We just raised a $30M Series A: Read our story

Splunk IT Service Intelligence (ITSI) OverviewUNIXBusinessApplication

Splunk IT Service Intelligence (ITSI) is the #16 ranked solution in our list of APM tools. It is most often compared to Dynatrace: Splunk IT Service Intelligence (ITSI) vs Dynatrace

What is Splunk IT Service Intelligence (ITSI)?

Splunk IT Service Intelligence (ITSI) enables IT and service leaders to prevent issues before they impact customers. Unlike traditional monitoring and analytics solutions that aggravate IT complexity, ITSI correlates and applies machine learning to all metric, event and trace data for 360 service monitoring, predictive alerting, and streamlined event management.

Splunk IT Service Intelligence (ITSI) Buyer's Guide

Download the Splunk IT Service Intelligence (ITSI) Buyer's Guide including reviews and more. Updated: September 2021

Splunk IT Service Intelligence (ITSI) Customers
TransUnion, Cox Automotive, Carnival Cruises, Leidos, Econocom, National Ignition Factory, Entrust Datacard, Molina Healthcare, United States Census Bureau
Splunk IT Service Intelligence (ITSI) Video

Pricing Advice

What users are saying about Splunk IT Service Intelligence (ITSI) pricing:
  • "I would prefer that the price be reduced, as it would be easier to implement it and to sell it."

Splunk IT Service Intelligence (ITSI) Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
LG
User at a tech services company with 201-500 employees
Reseller
Top 5
Monitoring and analytics with comprehensive visibility, is agile, and integrates well, but the price can be reduced

Pros and Cons

  • "The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity."
  • "The problem becomes the price, as Splunk is an expensive product."

What is our primary use case?

The primary use case of this product is for infrastructure monitoring, and involving machine learning with IT-related scenarios.

What is most valuable?

The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity.

It's flexible in terms of capacity and different sources, which is very good. You can build reports, alerts, and dashboards very quickly.

It offers comprehensive visibility and integration with the applications in the Splunk base, where you can find more than 2000 applications and most of them are free. 

It allows you to integrate with the leading vendor's software and hardware. Through these applications, you can extend the capabilities of the platforms.

You can get the pre-built dashboards and connectivity to many deeper elements with the product. For example, for Palo Alto firewalls, VMware, and all of the main vendors, it is easy to extend this on your own. 

The Splunk community will add knowledge as the documentation is very comprehensive, and has a Q&A site. 

You can store the entire data and keep it saved from different sources. The schema is only defined as soon as you ask the question and you do the search.

On the IT side, machine learning has the ability to analyze patterns in the data and predict events according to the trends. It can detect anomalies and display them on dashboards with the ability to drill up, or down to the specific elements or a specific event.

Splunk stores the data collectively, meaning that the same data can be used by different departments in the organization. It avoids the silo structure that is very common, unfortunately. Many organizations including big enterprises generate large amounts of data and the ability to collect it centrally with all of the different parts of the organization, with different access to the same data is very helpful.

What needs improvement?

The problem becomes the price, as Splunk is an expensive product. In some regards, it's not a large issue because when you compare apples to apples and not look only into the price tag, but, look at the infrastructure, the platform,  office time, and the people that you need to operate the other products, you will see that it's not necessarily an expensive product. It may even be cheaper than the others when looking at the bigger picture.

For how long have I used the solution?

I have been using this solution for four months.

What do I think about the stability of the solution?

It's a stable tool.

What do I think about the scalability of the solution?

This solution is scalable and it's up and running very quickly.

How are customer service and technical support?

With technical support, there is a strict SLA that is published. It's public and except for one case, which was very nonstandard and not according to best practice, usually, it's very good.

Which solution did I use previously and why did I switch?

I came from a different background. I was not selling any other product before Splunk.

How was the initial setup?

It's very intuitive. The language is rich.

What was our ROI?

The return on investment is very quick. As soon as your implementation is complete, adding new data sources is fast. It's intuitive and if you know how to use it, you can get value within days.

What's my experience with pricing, setup cost, and licensing?

I would prefer that the price be reduced, as it would be easier to implement it and to sell it.

What other advice do I have?

Splunk is an organization that identifies the needs in the market.

They see that it would take time to develop in-house, so they look into other companies that are doing the best at the stream and they simply purchase it and embed it into Splunk. Some examples are Phantom and the SignalFx.

If you want to make the best out of this product, you need to learn it. You will need dedicated personnel because there is a lot that can be done with it. In fact, there are practically no limits. You just have to have a good imagination and the sky's the limit. You can do whatever you want.

The language is very rich. It allows you very deep analytics and it's very fast. The ability to present the insights is very quick and it's adaptable and extendible.

In the last few years, the need to analyze data is increasing. There are many organizations that use 30 to 50 different tools. My advice would be to get to know the philosophy of Splunk. It is a centralized data platform that can digest any kind of data.

