as it gives you very easy-to-customize dashboards. 

To someone who's considering a point monitoring system instead of ITSI, I'll say that, depending on your infrastructure, it might be a good idea. If you have less data, and you can manage with the manual alerts, you're fine. However, if you're wasting a lot of time with the alerts and get a lot of alert noise, that means you can be missing major alerts. For major infrastructure, it's a good idea to have ITSI.

You need a minimum of 14 days before seeing time to value. 14 days is required in order to be able to use the complete solution. That allows the system to get good at anomaly detection. 

I'd rate the solution eight out of ten.

I use the solution in my company for event management and areas consisting of episodes.

Splunk ITSI (IT Service Intelligence) has helped our organization correlate events into episodes.

The most valuable feature of the solution is event analytics, and it is because that was our core function when we moved from NOC to IBM Netcool Network Management and then from IBM Netcool Network Management to Splunk ITSI (IT Service Intelligence).

The main benefit I have experienced from using Splunk ITSI is that it has been helpful to have one consolidated tool.

My organization monitors multiple cloud environments using the product. In terms of the ease or difficulty one may have when trying to monitor multiple cloud environments, it is tricky. You have to learn and test things out.

It is important for our organization that Splunk ITSI (IT Service Intelligence) provides visibility into our cloud-native environment, but I would say that it is done in the dev and production environments.

Splunk ITSI (IT Service Intelligence) has helped us with the organization's business resilience. My impression of Splunk's ability to predict, identify, and solve problems in real-time, is that with the new AI feature set coming in, users can apply that logic to the episodes.

I have experienced cost efficiencies by switching to Splunk ITSI (IT Service Intelligence). The doc suggests that too has one pane of glass to go into the system and do automation straight from one page because they get hit with thousands of alerts and alarms every day, and we try to correlate that to a simplistic event.

I have experienced time to value using Splunk ITSI (IT Service Intelligence) over a couple of months.

Splunk's unified platform helps consolidate networking and IT observability tools but not security because our company is not in that space. The consolidation of tools impacts our organization since I feel it is easier to have fewer tools than more.

The dashboard function inside the individual episodes, not at the ITSI Notable Event Aggregation Policy level but actually at the correlation search layer, is an area where improvements are required.

In the next release of the tool, the product should offer a dashboard ID in the correlation search.

I have been using Splunk ITSI (IT Service Intelligence) for five years.

In the early days, the Java-based engine was kinda buggy, and some of the interfaces for Splunk ITSI (IT Service Intelligence) and event analytics needed to feel new and not outdated. It still kinda feels outdated, and I feel like Splunk hasn't really put a lot of thought into such a specific area in the last few years.

The solution's scalability is fine.

The solution's technical support team is okay. For most of the stuff I escalate, I have to always wait for a response from tier-two or tier-three level support.

I am used to solving stuff myself and providing a lot of debugging as to what tier-one or tier-two level support would do, and by the time I get to the aforementioned spot, I see that I have to wait and explain a lot of cycles because I am doing the same research as level one or level two support. I rate the technical support a five out of ten.

Neutral

I have experience with Tivoli Netcool, which is a legacy event system from IBM that has the same or similar approach as Splunk ITSI (IT Service Intelligence). I saw that Splunk ITSI (IT Service Intelligence) provides the same features as Tivoli Netcool.

When it came to the deployment part, Splunk's professional services did not know much of what our company needed, considering the level that we were expecting from the product. I come from a telco background where the company used to deal with 1,00,000 alarms a day, and event analytics wasn't something that was really built for it in the beginning when I first deployed it. There were a lot of learning curves that I had to go through to deal with the tool. As I continued to grow with the product, I started pitching probably around 20 ideas at a time to the team, and a lot of my ideas actually made it to Splunk's GA launches. I worked with Isha, Ross Wilkinson, and another person who was right in the middle between them. Though I had spoken to the senior VP of a particular sector and pitched the idea of using Fandom for IT automation, it eventually died out.

The solution is deployed on an on-premises model. I use the cloud services from AWS.

Splunk directly helped with the product's deployment.

I have experienced an ROI using the tool, considering the efficiency it offers so that we do not have to take care of certain functions.

Pricing was pretty good, and it is possible to just add on the features we want.

