Splunk ITSI has a lot of advantages. There are a lot of different aspects when implementing Splunk ITSI in our environment.

Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered. This automation can pass through the CI/CD pipeline tool, which helps to increase security.

I find the episode review, glass tables, and correlation search features very useful.

The root cause analysis is very helpful for us. 

There's one feature which is a prediction and detection feature that we have gone through. We are not thoroughly using it. However, for us, I would say that root cause analysis, problem detection, and anomaly detection are the most helpful features.

The end-to-end visibility of IT assigned to our network environment is great. The endpoint visibility is definitely helpful, and that is mainly for the application team. We can take a deep dive into the incident. In the everyday work that we do, we don't really use endpoint visibility since that is not required if we look at normal and general use cases. That said, when it comes to an incident during an outage, end-to-end visibility helps us deep dive or drill down to find out the root cause and how to make the platform better for the future.

The product has helped to streamline our incident management with end-to-end visibility. It helps in streamlining the incidents that are coming in. For example, for the authentication service that we have, users for certain regions are not able to authenticate completely. That likely means there's an issue with that region. That is an incident. In that case, I would look at endpoint visibility from the infrastructure to the end of the service call, including all the scans, tracing, and everything. Looking at it helps provide a resolution.

Our alert noise has been reduced.

Our main time to detect has been reduced as well. Previously, we used to take a lot of time getting to the root cause of what happened. We've been able to resolve this quicker, and our main time to detect has been drastically reduced. 

In addition, we've been able to reduce the time to resolve.

Alerts and episodes are valuable to me. These features put all notable events together and give us an opportunity to take action.

The most valuable feature is the Glass Tables. It gives you a nice, good overview of your KPIs. It's really slick and clean. 

Splunk's ability to predict, identify and solve problems in real time is excellent. We were able to see things we haven't been able to see before just because the data from multiple systems is so helpful.

Its ability to provide business resilience by empowering staff is excellent. Everybody wants to use it.

I like ITSI's service analyzer. We can integrate and group the service, then create multiple KPIs in the service analyzer we can monitor. We can use multiple connectors to get end-to-end network visibility. Many organizations prefer appliances, and we can completely integrate the appliance with the source to gain complex insights throughout the network.  

We are getting real-time insights from the service and the vendor and doing some projects using security analytics to check the path. We can monitor the behavior of an appliance or the organization and how they are using it. For example, you might see high usage on specific days and low usage on weekends. If we can identify patterns from this, it can help us predict the future.

Splunk ITSI is similar to Splunk Cloud, but it includes some additional features that are specifically useful for IT service management.

We still get the standard package with ITSI, including alerts, reports, and dashboards. However, ITSI also includes a feature called alerts and episodes, which is similar to an ITSM tool. This feature allows us to bring our searches to life and create service trees that focus on business context.

For example, if we create multiple services, we can arrange them in a tree structure. ITSI then uses a traffic light system to indicate the health of each service and its dependencies. This allows us to see the overall health of our IT environment at a glance.

ITSI also includes a powerful KPI system that allows us to create complex saved searches that power multiple different areas of our dashboard. This is very useful for tracking key performance indicators and identifying potential problems early on.

Finally, ITSI includes a feature called a glass table. This feature allows us to create visually appealing dashboards that display our KPIs and other data in a clear and concise way.

The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes. It promptly raises a red flag, signaling an effective early warning system.

The resilience it provides is invaluable. It ensures continuous application of rules, specifically for identifying notable events, and utilizes revision policies to configure hardware solutions into edge servers. This is essential for my operations to seamlessly proceed.

The glass tables are very helpful. The solution also provides topologies showing exceptions or criticalities whenever something goes down. It is very helpful for customers. The notable events, glass tables, and setting up thresholds are the most valuable features of the solution.

Every customer has a different need and their own customized threshold settings. Some customers need 99% as critical, and some need 80%. We can set the customized thresholds in the product and get the alerts.

The most valuable features are the mapping of the entities, which provides a comprehensive analysis, and the service analyzer for thresholding. 

Splunk Episodes are valuable because it correlates and aggregates all the information, and you do not have one million events to look at and triage, so it is quite convenient.

The compatibility is good.

The end-to-end visibility is okay. The only thing that is lacking is the application monitoring. We struggled with one use case where payments were failing and they couldn't understand if it was the infrastructure or bandwidth. The capability of recording any transaction is not possible in Splunk. You have to write your own scripts, however, it's not as user-friendly.

The predictive analytics are pretty good. I've seen people using it. That said, I'd say the admin needs a deep understanding of the infrastructure. It has a tendency to create noise. If you have a noisy system, when there's an alert, people tend to miss issues. 

Customers have noted the solution helps streamline incident management. At a single glance, there is a complete view of infrastructure. It's good for the customer on the technical side. Teams were able to map the availability of the system more accurately - up by 28%.

