Enterprise ITSI at Scale. The Thoughts of a Team Lead.
March 18, 2021

Enterprise ITSI at Scale. The Thoughts of a Team Lead.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk IT Service Intelligence (ITSI)

We currently leverage ITSI across our entire IT organization. It is primarily used for event management and aggregation of events to drive incident creation and self healing automation.
  • Clean user interface
  • Easy to build new integrations
  • Flexible and can be catered to your specific use case
  • The terminology takes some getting used to: Aggregation policies, notable events, correlation searches, glass tables. If you're not familiar with ITSI, these terms can be a bit overwhelming and steepens the learning curve.
  • We have had some technical issues with the underlying support when used in a multisite cluster. We've had to build in several points of redundancy to make sure it works as expected.
  • I'd like to see additional types of notable events, like informational events that come in for when an incident is created or when an alert is acknowledged so all of those action steps can be viewed on the episode timeline without affecting the count of events.
  • We've saved quite a bit from legacy monitoring tools like Tivoli/Omnibus from a pure cost perspective
  • We have greatly reduced manual work efforts by building and leveraging self healing integrations for automation tools like Ansible and Bigfix
No tool has the power that the combination of Splunk and ITSI has. You can certainly cover all that ITSI does by combining several tools with custom developed integrations, but the out of the box functionality of Splunk leveraged with ITSI is unparalleled.
If a new team desires to setup monitoring, we can very easily set that up since there's a strong chance they are already using Splunk to view their machine data and our team manages the whole event flow because the framework is there.
We are not currently leveraging the Service Analytics side of ITSI.... yet. The plan is to do so moving forward, but we are still in a transitory state moving from legacy monitoring tools to an updated model with Service Analytics
This will certainly be easier to do once we make the move from purely Event Analytics to Service Analytics. We are not there yet though.
I don't think there is a better event management solution on the market especially when you factor in the power of Core Splunk backing it.