I considered Resolve systems for automation and a tool named Moogsoft. Moogsoft has a lot better visual capabilities and looks better than Splunk ITSI (IT Service Intelligence) when it comes to event analytics. I am hoping that with a better dashboard, Splunk ITSI (IT Service Intelligence) can build a better UI layer.

I feel like there is a lot more that can be done in the tool, but I don't know if it is going to be a dying product or if Splunk Observability will try to take over some of the core functions of Splunk ITSI (IT Service Intelligence).

I rate the solution a seven out of ten.

We use Splunk ITSI to collect the infrastructure metrics and visualize them.

Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red, indicating an issue, clicking on the corresponding service will take you to the server for further investigation. Splunk ITSI can also automatically trigger incidents for critical issues, allowing your support team to resolve them quickly.

It has significantly improved our incident management process. Previously, we relied solely on a service indicator that simply displayed the service status. If the indicator turned red, we would then manually create an incident report. Now, we've implemented static thresholds that automatically trigger incidents to be added to our queue. This is a major advantage.

Splunk ITSI has reduced our alert noise by 30 percent.

Since implementing Splunk ITSI, we've significantly reduced our mean time to detection. Previously, we relied on receiving incident reports, which caused delays.

Splunk ITSI has reduced our mean time to resolve.

We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.

In Splunk ITSI, thresholds automatically trigger incidents when a service value falls below the threshold. This prevents us from automatically triggering alerts for situations where the service value is within the acceptable range. We've identified this as an issue with the ITSI product and are working with Splunk for guidance on how to implement the desired behavior.

While the overall Splunk documentation is detailed, the documentation for specific premium apps, like Splunk ITSI, is more brief.

The technical support has room for improvement.

I have been using Splunk ITSI for one year.

I would rate the stability of Splunk ITSI nine out of ten.

Splunk ITSI is a scalable solution, meaning it can handle increasing amounts of data and users as our needs grow.

We experience occasional delays in receiving solutions from Splunk technical support. Splunk's support for P3 cases seems inadequate, as they frequently switch support personnel. For instance, in a single P3 case, we had three different technical support representatives assigned. We were ultimately forced to escalate the issue to our account manager to get it resolved. In essence, we never receive complete support from a single point of contact; instead, the support team keeps changing, necessitating us to explain the problem from scratch each time.

Neutral

The initial deployment is a straightforward process. However, the time it takes can vary depending on whether we're installing for the first time or performing an upgrade. For a first-time installation, Splunk ITSI typically takes around 30 minutes. Upgrading an existing installation requires additional time to clean up previous configurations; this process usually takes about 40 minutes to complete.

Two people were involved in the deployment.

We are using Splunk Enterprise software. We contacted Splunk to demo ITSI, and we were impressed with its functionality and the included options. Therefore, we decided to try ITSI exclusively and did not evaluate any other vendors.

I would rate Splunk ITSI eight out of ten.

We're currently working on implementing adaptive thresholds. This functionality would analyze service trends over the past seven days automatically set thresholds and generate incidents based on that data. Successfully implementing this would be a significant achievement, but we're encountering some technical challenges. We've opened a support case with Splunk to address these issues, and we're hopeful for a resolution within the next few weeks.

We have around 150 people using Splunk ITSI.

Two people are responsible for the maintenance of Splunk ITSI in our organization.

I would rate the resilience of Splunk ITSI nine out of ten.

In my experience starting my career with Splunk, I haven't encountered any marketing tools that can quite compare. Splunk offers a comprehensive set of features and well-organized documentation. The detailed and clear documentation that Splunk provides is something I particularly appreciate.

I recommend Splunk ITSI.

Splunk ITSI is used to analyze data and create alerts. This helps us to maintain our security best practices.

Our organization was looking for a security monitoring tool. I use Splunk ITSI as a monitoring and security tool. It helps me to protect data and prevent malware and hackers from accessing my environment. Splunk ITSI can be used to protect our role and infrastructure. It can also provide insights into how and what is helpful within our infrastructure.

Splunk ITSI provides great end-to-end visibility into our network environment. It can identify the exact root cause of an issue without any additional troubleshooting on my part.

Predictive analytics is valuable for preventing incidents before they occur because it allows me to see when the data stopped being indexed, which saves me time from having to investigate.

