Splunk ITSI (IT Service Intelligence) Reviews

I use Splunk IT Service Intelligence (ITSI) for SIEM.

Splunk IT Service Intelligence (ITSI) is a very good tool.

Splunk IT Service Intelligence (ITSI) is superior to QRadar in my opinion. We can get results with the help of Splunk.

Splunk outperforms IBM QRadar in terms of functionality.

The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards.

I have been working with Splunk IT Service Intelligence (ITSI) for one year.

Splunk IT Service Intelligence (ITSI) is a stable solution.

I have never contacted technical support.

I have worked with IBM QRadar, Splunk, and Sentinel.

People say that IBM QRadar is easier to implement as well as to query things.

The initial setup is straightforward. It is very easy to implement.

Splunk pricing is high.

I was exploring LogRhythm, and multiple SIEM solutions, because we wanted to purchase a SIEM tool.

Definitely, I would recommend this solution to others who are interested in using it. Splunk should be used because it provides a better solution in terms of SIEM as well as reporting. If you want to use that tool for reporting purposes, it is a fantastic tool. You only need to create a query to get started.

I would rate Splunk IT Service Intelligence (ITSI) an eight out of ten.

Our use cases for Splunk ITSI have been created around our critical services like payment gateways.

Splunk ITSI lacks out-of-the-box solutions for enterprise users. Currently, everything needs to be created from scratch.

In their next release, Splunk should offer API integrations with products like ThousandEyes, and AppDynamics, or some other network monitoring tools or dashboards. 

I have been using Splunk IT Service Intelligence for two years.

Splunk ITSI is stable. We have less than 24 technical staff.

The solution is easy to scale. All you need is to procure another license from Splunk and add new users.

Our company has approximately 500 users of Splunk ITSI.

Technical support from Splunk is very good. I would rate them a five out of five for service and support.

Positive

The initial setup of Splunk ITSI is simple.

The pricing of Splunk is a bit high. I would rate it a four out of five when thinking about the affordability of the solution.

I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms.

Overall, I would rate Splunk ITSI an eight out of ten.

The primary use case of this product is for infrastructure monitoring, and involving machine learning with IT-related scenarios.

The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity.

It's flexible in terms of capacity and different sources, which is very good. You can build reports, alerts, and dashboards very quickly.

It offers comprehensive visibility and integration with the applications in the Splunk base, where you can find more than 2000 applications and most of them are free. 

It allows you to integrate with the leading vendor's software and hardware. Through these applications, you can extend the capabilities of the platforms.

You can get the pre-built dashboards and connectivity to many deeper elements with the product. For example, for Palo Alto firewalls, VMware, and all of the main vendors, it is easy to extend this on your own. 

The Splunk community will add knowledge as the documentation is very comprehensive, and has a Q&A site. 

You can store the entire data and keep it saved from different sources. The schema is only defined as soon as you ask the question and you do the search.

On the IT side, machine learning has the ability to analyze patterns in the data and predict events according to the trends. It can detect anomalies and display them on dashboards with the ability to drill up, or down to the specific elements or a specific event.

Splunk stores the data collectively, meaning that the same data can be used by different departments in the organization. It avoids the silo structure that is very common, unfortunately. Many organizations including big enterprises generate large amounts of data and the ability to collect it centrally with all of the different parts of the organization, with different access to the same data is very helpful.

The problem becomes the price, as Splunk is an expensive product. In some regards, it's not a large issue because when you compare apples to apples and not look only into the price tag, but, look at the infrastructure, the platform,  office time, and the people that you need to operate the other products, you will see that it's not necessarily an expensive product. It may even be cheaper than the others when looking at the bigger picture.

I have been using this solution for four months.

It's a stable tool.

This solution is scalable and it's up and running very quickly.

With technical support, there is a strict SLA that is published. It's public and except for one case, which was very nonstandard and not according to best practice, usually, it's very good.

I came from a different background. I was not selling any other product before Splunk.

It's very intuitive. The language is rich.

The return on investment is very quick. As soon as your implementation is complete, adding new data sources is fast. It's intuitive and if you know how to use it, you can get value within days.

I would prefer that the price be reduced, as it would be easier to implement it and to sell it.

Splunk is an organization that identifies the needs in the market.

They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx.

If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want.

The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible.

In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data.

It can be extended to whatever size they need and they can eliminate the need for usage of all other tools. 

A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision. 

What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments."  Splunk is Splunk.

It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you.

Many are not aware of the solutions that are available to them.

I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product.

I would rate this solution a seven out of ten.

We are a solution provider with many technologies. We use Splunk to customize solutions with Splunk. For example, we try to give our customers a great visualization experience. And sometimes we develop on the Splunk platform, like JavaScript, to provide the customers a better visualization. We also implement ITSI. In-house we can implement Enterprise Security.

We can customize the visualization. For example, if the customer wants to have a better visualization experience, we can develop it on the front-end of the platform in order to provide a better user experience.

The flexibility to develop and consolidate many solutions into one platform is great. We've portrayed many parts of the solution in order to provide complete solutions. We can develop various parts that customers desire into Splunk platform due to the fact that it is so flexible and does allow for customization and specific tweaks.

Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal.

We've been using the solution for a while. We implement it for clients.

The solution is great in terms of stability. It doesn't have bugs and it's not glitchy. It doesn't crash or freeze. It's rather reliable.

The scalability is great. We can scale horizontally, meaning we can deploy a small solution, and if, according to the needs, it needs to expand, it can horizontally do so. 

We implement Splunk to our clients, and they all vary in size. We've implemented it to banks and in places where there are more than 500 users on Splunk. Some of the implementations were sizable.

Typically, implementation is complex initially. Splunk is easy to set up when you are looking at the basics. When you're looking for advanced configurations or advanced development it's never easy but it's possible.

We are a Splunk reseller. We're consultants. We use Splunk to develop a solution for our customers and therefore use multiple deployment models.

Overall, on a scale from one to ten, I would rate this solution at a ten.