(Upbeat music) >> Hi everyone and welcome back to the Cube's coverage of Splunk.conf 2021, virtual. We are here, live in the Splunk studios here in Silicon valley. I'm John Furrier, host of the Cube. Spiros Xanthos VP of product management of observability with Splunk is here inside the cube, Spiros, thanks for coming on. Great to see you. [Spiros Xanthos]- John, thanks for having me glad to be here. >> We love observability. Of course we love Kubernetes, but that was before observability became popular. We've been covering cube-con since it was invented even before, during the OpenStack days, a lot of open source momentum with you guys with observability and also in the customer base. So I want to thank you for coming on. Give us the update. What is the observability story its clearly in the headlines of all the stories SiliconANGLE's headline is multi-cloud observability security Splunk doubling down on all three. >> Correct. >> Big part of the story is observability. >> Correct. And you mentioned CubeCon. I was there last week as well. It seems that those observability and security are the two most common buzzwords you hear these days different from how it was when we started it. But yeah, Splank actually has made the huge investment in observability, starting with the acquisition of Victor ops three years ago, and then with Omnition and Signalfx. And last year with Plumbr synthetics company called Rigor and Flowmill and a network monitoring company. And plus a lot of organic investment we've made over the last two years to essentially build an end-to-end observability platform that brings together metrics, traces, and logs, or otherwise infrastructure monitoring, log analytics, application monitoring. Visual experience monitoring all in one platform to monitor let's say traditional legacy and modern cloud native apps. >> For the folks that know SiliconANGLE, the Cube know we've been really following this from the beginning for signal effects, remember when they started they never changed their course. they've had the right They have the right history and from spot by spot, you guys, same way open source and cloud was poo-pooed upon, people went like, oh, it's not secure, they never were. Now it's the center of all the action. [Spiros Xanthos]- Yes >> And so that's really cool. And thanks for doing that. The other thing I want to get your point on is what does end-to-end observability mean? Because there's a lot of observability companies out there right now saying, Hey, we're the solution We're the utility, we're the tool, but I haven't seen a platform. So what's your answer to that? >> Yes. So observability, in my opinion, in the context of what you're describing means two things. One is that when, when we say internal durability, it means that instead of having, let's say multiple monitoring tools that are silent, let's say one for monitoring network, one for monitoring infrastructure, a separate one for monitoring APM that do not work with each other. We bring all of these telemetry in one place we connect it and exactly because actually applications and infrastructure themselves are becoming one. You have a way to monitor all of it from one place. So that's observability. But the other thing that observability also is because these environments tend to be a lot more complex. It's not just about connecting them, right? It's also about having enough data and enough analytics to be able to make sense out of those environments and solve problems faster than you could do in the past with traditional monitoring. >> That's a great definition. I've got to then ask you one of the things coming up that came out of CoopCon was clear, is that the personnel to hire, to run this stuff, it's not everyone can get the skills gap problem. At the same time, automation is at an all time high people are automating and doing AI ops, get outs. What do you want to call this a buzz word for that basically automating the data observability into the CICB pipeline, huge trend right now. And the speed of developers is fast now. They're coding fast. They don't want to wait. >> I agree. So, and that's exactly what's happening, right? We want essentially from traditional IT where developers would develop something a little bit deployed months later by some IT professional, of course, all of this coming together, But we're not stopping that as you say, right, that the shifting left is going earlier into the pipeline. Everyone expect, essentially let's say monitoring to happen at the speed of deployment. And I guess observability again, is this not, as a requirement. Observability is this idea. Let's say that I should be able to monitor my applications in real time and, you know, get information as soon as something happens. >> With the evolution of the shift left trend. I would say for the people don't know what shift left is you put security the beginning, not bolted on at the end and developers can do it with automation, all that good stuff that they have. But how, how real is that right now in terms of it happening? Can you, can you share some vision and ideas and anecdotal data on how, how fast shift left is, or is there still bottlenecks and security groups and IT groups? >> So there are bottlenecks for sure. In my opinion, we are aware with, let's say the shift left or the dev sec ops trend, whether