Splunk ITSI makes it easier to secure our entire infrastructure. Before Splunk ITSI, our environment was chaotic.

Splunk ITSI streamlines our incident management by providing a financial report of all applications in our environment.

Splunk ITSI has helped us reduce alert noise. After configuring ITSI, we set certain parameters based on our alerts. These alerts are the conditions that ITSI uses to automatically reduce noise.

Splunk ITSI helps to reduce our mean time to detect by monitoring key performance indicators such as CPU overload and the percentage of use revenue trend. On average the automation has reduced our mean time to detect by five minutes.

Splunk ITSI significantly reduces our mean time to resolve because most of our time was previously spent troubleshooting. With ITSI, we don't have to troubleshoot at all.

Splunk ITSI can help reduce downtime, but the extent of its effectiveness depends on how it is implemented.

Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.

Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.

The data recovery has room for improvement.

I have been using Splunk ITSI for three years now.

Splunk ITSI can be deployed on-premises or in the cloud. However, we typically deploy it in the cloud because of the available services. These services do require a lot of permissions.

Splunk ITSI is stable.

Splunk ITSI is scalable.

The quality of support depends on the individual use case and how we configure the solution.

Positive

Splunk ITSI can be installed remotely or manually. The deployment time depends on the operating system being used to deploy the solution into the cloud. Once ITSI is deployed, I can perform a ROM test through the CI/CD pipeline.

Splunk ITSI's visibility into our environment provides good value to our organization.

Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use.

I give Splunk ITSI an eight out of ten.

Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage.

Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI.

Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

Splunk ITSI is our platform for data ingestion from various sources. We leverage it to manage Kubernetes configurations, licenses, reports, dashboards, and user permissions. Additionally, we utilize ITSI for field extraction and data model retrieval.

We successfully integrated Splunk ITSI with ServiceNow. The integration process was straightforward. We downloaded the Splunk Integration application from the ServiceNow app store and configured the ServiceNow account using the provided URL, username, password, and authentication method.

Splunk ITSI offers end-to-end visibility through a centralized admin console. This console allows us to monitor all aspects of our system, including indexing performance, daily resource usage, CPU utilization, and insights.

Splunk ITSI has helped our organization save time. We saw the benefits within the first three minutes of use.

We saw time to value within minutes of using Splunk ITSI.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services. We had to manually deploy a script to resolve this issue.

I have been using Splunk ITSI for three years.

Splunk ITSI is stable.

Splunk ITSI is a resilient solution able to recover quickly.

Splunk ITSI is scalable.

The technical support team is great. They've helped troubleshoot our issues. Once we raise a ticket, we can continue the process using a DLL file.

Positive

The initial deployment is straightforward. The setup is automated.

Five people were required for the deployment.

The implementation was completed in-house.

The licensing is based on data usage.

I would rate Splunk ITSI eight out of ten.

I recommend Splunk ITSI over other APMs because we can monitor everything from a single console.

Splunk ITSI is deployed across multiple locations.

No maintenance is required for Splunk ITSI.

I have used Splunk ITSI to build a lot of glass tables and set up thresholds. We have also used MLTK for machine learning, predictive analytics, and anomaly detection. We use MLTK, which is an external application. We can get notified of issues well before the time to take proactive action.

We use core Splunk and Splunk IT Service Intelligence. It is a multisided cluster environment. Whenever the customer wants glass tables, notable events, or to set up some alert notifications, the product has helped our organization. We can set up our own threshold activities. We can also add ad-hoc searches in the solution. We can get the data of the indexes and alerts tracking by writing a search query.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

If the product had some prebuilt machine learning features, it would add value to our use cases. It would be very good if the product had some in-built predictive analytics and future forecasting features.

I have been using Splunk for almost four years.

The support depends on the licensing we use. There are different licenses available based on the volume and vCPUs. We use the license based on vCPU. It depends on how many virtual CPUs we use. It would be good if Splunk could give on-demand support.

Whenever we raise a support case, the support team follows the SLA and gives us a response. Sometimes, companies will also have on-demand support based on the support credits. Companies generally expect support persons and engineers to join the Zoom sessions when P1 and P2 issues arise. The support team takes a long time to join the meetings at such times. If we can have an engineer join the Zoom sessions right away, it would be helpful for the customers. The support team needs to respond quickly to P2 issues.

