>> Announcer: Live, from Washington, D.C, it's theCUBE. Covering .conf2017, brought to you by Splunk. >> Welcome to the District everybody, this is theCUBE, the leader in live tech coverage. My name is Dave Vellante, and I'm here with my co-host for the opening session of Splunk .conf2017, George Gilbert. This is theCUBE's seventh year of doing Splunk .conf. We have seen the evolution of this company from a pre-IPO startup into a 1.2 billion dollar growing, rapidly growing player in the big data sphere. Interestingly George, Splunk in its early days really never glommed on to the big data meme. They let others sort of, run with that. Meanwhile, Splunk was analyzing machine data, helping people solve, you know, operational problems, security problems, et cetera, growing very rapidly as a company. Getting a passionate user group together and a community together, expanding on that community. And now today, you see Splunk is at the heart of big data. As you wrote recently in one of your pieces, you need big data and big data techniques to analyze all this data. So give us your take; where are we at in this evolution of Splunk and the intersection of big data? >> Alright so, I guess the best way to frame it is, we had several years of talk, mainly from the open source big data community, which of course came out of the big tech companies, about how they were going to solve problems with essentially instrumenting the new era of applications. These are the web and mobile apps, and the big data repositories around them. And I'm going to walk through four sort of, categories. Like, define this class of apps very crisply, so we can say who fits where. >> Well let me just ask you, so we're seeing the expansion of Splunk from sort of a narrow log analysis platform, into one that is becoming really more of a platform for big data apps and big data application development and big data apps. >> Okay, let me give you the crisp answer, then. For years Hadoop said, we're the platform for big data apps. But the problem was, it was built by and for big tech companies. So it was a lot of complexity, it's something you and I have talked about for awhile. And that sort of choked its adoption beyond the very most sophisticated enterprises. Splunk started analyzing, you know, basically log data, machine data. But as that platform grew, they built it not so that they were sourcing really innovative pieces from all over the ecosystem, but so that the repository, the analytics, the user interface, the application development environment, were all built to cohere and to fit together. Which meant it was immensely easier for admins and developers to use. And if you look at their results, they're as you said, a 1.2 billion dollar company, and that's bigger than all the Hadoop vendors combined and they're growing just as fast. >> Okay so before we get into it George, I want to just sort of, set it up a little bit for our audience. So we're here in Washington D.C at the convention center; 7,000 plus attendees at this show. When we first started doing the original .conf shows, it was relatively, you know, it's still intimate but it was a much smaller show, so up to 7,000 people now. 65 countries represented here; Doug Merritt, the CEO, launched the keynote this morning. talked about people coming from 30 million miles if you aggregate; you know, Splunk's all about aggregating and analyzing all this data. If you analyze the distance that everybody traveled in aggregate, it was 30 million miles. So what's happening here, is this is the gathering, the annual gathering of the Splunk community, the conference is called .conf. And when you listen to Splunk, and when they talk about their transformation as a company, and their opportunity as a company, really going from security incident and event management, to an organization that's really starting to focus on bringing analytics and big data to the security business. So security is a huge opportunity for Splunk. It's something that they've always been pretty fundamental in and so George, part of Splunk's evolution as a platform, is to really, as you're pointing out, get more into either apps, or allowing the ecosystem to develop apps on top of their platform, right? >> Okay, so that's sort of a great segway to the question of, are they dessert topping or floor wax? Are they a platform or an app? >> The answer is yes. >> Yes. Now, what they're doing, they're taking a page out of Microsoft's playbook, and very few others have made the transition from platform to app; they started really as an app platform. But what's going on now, is they basically can take machine data about your applications and your infrastructure from wherever; across the cloud on PRIM, out at the Edge, and then they give you end-to-end visibility because you've got all that data. And they have some advanced visualization techniques; they make it now, in this release, much easier to monitor the performance metrics. But then what they're doing, when you do this end-to-end visibility, you have a greater burden on the admins to say, well when there's an alert, correlate this problem with this problem and try and figure out where it really came from. What they're starting to do, which is really significant, is build the apps on top which go deep. The apps, like Splunk User Behavior Analytics, Splunk Enterprise Security. What that means is, those apps come pre-trained to know how to read the customers' landscape, put a map together. And then also how to figure out, so when services are not acting quite right, what to investigate. So in other words, they come with an administrator knowledge baked in. >> So Splunk has all this data across its 15,000 customers; you know, billions and billions of data points, if not trillions. And they are able to infer from that data and identify the pattern, so that they can deliver essentially, prepackaged insights to customers >> Yes, you're