2020-07-19T08:15:55Z

What advice do you have for others considering Splunk ITSI (IT Service Intelligence)?

Miriam Tover - PeerSpot reviewer
  • 0
  • 0
PeerSpot user
17

17 Answers

Nagendra Nekkala. - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-12-20T11:51:00Z
Dec 20, 2023

Choosing IT Service Intelligence (ITSI) over other vendors is a superior option now, as it operates on a data platform capable of efficiently collecting and managing large volumes of machine-generated data. It would greatly support the utilization of proper predictive analytics due to the capability to preemptively prevent incidents ten to twenty minutes in advance. Overall, I would rate it eight out of ten.

Search for a product comparison
Dishank Saxena - PeerSpot reviewer
MSP
Top 10
2023-11-15T20:35:00Z
Nov 15, 2023

We might be partners with Splunk. It's readily available. You don't have to wait very long to witness the benefits of the solution. I'd rate the solution seven out of ten. If you are looking for an AI solution alongside APM, use a platform with everything in place. However, if you still want to go for a dedicated AIS platform, make sure it integrates with your existing logging and APM tools. However, my position is that it's better to use one platform for the entire opportunity.

TO
Consultant
Top 20
2023-10-20T12:14:00Z
Oct 20, 2023

I would rate Splunk ITSI eight out of ten. The visibility is good, but the issue we are interested in is split into different factions in some parts. Currently, we are not using ITSI to its full potential. The organization is enterprise-scale, which is huge. It is therefore very difficult to implement some of the ITSI best practices because we have so many different areas, each doing things differently. Standardization is difficult to achieve because everything is so massive. We could better use ITSI to its full capacity, but that is on us. However, I think it would work much better if it were a bit smaller in scale. Cost is definitely a concern. Splunk can be quite expensive, especially if we are tied into a contract. However, it offers more features and capabilities than other solutions. I don't have a lot of experience with Splunk, but the way it aggregates data is very good. It can also parse and strap data, and search and operate on the data that is sent in. This is also very good. I suggest cleaning up the data before sending it to Splunk. This will make it easier to get real-time monitoring of the data needed. We pay for ingestion and storage, so it makes sense to only send in the data that we need. Splunk is a very good tool to use for building and operating real-time analytics dashboards. It has very good visualization, data separation, and real-time analytics capabilities. It can also create very complex queries that can do a lot. We have over 50 users spread across the organization, and we implement around 100 or more services. Each service may have a tech lead in x and y and an architect in z. Therefore, Splunk ITSI reaches out to many different people in those departments. Splunk Cloud takes care of all the maintenance. We simply open a case and they implement any new version as needed.

Andrew Mahoski - PeerSpot reviewer
Real User
Top 10
2023-07-20T02:10:00Z
Jul 20, 2023

I would rate Splunk ITSI a nine out of ten. Not a ten because the learning curve makes it tricky.

DV
Real User
Top 20
2023-07-20T01:39:00Z
Jul 20, 2023

I would rate Splunk ITSI an eight out of ten.

