August 02, 2020


Mike McGrail | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk IT Service Intelligence (ITSI)

Splunk ITS Service Intelligence is used to consolidate alerts from various IT tools. Along with other logs and performance data, it is used by infrastructure operations, application developers, DevOps and other stakeholders to quickly see service health of applications and the IT infrastructure components. It helps eliminate data silos and having to reach out to individual teams managing point solutions.
  • Show KPIs for each service.
  • Show aggregated health scores.
  • Increase transparency across large disparate organizations.
  • Multiple ways to ingest the same data can be confusing (events vs. metrics).
  • Glass tables can be a conflicting priority against normal Splunk dashboards.
  • Proper setup for alerting requires content packs that could be included with the product directly.
  • A separate license for ITSI on top of Splunk may make purchasing decisions difficult to justify.
  • Eliminated >$500,000 in other software licensing.
  • Expected to be able to sunset additional point solution tools in favor of using ITSI.
  • Outage triage time is already being reduced, even while still instrumenting the product.
We selected ITSI to replace TrueSight as a legacy manager of managers. Used in tandem with the perks of core Splunk and access to logs, metrics, and performance data all in one location, it allows teams to pivot to keeping an eye on rolled-up service health and expose that to the larger IT audience.
During POC, pre-planning, and implementation, we have had interactions with numerous folks at Splunk. Everyone from sales & engineering to markets analysts to specific IT component SMEs, and a small professional services engagement to get started. They have all been exceptionally helpful and go above and beyond the call of duty. They actively reach out to ensure success is being realized and find ways to help proactively, instead of having to simply open support cases with the vendor.

Do you think Splunk IT Service Intelligence (ITSI) delivers good value for the price?


Are you happy with Splunk IT Service Intelligence (ITSI)'s feature set?


Did Splunk IT Service Intelligence (ITSI) live up to sales and marketing promises?


Did implementation of Splunk IT Service Intelligence (ITSI) go as expected?


Would you buy Splunk IT Service Intelligence (ITSI) again?


Some teams get excited when looking at ITSI service models and envision modeling the entire infrastructure. What gets lost in translation is breaking it down to services, and also ITSI is not a replacement for an APM solution. So using a proper APM solution to drive quick insights into specific transactions, then feeding that data to Splunk/ITSI is a better bet.

Using Splunk IT Service Intelligence (ITSI)

75 - IT Operations (including server, network, storage, virtualization), application owners, app/dev, and DevOps.
4 - Splunk, Linux, python, general IT knowledge
  • Expose degraded services to other teams.
  • Consolidate alerts from 3rd party tools.
  • Reduce noise by correlating alerts.
  • Decompose API services into individual calls affecting applications & view health.
  • Build glass tables to show VPN users.
  • ITSI has turned into a sort of rallying cry, teams are more excited to work together on this platform.
  • Continue to build out services.
  • Use glass tables more effectively.
  • Keep identifying KPIs that should be alerting.
  • Continue to correlate disparate alerts.
We have replaced our monitoring platform with Splunk & ITSI, and with the success, it's seen at our organization thus far we would be hard-pressed to pivot to another tool. Frankly, our business partners and application teams love Splunk & ITSI.

Evaluating Splunk IT Service Intelligence (ITSI) and Competitors

Yes - We replace BMC TrueSight to improve dashboarding of metrics and expose alerts to other teams instead of just having events fire an alert to a specific team. The visualizations of service scores are a vast improvement over looking at lists of events. We also replace EMC ViPR for storage monitoring because Splunk can provide better dashboards with less cost.
  • Price
  • Product Features
  • Vendor Reputation
We compared product features among AIOps vendors and ITSI felt like it had the most promise. Others simply felt like "TrueSight 2.0".
No, we were very thorough in our vendor evaluations, demonstrations, and POCs.