actually putting your finger on two things that are important. First, like the applications, like user behavior analytics, which is basically for looking for bad actors and intrusion, and enterprise security, which is sort of a broader look. Those come so that they're trained to figure out your landscape and what's normal behavior. But they announced something else just this morning, which was sort of a proactive support where they take all the telemetry data from customers as they opt in, and they learn from that about what's normal and abnormal, and what's best practice and what is not. And so then they can push out proactive support. >> Okay, let's do a quick rundown. We don't have much time here, but let's talk about the cloud strategy. Splunk has a relationship with AWS. Where's Splunk in your view fit with the whole cloud, hybrid cloud, PlayOn, PRIM, in the public cloud? I know they've said publicly that 50% of their customers, or at least maybe it's their new business, is cloud only. And then the other 50% is either on PRIM, or cloud; either all on PRIM, or on PRIM and cloud, so some kind of mix. So where do they fit in the whole cloud, hybrid cloud mix? >> Okay, you also touch again on a couple key things. One is, where can they run so that customers can have the same development platform and admin experience wherever the customer data may be; whether it's on PRIM, on the Edge, or in multiple clouds? That is, they've addressed, because they're a self contained environment, So they can run on different platforms, different locations. But at the same time, when you're working with Splunk on PRIM, you're really in a very different ecosystem than when you're using it in the cloud. Because in the cloud, you might want to take advantage of special purpose machine learning tools, or special purpose analytic databases that have capabilities that are there -- >> Dave: AWS services, for example, yeah. >> Yes, that are there in the cloud. >> Is that a friction point for Splunk? Is that the point of ... You know, are there clear swim lanes, or does it start to get fuzzy? >> I would call it less a friction point, and more of a set of trade-offs that their customers will encounter that are different. >> Okay, like the integrated iPhone versus other third party; so, the tooling. >> And it's worth mentioning that, you know, to stay in that self-contained and compatible sort of platform sphere, this little biosphere wherever it may be, you lose out on the platform specific specialized services that might be on any particular platform. And the fact that you have that trade-off is goodness, as opposed to ... >> Okay, a couple other things. So we talked a little bit about the, and you and I as you say, talked about this forever, is admin and developer complexity. What's Splunk's recipe for simplifying that, and how does machine learning fit in? Okay, so on the issue of admin complexity and developer complexity, I'm going to pull up a cheat sheet here that I started pulling together. Probably the complexity is going to freak out our video support guys. But if you look at the typical open source analytic application and the pipeline that's underneath it, it's got an process phase, it's analyzing the data, it's running predictions, it's serving the data -- >> Dave: Sounds like the Hadoop pipeline. >> It is; whether it's Splunk or Hadoop, it's the same set of -- >> Dave: It's a big data workflow when you're dealing with large volumes, right? >> And whether you're dealing with Splunk or Hadoop, you have to deal with stuff like data governance, performance monitoring, scheduling, authentication authorization, resource -- >> Dave: All the enterprise level stuff that we've grown to understand and love. >> But, if in the open source ecosystem, each stage of the pipeline is a different product, and each of those admin steps is implemented differently because they're coming from different patchy projects, you've got what I call is, potentially a Frankenstein kind of product. You know, like its creator might love it, but -- >> Dave: Okay, so you're saying Splunk's strategy will be to integrate those and be in a simplified, almost like the cloud guys who would aspire to do -- >> Well, that's the other thing. See, Splunk had this wonderful thing on PRIM where they were really the only one who was unifying big data in the cloud; it hasn't happened yet. Like Amazon's answer to customers is, we take any and all comers, you can use our services, you can use others. But you will see over time, probably first by Azure and then later by Amazon -- >> Okay, so were out of time, but these are some of the things we're tracking. Watching spunks TAM expansion, the whole cloud, hybrid cloud strategy, simplifying big data complexity, where does machine learning fit in? Some of the things we didn't get into were breadth versus depth; Splunk is kind of doing both. Going deep with certain applications, but also horizontally across its platform. And then, of course, we haven't talked about IOT but we will this week. IOT and Edge processing, what's the right strategy there? We'll be unpacking that all week. Splunk is a fun crowd; I mean, you can see the t-shirts. The t-shirts are fantastic; Drop Your Breaches, The End of Meh-trix, taking the S-H out of IT. These are some of the t-shirts that you see, some of the slogans that you see around here. So Splunk, really fun company. The other thing that you note about this ecosystem, this audience, is when Splunk makes an announcement, you get genuine applause; you know laughter, applause, really, really passionate customer base. A lot of these conferences we come to, it's sort of golf claps; not here, it's really heartfelt. So George, great analysis. Thanks very much for helping us kick-off. Keep it right there, everybody; we'll be back with our next guest. It's theCUBE, we're live from the District, at Splunk .conf2017. (upbeat techno-music)