We had a P3-level case with a severity level of S2. It was a corrupt bucket issue. The case was in open status for six months. Generally, we don't need six months to fix a corrupt bucket issue. If the support case had been escalated to a higher-level engineer with advanced knowledge in debugging the issues, it would have been easier and would have taken less time.

Neutral

We have been using Enterprise Security. It is for intrusion detection and threat intelligence. It helps our enterprise security team to find vulnerabilities and take proactive actions. We started using Splunk IT Service Intelligence because it gives us some good topology if we build glass tables based on our data. The product provides us with service intelligence.

The deployment process is straightforward. It is the same as core Splunk. The solution uses summary indexing, itsi_tracked_alerts, and itsi_summary_metrics indexes. We must ensure these indexes are available and have a good retention policy.

Our customers have seen improvements in resilience and cost.

It would have been good if the product cost was much lower.

We chose Splunk over other vendors because it is much more reliable. We have done a POC to test how well the tool can help the customers and provide good value to their business. We have used other products like Elasticsearch and Cribl. However, we feel that Splunk is better. Log monitoring is very important to customers. Other log monitoring tools are not user-friendly and flexible. It is also not easy to write search queries on them. However, it is easy to write search queries on Splunk. It also has bucket lifecycles. It is easier to have a centralized repository to maintain and use the data.

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. 

We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features.

It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective.

The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%.

The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations.

We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten.

If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds.

Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects.

We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release.

Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor.

Overall, I rate the tool an eight out of ten.

We use the solution to monitor throughout the enterprise. We get alerts and create incidents and use it in our ticketing tool. 

We have set up alerts so we can effectively monitor our infrastructure. Even small alerts the users face we can monitor. 

We started small with a few users and once we saw the visibility we could achieve and the performance of the solution, we rolled it out on a larger scale. 

The analysis and KPIs it provides are very useful. We can create episode monitoring. 

The service analyzer is quite useful. 

Its end-to-end visibility is very good. We can get to the root cause of troubleshooting. It makes the process easier. Troubleshooting happens very quickly - and that means we have less downtime. 

We use the predictive analysis capabilities. It plays a major role as it allows us to act faster. 

Our response time is almost instant. We can create alerts and check reports. It checks everything in real-time so that we can jump into action much faster.

It's helped with incident management. It's helped us reduce incidents while improving performance and visibility. It reduces the amount of work we need to do as well. We've likely reduced work by 30% or so. 

Since it's reduced alerts, it's reduced alert noise. We do have triggers for alerts, and we can shortlist them and troubleshoot the ones that create the most noise. 

Our performance metrics have improved. Alert noise has dropped by 60%. We've been able to maintain everything much easier. Handling the infra is simpler. 

Our mean time to detect is down to 5 minutes. That's down from 15 to 20 minutes in the past.

We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future. 

From a predictive analysis point of view, we'd like to see emails corresponding to the alerts we get. That would be an added benefit. 

I've been using the solution at least 2 years. 

Every time we upgrade, we do find some issue, however, it does get resolved. Overall, I'd rate stability 9 out of 10. Most of the time, it's stable. 

We have two to three people using the solution. We have the solution across multiple locations. 

The solution is very scalable. 

Technical support is very good. I'm satisfied with the level of knowledge the techs have and the response time. 

Positive

We did not use any other solutions. 

The initial setup is not complex. I'm not sure exactly how long it takes to implement as it was already in place when I began.

There is some maintenance required. You may have to run regular upgrades. 

We've seen an ROI in the lack of downtime, which has improved by 80%.

I don't have any visibility on the cost of the product.

I'm a Splunk customer. 

We don't have Splunk integrated with any other solutions. 

For someone who already has an APM solution, but is considering switching to Splunk ITSI, I'd advise them to take a look at it against other solutions. However, Splunk is very, very good. It's likely to help any organization. I'd recommend it over a different monitoring solution. It eliminates much broader downtime and allows teams to act on alerts faster. 

resilience is very important to us and Splunk helps us maintain that. It's very reliable. 

I'd recommend the solution to others. 

It's a good idea to go through the documentation so that everyone is on the same page with the setup.

I'd rate the solution ten out of ten.