It's helped reduce alert noise. It can aggregate the alerts and just create an alert only when needed. From the UI, you can correlate the alerts using dynamic conditions (not just static ones).

We've been able to reduce the mean time to detect. It has a similar meantime to detect as Dynatrace. We've used it when there wasn't an existing system, and we would have had similar results with other tools in the market. It's helped with MTTR for sure. Previous to implementing Splunk, the mean time was one hour or so. Once we implemented it, the alert notification was automatically sent to people, so it automatically reduced the time to two to five minutes. 

The mean time to resolve has been reduced thanks to Splunk. 

The solution has been stable. It seems like a great solution. We have not gotten far enough with our application to see its benefits yet, but we are getting there.

The KPS used to automate the integration policy is the most valuable feature of Splunk ITSI.

One of the excellent features is the service analyzer, which is truly impressive. Additionally, we have the infrastructure review, which allows us to assess our infrastructure comprehensively. That is fantastic! Furthermore, the latest ITSI connects the new tenant we have for tenant management. This feature enables us to retire an entity instead of merely deleting it, and if needed, we can easily reactivate it. There are numerous exciting new additions. Splunk ITSI itself is highly interactive, making the overall service experience truly remarkable.

With Splunk ITSI, we can optimize business processes and systems. ITSI provides a visual representation of complex tools and context, using color coding and other features to make it easy for anyone at the monitoring or service desk to use. This also enables proactive responses to trends and events, as events are already segregated based on how they have been mapped.

The observability is great and valuable because it allows us to work with all our sets.

We collect infrastructure metrics from various servers, including Windows Services. One particularly useful feature of Splunk ITSI is the ability to create custom services. This functionality makes it easy to identify specific functions that are malfunctioning or experiencing problems. With this information, we can quickly troubleshoot and fix the issues.

The health scores and glass tables are extremely valuable and useful. These provide flexible visibility options to convey the meaning of the big data analysis being performed by Splunk behind the scenes. Glass tables allow you to create graphical displays that convey critical meaning with a simple clean look and feel. The deep dive also provides the ability to dig into metrics and KPIs, which are useful to isolate the time frame involved and that should be focused on. Once in the deep dive, you can quickly identify the first KPI or metric to impact the health score and focus your efforts on it. 

We liked the built-in calculation of health scores. We were able to adjust the different parameters, and really build out that health score — the RAG status (Red, Amber, Green), which is very powerful from an executive perspective. At the time, we were having a lot of issues from a stability perspective. It condensed everything, allowing our executives to easily ensure that everything was running smoothly: were there any incidents overnight? Those kinds of things. That way, when our CIO woke up and got the call from the head of IMTS, he knew whether or not there was going to be trouble.

The feature that stood out to me most from Splunk IT Service Intelligence (ITSI) was automated dashboarding or reporting. The solution lists the severity level of issues, and the response times, for example, so automated reporting is what I like best about Splunk IT Service Intelligence (ITSI).

There are many use cases. You can use it for all kinds of ingested data. 

The solution is stable.

It's scalable and expands well. 

It's easy to use. 

Splunk IT Service Intelligence (ITSI) is a very good tool.

Splunk IT Service Intelligence (ITSI) is superior to QRadar in my opinion. We can get results with the help of Splunk.

Splunk outperforms IBM QRadar in terms of functionality.

ITSI's most valuable feature is that it's easy to integrate DLP.

The most valuable features are the agility, being able to ingest many data sources with no limitation on capacity.

It's flexible in terms of capacity and different sources, which is very good. You can build reports, alerts, and dashboards very quickly.

It offers comprehensive visibility and integration with the applications in the Splunk base, where you can find more than 2000 applications and most of them are free. 

It allows you to integrate with the leading vendor's software and hardware. Through these applications, you can extend the capabilities of the platforms.

You can get the pre-built dashboards and connectivity to many deeper elements with the product. For example, for Palo Alto firewalls, VMware, and all of the main vendors, it is easy to extend this on your own. 

The Splunk community will add knowledge as the documentation is very comprehensive, and has a Q&A site. 

You can store the entire data and keep it saved from different sources. The schema is only defined as soon as you ask the question and you do the search.

On the IT side, machine learning has the ability to analyze patterns in the data and predict events according to the trends. It can detect anomalies and display them on dashboards with the ability to drill up, or down to the specific elements or a specific event.

Splunk stores the data collectively, meaning that the same data can be used by different departments in the organization. It avoids the silo structure that is very common, unfortunately. Many organizations including big enterprises generate large amounts of data and the ability to collect it centrally with all of the different parts of the organization, with different access to the same data is very helpful.

We can customize the visualization. For example, if the customer wants to have a better visualization experience, we can develop it on the front-end of the platform in order to provide a better user experience.

The flexibility to develop and consolidate many solutions into one platform is great. We've portrayed many parts of the solution in order to provide complete solutions. We can develop various parts that customers desire into Splunk platform due to the fact that it is so flexible and does allow for customization and specific tweaks.