SA
Real User
Top 20
2023-07-19T01:12:00Z
Jul 19, 2023

Our clients monitor multiple cloud environments. We get data from different third-party clouds like Google Cloud, Microsoft Azure, or AWS. Sometimes, we also use Snowflake. Customers mostly try to build out their own dashboards and knowledge objects. They use Splunk IT Service Intelligence to be notified about any exceptions or critical issues. We cannot integrate the product directly with the cloud applications. First, we have to integrate our core Splunk with different clouds. We must first integrate add-ons using Splunkbase, a REST API mechanism, or an HTTP Event Collector (HEC) mechanism into core Splunk. Then, we can use the same ad-hoc search in Splunk IT Service Intelligence to get proper glass tables and results. It's easy to monitor multiple cloud environments using the solution, but we could directly integrate with it if it had the right integration features. It is important for our organization that the solution has end-to-end visibility into our cloud-native environment. In today's world, most data goes into the cloud. Every organization wants to move the data to the cloud so that it would be more reliable and they can get the data easily. It's less cost-effective as well. So, most organizations are going to the cloud. It's really beneficial and important to the customers because they can easily get the data from the cloud and perform cost optimizations. Managing cloud-native environments with the solution is cost-effective. The product has definitely helped reduce our mean time to resolve by 70%. If it has built-in machine learning or artificial intelligence techniques, it will be helpful to reduce the remaining 30%. The tool has helped improve our customer's business resilience. Different SIEM applications and tools are available for enterprise security in today's world. Splunk's next version will have enhanced SOAR features. It will be useful if the product has additional features to help customers and organizations. We used the MLTK app from Splunkbase and deployed it in Splunk IT Service Intelligence. It helped us to do predictive analysis, forecasting, and anomaly detection. It helped us gain some insights. I rate the tool's ability to provide business resilience a seven out of ten. If we have a Splunk add-on for Unix and Windows, we can use those add-ons in our core Splunk to get the base monitoring, like OS metrics. For these things, Splunk has PowerShell scripts. It runs every five minutes. So, it is not in real-time. Every organization would need real-time monitoring. The product should provide these features in real time. For OS metrics, we use custom thresholds. Our customers see time to value within seven days. We implement Splunk with minimal architecture, like two deployment servers, two heavy forwarders, four indexes, and three searchers. We initially had the search factor as two and the replication factor as two. We had very little data initially. We tested in our lower environment with the POC and found the data the customers wanted to see in Splunk. It was helpful for the customers. They can find the exceptions, write their own search queries, and build their own knowledge objects. We get different types of security management tools in the market, like Enterprise Security, SOAR, and Phantom. The product brings a lot of value to the customers. It gives a lot of insights into notable events and predictive analysis. It also has a good dashboard. I expect the solution to provide enhanced features in the upcoming release. Attending Splunk conferences provides us with an opportunity to interact and get more details on the products from different vendors. More than 1,000 vendors attend the conferences. The more we interact with the vendors, the more insights we get from them. It is also helpful to build relationships with the vendor. Overall, I rate the tool an eight out of ten.

Learn what your peers think about Splunk ITSI (IT Service Intelligence). Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Jamiu Olaide - PeerSpot reviewer
Consultant
Top 10
2023-07-04T09:21:00Z
Jul 4, 2023

I rate Splunk ITSI an eight out of ten. Anyone who is considering a point monitoring system instead of Splunk ITSI should know that with ITSI, we gain access to several other features. Even just with the service analyzer, we can observe our KPIs and identify their affected components. We can determine which settings are causing the issues and make informed decisions, such as trying alternative options. We can also evaluate if a particular KPI has significant importance, as it has a substantial impact on the overall order of operations. This provides us with a detailed perspective in terms of data and other relevant aspects. While it may not offer a purely granular view, having everything consolidated into a single interface is extremely convenient. Working with ITSI requires a considerable level of willingness and experience. However, as we are transitioning towards various new tools, including the ability to easily integrate plug-and-play devices, the only issue with ITSI might be the initial setup. Once we have it implemented, we will have the capability to accomplish all our desired tasks. The way Splunk sells ITSI is not the way we use it. We can make much better use of ITSI. The most important aspect, in my opinion, of ITSI is the episode review. For instance, when we encounter an issue that is not immediately visible, how can we evaluate that aspect? Therefore, ITSI is beneficial. From my perspective, we need individuals to sit down and explain how it works, as it can be confusing initially. However, once we have a clear understanding, it works well. In my organization, my team is the only one working with ITSI. We handle all deployments, and typically, we deploy on public cloud infrastructure such as Azure, AWS, and GCP. Nowadays, most deployments are cloud-based. Additionally, with the rapid growth of Splunk Cloud, installation is not a concern as it is taken care of. Our focus is on the implementation if we choose to go the Splunk Cloud route. However, we still handle the installation process ourselves, so we need to ensure our preparedness in that regard. We have roughly 20 people in our organization that use Splunk ITSI. In the beginning, we need to ensure that the data we receive is valid. Once we have confirmed its validity, we can rest assured that the system will generate alerts, eliminating the need to worry about maintenance. I recommend Splunk ITSI for organizations that are interested in IT operations, monitoring, or analytics. By ensuring optimal utilization of Splunk ITSI, organizations can achieve a good return on investment that justifies the purchase.

