ITSI Enables Rapid Incident Resolution at Scale
March 20, 2021

ITSI Enables Rapid Incident Resolution at Scale

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Splunk IT Service Intelligence (ITSI)

We use Splunk IT [Service Intelligence (ITSI)] to help reduce the reliance on institutional knowledge and put real-time actionable information in the hands of technicians troubleshooting a production problem. ITSI will help us to ensure that our recent hires are able to identify root causes to an ongoing incident as quickly as our more seasoned team members. ITSI allows us to layer information from various sources into a single pane of glass view of our entire topology.
  • ITSI visualizes the dependency topology and layers in data
  • ITSI grabs data from many disparate sources and creates an integrated view
  • ITSI provides real-time insights by showing a timelines of metrics layered across various transactions
  • ITSI really needs a robust splunk log ingestion infrastructure at its core
  • ITSI requires a great engineering team to build out the automated discovery and topology
  • Unless you use an API to build the topology, the view can quickly become static
  • ITSI has helped to deploy AIOPS at scale
  • ITSI helps to reduce noise by group alerts based on topology
  • ITSI helps reduce the time it takes to identify root cause
Other products like Dynatrace and Stack State require there to be an agent installed on all hosts to provide topological views. [Splunk IT Service Intelligence] (ITSI) allows the user to either manually define the topology, or setup a job to do it automatically based APIs, etc. I think depending on the use case this could either be a good thing or a bad thing. It's definitely something to consider when your consider ITSI vs other competitors.
Centralizing this data helps our team members to be able to see everything they need in one place. Without [Splunk IT Service Intelligence] (ITSI), team members would need to look at various dashboards, and know where those dashboards are in the various monitoring systems. The other thing about aligning it all in ITSI is that it allows the user to see everything on the same timescale, which obviously helps to pinpoint the problem.
Our team is just starting to leverage this capability within [Splunk IT Service Intelligence] (ITSI). Since our splunk indices are so large and numerous, it becomes a scaling problem to be able to achieve ML across the ecosystem and detect anomalies across many different splunk indices. This is definitely an untapped area for us that hold a lot of potential. Right now, we're mainly leveraging the power of ITSI through the topology views.
[Splunk IT Service Intelligence (ITSI)] allows us to achieve our operational goals through quicker detection and restoration of incidents in real-time. We haven't used ITSI to look at any of our business processes since we have only piloted ITSI within our technology operations department. I can easily see how ITSI could be leveraged in glass tables to show how business processes are performing, but it isn't something we have leveraged to this point.
[Splunk IT Service Intelligence (ITSI)] is well suited when you have a system that you want to visualize, and then layer in information from many different sources. This will allows ITSI to intelligently create alerts based on the system as a whole vs the individual components. In some cases, a simple splunk dashboard would really suffice over using ITSI. Teams deploying ITSI should really understand the use cases and consider using simple dashboards where they make sense, and use ITSI for topological views.