IT and devs maybe a few years ago. And this is both a cultural evolution that has to happen. So security teams and developers have to come closer together, understand like, say the consensus of the requirements of each other so they can work better together the way it happened with DevOps and all sorts of tooling problem, right? Like still observability or monitoring solutions are not working very well with security yet. We at Splunk of course, make this a priority. And we have the platform to integrate all the data in one place. But I don't think is generally something that we'll have achieved as well as an industry yet. And including the cultural aspects of it. >> Is that why you think end to end is important to hit that piece there so that people feel like it's all working together >> I think end to end is important for two reasons. actually one is that essentially, as you say, you hit all the pieces from the point of deployment, let's say all the way to production, but it's also because I think applications and infrastructure, FMLA infrastructure with Kubernetes, microservices are in traditional so much more complexity that you need to step function improvement in the tooling as well. Right? So that you need keep up with the complexity. So bringing everything together and applying analytics on top is the way essentially to have this step function improvement in how your monitoring solution works so that it can keep up with the complexity of the underlying infrastructure and application. >> That is a huge, huge points Spiros. I got to double down on that with you and say, let's expand that because that's the number one problem, taming the complexity without slowing down. Right? So what is the best practice for that? What do people do? Cause, I mean, I know it's evolving, it's going faster than that, but it's still getting better, but not always there, but what can people do to go faster? >> So, and I will add that it's even more complex than just what the cloud, let's say, native applications introduced because especially large enterprises have to maintain their routine, that on-prem footprint legacy applications that are still in production and then still expand. So it's additive to what they have today, right? If somebody was to start from a clean slate, let's say started with Kubernetes today, maybe yes, we have the cloud native tooling to monitor that, but that's not the reality of most, most enterprises out there. Right? So I think our goal at Splunk at least is to be able to essentially work with our customers through their digital, digital transformation and cloud journey. So to be able to support all their existing applications, but also help them bring those to the cloud and develop new applications in a cloud native fashion, let's say, and we have the tooling, I think, to support all of that, right between let's say our original data platform and our metrics and traces platform that we develop further. >> That's awesome. And then one quick question on the customer side, if I'm a customer, I want observability, I want this, I want everything you just said. How do I tell the difference between a pretender and a player, the good solution and a bad solution? What are the signals that this is the real deal, that's a fake product >> Agreed. So, I mean, everyone obviously believes that original (laughing) I'm not sure if I will. >> You don't want to name names? Here's my, my perspective on what truly is a requirement for absorb-ability right? First of all, I think we have moved past the time where let's say proprietary instrumentation and data collection was a differentiator. In fact, it actually is a problem today, if you are deploying that because it creates silos, right? If I have a proprietary instrumentation approach for my application, that data cannot be connected to my infrastructure or my logs, let's say, right. So that's why we believe open telemetry is the future. And we start there in terms of data collection. Once we standardize, let's say data collection, then the problem moves to analytics. And that's, I think where the future is, right? So observability is not just about collecting a bunch of data and that bring it back to the user. It's about making sense out of this data, right? So the name of the game is analytics and machine learning on top of the data. And of course the more data you can collect, the better it is from that perspective. And of course, then when we're talking about enterprises, scale controls, compliance all of these matter. And I think real time matters a lot as well, right? We cannot be alerting people after minutes of a problem that has happened, but within a few seconds, if we wanted to really be pro-active. >> I think one thing I like to throw out there, maybe get your reaction to it, I think maybe one other thing might be enabling the customer to code on top of it, because I think trying to own the vertical stack as well as is also risky as a vendor to sell to a company, having the ability to add programming ability on top of it. >> I completely agree actually, You do? In general giving more control to the users and how, what do they do with their data, let's say, right? And even allowing them to use open source, whatever is appropriate for them, right? In combination, maybe with a vendor solution when they don't want to