It can be extended to whatever size they need and they can eliminate the need for usage of all other tools. 

A problem is that sometimes their decision may not be made based on logic. If for example, the customer purchased a different solution a few years back and from that moment on, even with the product limitations and was a very good product at the time, it lacks a lot of functionality today. The organization already invested thousands of man-hours in this product, which is consuming a lot of resources within the organization. It's not a logical decision, it's an emotional decision. 

What I learned in business administration when I was in university was "Forget Splunk costs, this is the main rule when you are doing your assignments."  Splunk is Splunk.

It is very easy to work with startups with new organizations. A startup company is one thing but when you have already invested in many other solutions you need to rethink your strategy and the way you work with the data, the value of the data, and where you think that your data can take you.

Many are not aware of the solutions that are available to them.

I am not aware of any specific areas in which the product lacks. Splunk is not only a great product but also, as a company it really supports its users with the customer support program and all of the documentation they have available, all of the conventions that are arranged, meet the experts, case studies, use cases, and the YouTube channel. If others were exposed to these concepts they would think it was the right decision to go with this product.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
ML
Director INTS IT Resiliency at a financial services firm with 10,001+ employees
Real User
Top 10
Can predict incidents before they impact your customers

Pros and Cons

  • "We liked the built-in calculation of health scores."
  • "We also faced challenges relating to UI development."

What is our primary use case?

I work for the Royal Bank of Canada. I work in a group called Investor and Treasury Services IT. We take care of all the IT systems within the Investor and Treasury Services arm, which is a global unit. My role is to ensure that we have the visibility and capabilities to ensure our systems are resilient so we can resolve any problems that may arise very quickly, and move on. My role generally deals with everything from application performance management to maintenance automation. Overall, my single goal is to increase the resiliency of our applications and gain better insight into how our operations are working from an IT operations and application maintenance perspective. 

What is most valuable?

We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.

What needs improvement?

Something that we did find with the product (they may have resolved since then), had to do with the ability to contextualize the data sources. For example, we might bring in data for 50 applications from one source, but for each one of those applications, we would have to set up a different data source connection. Because of this, I had to set up one connection each for application A and then B and then C, rather than being able to set up one connection and then segregate the data coming in for those dashboards. That was probably the biggest challenge that we faced. We also faced challenges relating to UI development — being able to get the UI the way we wanted it to look performance-wise. Some of the customization levels of the UI just weren't there.

For how long have I used the solution?

We used this solution for roughly one year. We were in a POC state for about a year, but we decided not to move forward with the prospect as a whole. The organization didn't want to invest in the product.

What do I think about the stability of the solution?

The stability issues we experienced were not with the Splunk ITSI product itself. The biggest challenge that we ran into was getting good, consistent data. We're a very large organization; getting at some of the data can be very difficult, especially since a lot of the data isn't centralized in one area.

Overall, it's a very stable product. It ran really well during the time that it was up and running. We didn't have any production issues at all with it.

What do I think about the scalability of the solution?

We were running just a single instance, but we were pulling in data for about 250 applications.

How are customer service and technical support?

The technical support with Splunk is really good. We didn't have any issues. Now, part of that is, we are Royal Bank of Canada and because of that, we have a certain cache with the vendors and they tend to bend over backward to make sure that they take care of us.

I wouldn't say it's special for the Royal Bank of Canada, but I would say that like any other support, having the right relationship with the vendor makes all the difference in the world. With Royal Bank of Canada being the largest financial institution in Canada, the top 15 in the world, we're afforded certain privileges. A smaller IT operations shop is probably not going to get the same kind of visibility into the products as a company like RBC, mainly because when Splunk wants to advertise that they're doing something, they want to be able to say that they're doing it with RBC, not an unknown corporation down the street.

Which solution did I use previously and why did I switch?

No. We weren't using a different solution at all before; Splunk IT Service Intelligence was an opportunity area that we were looking into.

We had already had Splunk in our environment more than anything else. We've been running Splunk from a log aggregation and search perspective for about six or seven years now. When we were looking at what that next step looked like, it was just a natural evolution to move into ITSI.

How was the initial setup?

The initial setup was straightforward.

Deployment was relatively quick mainly because it was a POC. We didn't go through all the regular rigor that we would with a production application. So we were able to have it up and running in production in a matter of three to four weeks. That included provision of the service, which takes time within a large organization like ours. 

What other advice do I have?

My biggest piece of advice would be to make sure you have access to the data that you need and know what that data is. The product itself is going to do what it's going to do; there are no issues with that. However, it's gaining access to all those things in the background, that's the problem. If you're a smaller organization or you're highly centralized, getting access to that data may be really simple. For an organization the size of RBC, with the amount of segregation across the organization and the amount of division within the organization, it's more challenging. For this reason, our infrastructure partners use a different tool. They don't use Splunk, they use ELK. They're very much down that road, so getting access to data when the team that you're trying to partner with has a different solution, can sometimes be more difficult.

