Splunk Enterprise vs. Splunk IT Service Intelligence (ITSI) vs. StackState

It's well suited for what I do, which is network security operations. And that's for anything from troubleshooting incidents, troubleshooting performance, troubleshooting for the purpose of a compliance and auditing. It's not best suited for users who are new in terms of they're new to the product and they have expectations that probably Splunk cannot meet.

Incentivized

Splunk ITSI is a great tool (and toolbox) for combining together numerous and varied monitoring regimes to bring more holistic analysis and reduce alert fatigue. By leveraging the Splunk ITSI service and KPI modeling regime, ecosystem telemetry can be turned into a more reliable, clearer, high-level perspective on the current state of your components and services.

StackState is suitable for 1000+ hosts. Sometimes specific applications can take higher development time. Well suited for hybrid platforms to build end to end service alarms and service views. Advanced UI navigation might require some training. It is not a simple download and deploy software. It will require development in an agile model. Where newer versions are deployed to suit exact client requirements. Support contract with the StackState Engineer for development of use-cases is required and very useful.

• It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
• We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
• There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.

Incentivized

• Monitor hundreds of IT services by continuously tracking thousands of KPIs in a scalable way.
• Quickly identify problem areas by a combination of default visualizations and ability to create custom dashboards.
• Extremely configurable to effectively monitor nearly any KPI imaginable from Splunk.

Incentivized

• Giving observability of the entire IT stack
• Custom alerting options.
• Ingesting many different types of data.
• Requesting new features is encouraged and they often add them quite quickly.

• Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
• Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
• Better insight into daily ingestion values

Incentivized

• ITSI really needs a robust splunk log ingestion infrastructure at its core
• ITSI requires a great engineering team to build out the automated discovery and topology
• Unless you use an API to build the topology, the view can quickly become static

Incentivized

• Can't think of anything yet.

We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.

We have replaced our monitoring platform with Splunk & ITSI, and with the success, it's seen at our organization thus far we would be hard-pressed to pivot to another tool. Frankly, our business partners and application teams love Splunk & ITSI.

You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.

Incentivized

Splunk IT Service Intelligence (ITSI) is a platform with extended functionality and provides various functionalities which can be utilized to improve the efficiency and accuracy in analyzing the data and detecting the attacks.

Some elements of the product haven't had the usability upgrade yet and can be a bit technical. This is to be expected as they are trying to solve complex problems. I am sure that in the future, steps will be made to simplify this as well for the users / administrators / developers of the platform.

When properly setup and configured, Splunk is extremely reliable.

Incentivized

Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.

Incentivized

During POC, pre-planning, and implementation, we have had interactions with numerous folks at Splunk. Everyone from sales & engineering to markets analysts to specific IT component SMEs, and a small professional services engagement to get started. They have all been exceptionally helpful and go above and beyond the call of duty. They actively reach out to ensure success is being realized and find ways to help proactively, instead of having to simply open support cases with the vendor.

It's swift, they're thinking along with us. It's a "collaboration approach" rather than a (traditional) customer-supplier relation. Out new ideas are taken in concern and often ends up in enhancements of StackState

The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.

Smooth without too many major issues.

Incentivized

I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we went with splunk as many teams were already using it.

Incentivized

Splunk has raised itself as a platform not just as a tool unlike other products in the market. If I talk about Moogsoft it also has similar capabilities but Splunk ITSI has more visibility and its GUI is making a different impact on the users. ServiceNow and Splunk are equally capable products however Splunk seems to have more tech-savvy people tools than ServiceNow.

Incentivized

Splunk can scale in to the petabyte per day range which of course is awesome

• I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen.
• Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business.
• Splunk is very easy to learn and very useful to any program or business application.

Incentivized

• Splunk ITSI has reduced the number of alerts exposed to our Network Operations Center by 100x while increasing the context around outages.
• Splunk ITSI has increased the accuracy of our incident detection by leveraging the Event Analytics system to weigh the behavior of the many characteristics of each component together instead of independently.
• Splunk ITSI has reduced our incident MTTR (mean time to restore) by detecting issues faster, presenting them more clearly, and surfacing the salient details about the underlying issue.

• Increased visibility of all resources in cloud to 100%.
• Deviated stages are able to detect problems before their occurrence. However, [it] needs tunings for false alarms.