VK
MSP
Top 20
2023-06-05T15:18:00Z
Jun 5, 2023

I'd advise learning the tool properly, understanding its capabilities, and utilizing it efficiently. One of our clients was paying hundreds of dollars towards the license, but they were utilizing it only for server monitoring. To someone who already has an APM solution but is considering switching to Splunk ITSI, I'd say that switching to ITSI is going to help them a little bit more. The grouping of the ticket to the users can be easily planned. It's not rocket science. It's easier compared to the other tools where you need to create a lot of configuration for that. The configuration has been segregated, which makes it easy for the applications team to set up their own monitoring and group them to avoid the number of tickets generated. You also have predictive analysis along with heat maps and glass tables, which aren't available in other APM tools in the market right now. Overall, I'd rate Splunk ITSI an eight out of ten.

JM
Real User
Top 20
2023-06-05T08:40:00Z
Jun 5, 2023

I give Splunk ITSI an eight out of ten. Splunk ITSI is a cheaper and easier-to-use alternative to APM solutions. Unlike APM solutions, Splunk ITSI also helps with application management, memory management, host log volume, and CPU usage. Our clients vary in size, with some using small amounts of data and others using terabytes of data within Splunk ITSI. Splunk ITSI maintenance involves updating the software and ensuring that it is compatible with the applications that it will integrate with.

PM
Real User
Top 5Leaderboard
2022-11-16T10:10:00Z
Nov 16, 2022

I would recommend this solution to all big enterprises that actually have live traffic, like banks or telecoms. Overall, I would rate Splunk ITSI an eight out of ten.

OA
Real User
Top 20
2022-07-18T07:45:22Z
Jul 18, 2022

We would rate this solution a ten out of ten.

NB
Real User
Top 10
2022-05-26T11:05:34Z
May 26, 2022

Splunk ITSI is fast and provides a lot of out-of-the-box integration. I would give this solution a score of eight out of ten.

Shashank Gahoi. - PeerSpot reviewer
MSP
Top 5
2022-04-25T09:34:57Z
Apr 25, 2022

Definitely, I would recommend this solution to others who are interested in using it. Splunk should be used because it provides a better solution in terms of SIEM as well as reporting. If you want to use that tool for reporting purposes, it is a fantastic tool. You only need to create a query to get started. I would rate Splunk IT Service Intelligence (ITSI) an eight out of ten.

MP
Real User
2021-01-31T06:56:23Z
Jan 31, 2021

We are a Splunk reseller. We're consultants. We use Splunk to develop a solution for our customers and therefore use multiple deployment models. Overall, on a scale from one to ten, I would rate this solution at a ten.

ML
Real User
2020-10-07T07:04:00Z
Oct 7, 2020

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult. On a scale from one to ten, I would give this solution a rating of eight.

reviewer1393194 - PeerSpot reviewer
Real User
2020-07-22T21:21:00Z
Jul 22, 2020

This is a powerful solution requiring configuration to meet your needs.

LG
Reseller
2020-07-19T08:15:55Z
Jul 19, 2020

Splunk is an organization that identifies the needs in the market. They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx. If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want. The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible. In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data. It can be extended to whatever size they need and they can eliminate the need for usage of all other tools. A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision. What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments." Splunk is Splunk. It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you. Many are not aware of the solutions that are available to them. I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product. I would rate this solution a seven out of ten.

Splunk IT Service Intelligence (ITSI) is a powerful analytics-driven monitoring and analytics solution that provides real-time insights into the health and performance of IT services.  It enables organizations to proactively identify and resolve issues, optimize service delivery, and improve overall IT operations. With its advanced machine learning capabilities, ITSI automatically detects anomalies, predicts future events, and prioritizes alerts based on business impact.  The...
Download Splunk ITSI (IT Service Intelligence) ReportRead more