On a scale from one to ten, I would give this solution a rating of eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Splunk IT Service Intelligence (ITSI). Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
542,267 professionals have used our research since 2012.
reviewer1393194
IT Operations Manager at 3M Company
Real User
Top 10
Enables us to quickly identify what services are impacted by underlying infrastructure concerns

Pros and Cons

  • "The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate."
  • "ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance, while maintaining appropriate segregation of duties."

What is our primary use case?

We use ITSI mainly for IT Infrastructure Operations Monitoring. The service model health scores allow us to identify when KPIs are starting to impact our services and to proactively manage our environments. To date, we have leveraged this data within Splunk to enable alerting so that we can solve incidents in real-time, but we are growing into our usage of the ITSI model for predictive modeling of our environment. Our infrastructure includes commodity hardware, mid-range, mainframe, on-premise data center, and cloud offerings. (Please note that these views are my personal opinions and not those of my employer)

How has it helped my organization?

The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate. This flexibility also means that you need to gather a detailed understanding of your services, processes, and applications in order to build a useful model. ITSI is allowing us to more quickly identify what services are impacted by underlying infrastructure concerns.  

What is most valuable?

The health scores and glass tables are extremely valuable and useful. These provide flexible visibility options to convey the meaning of the big data analysis being performed by Splunk behind the scenes. Glass tables allow you to create graphical displays that convey critical meaning with a simple clean look and feel. The deep dive also provides the ability to dig into metrics and KPIs, which are useful to isolate the time frame involved and that should be focused on. Once in the deep dive, you can quickly identify the first KPI or metric to impact the health score and focus your efforts on it. 

What needs improvement?

ITSI could benefit from a security model that would allow operations team members to get involved in model building, KPI implementation, and model maintenance while maintaining appropriate segregation of duties. To date, all of our ITSI development is being done by our Splunk Admins, while our KPIs and much of the modeling work are managed by our Splunk developers. Future development of templates and ready to use add-ons could facilitate faster time to value, as many IT infra and even Packaged Application data models are consistent across organizations and could be plugged in easily. 

For how long have I used the solution?

I have been using Splunk ITSI for two years. 

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

It is extremely scalable, and can have high data storage costs. 

How are customer service and technical support?

Customer service has been very responsive to our needs. 

Which solution did I use previously and why did I switch?

No, we did not replace another solution with ITSI. We used it to enhance existing solutions. 

How was the initial setup?

The initial setup was fairly straightforward, but we had help from Splunk professional services. 

What about the implementation team?

We had help from Splunk professional services. They were extremely knowledgeable. 

What's my experience with pricing, setup cost, and licensing?

Which other solutions did I evaluate?

I was not involved in the evaluation for ITSI. 

What other advice do I have?

This is a powerful solution requiring configuration to meet your needs. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MarcosPereira
Splunk Consultant at Yssy
Reseller
Top 10
Stable with good customization potential and easily scalable

Pros and Cons

  • "The flexibility to develop and consolidate many solutions into one platform is great."
  • "Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal."

What is our primary use case?

We are a solution provider with many technologies. We use Splunk to customize solutions with Splunk. For example, we try to give our customers a great visualization experience. And sometimes we develop on the Splunk platform, like JavaScript, to provide the customers a better visualization. We also implement ITSI. In-house we can implement Enterprise Security.

What is most valuable?

We can customize the visualization. For example, if the customer wants to have a better visualization experience, we can develop it on the front-end of the platform in order to provide a better user experience.

The flexibility to develop and consolidate many solutions into one platform is great. We've portrayed many parts of the solution in order to provide complete solutions. We can develop various parts that customers desire into Splunk platform due to the fact that it is so flexible and does allow for customization and specific tweaks.

What needs improvement?

Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal.

For how long have I used the solution?

We've been using the solution for a while. We implement it for clients.

What do I think about the stability of the solution?

The solution is great in terms of stability. It doesn't have bugs and it's not glitchy. It doesn't crash or freeze. It's rather reliable.

What do I think about the scalability of the solution?

The scalability is great. We can scale horizontally, meaning we can deploy a small solution, and if, according to the needs, it needs to expand, it can horizontally do so. 

We implement Splunk to our clients, and they all vary in size. We've implemented it to banks and in places where there are more than 500 users on Splunk. Some of the implementations were sizable.

How was the initial setup?

Typically, implementation is complex initially. Splunk is easy to set up when you are looking at the basics. When you're looking for advanced configurations or advanced development it's never easy but it's possible.

What other advice do I have?

We are a Splunk reseller. We're consultants. We use Splunk to develop a solution for our customers and therefore use multiple deployment models.

Overall, on a scale from one to ten, I would rate this solution at a ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Splunk IT Service Intelligence (ITSI) Report and get advice and tips from experienced pros sharing their opinions.