invest themselves. >> Build their own apps, build your own experience. That's the way the world works. That's software. >> I agree. And again, Splunk from the beginning was about that, right? Like we'll have thousands of apps built ontop of our platform >> Awesome. Well, I want to talk about open source and the work you're doing with open telemetry. I think that's super important. Again, go back even five, 10 years ago. Oh my God. The cloud's not secure. Oh my God, open source has got security holes. It turns out it's actually the opposite now. So, you know finally through the people woke up. No, but it's gotten better. So take us through the open telemetry and what you guys are doing with that. >> Yes. So first of all, my belief, my personal belief is that if there is no future where infrastructure is anything about open source, right? Because people do not trust actually close our solutions in terms of security. They prefer open source at this point. So I think that's the future. And in that sense, a few years ago, I guess our belief was that all data collection instrumentations with standards based first of all, so that the users have control and second should be open source. That's why we, at Omnition the company I co-founded that was acquired by Splunk. We we're one of the main tenders of open sensors and that we brought together open sensors and OpenTracing in creating open telemetry. And now , Open telemetry is pretty much the de facto. Every vendor supports it, its the second most active project in CNCF. And I think it's the future, right? Both because it frees up the data and breaks up the silos, but also because, has support from all the vendors. It's impossible for any single vendor to keep up with all this complexity and compete with the entire industry when we all come together. So I think it's a great success it's I guess, kudos to everybody, kudos to CNCF as well, that was able to actually create and some others. >> And props to CNCF. Yeah. CNC has done an amazing job and been going to all those events all the years and all the innovations has been phenomenal. I got to ask what the silos, since you brought it up, come multiple times. And again, I think this is important just to kind of put an exclamation point on, machine learning is based upon data. Okay. If you have silos, you have the high risk of having bad machine learning. >> Yes. >> Okay. That's you agree with that? >> Completely. >> So customers, they kind of understand this, right. If you have silos that equals bad future >> Correct >> because machine learning is baked into everything now. >> And I will add to that. So silos is the one problem, and then not being able to have all the data is another problem, right? When it comes to being able to make sense out of it. So we're big believers in what we call full fidelity. So being able to connect every byte of data and do it in a way that makes sense, obviously economically for the customer, but also have, let's say high signal to noise ratio, right? By structuring the data at the source. Overt telemetry is another contributor to that. And by collecting all the data and by having an ability, let's say to connect the data together, metrics, traces, logs, events, incidents, then we can actually build a little more effective tooling on top to provide answers back to the user with high confidence. So then users can start trusting the answers as opposed to they themselves, always having to figure out what the problem is. And I think that's the future. And we're just starting. >> Spiros I want to ask you now, my final question is about culture And you know, when you have scale with the cloud and data, goodness, where you have people actually know the value of data and they incorporate into their application, you have advantages. You have competitive advantages in some cases, but developers were just coding love dev ops because it's infrastructure as code. They don't have to get into the weeds and do the under the hood, datas have that same phenomenon right now where people want access to data. But there's certain departments like security departments and IT groups holding back and slowing down the developers who are waiting days and weeks when they want it in minutes and seconds for have these kinds of things. So the trend is, well there's, first of all, there's the culture of people aren't getting along and they're hating each other or they're not liking each other. >> Yes >> There's a little conflict, always kind of been there, but now more than ever, because why wait? >> I agree. >> How can companies shorten that cycle? Make it more cohesive, still decouple the groups because you've got, you got compliance. How do you maximize the best of a good security group, a good IT group and enables as fast as possible developers. >> I agree with you, by the way, this is primarily cultural. And then of course there is a tooling gap as well. Right. But I think we have to understand, let's say as a security group, instead of developers, what are the needs of each other, right. Why we're doing the things we're doing because everybody has the right intentions to some extent, right? But the truth is there is pain. We are me and myself. Like as we develop our own solutions in a cloud native fashion, we see that right. We want to move as fast as possible, but at the same time, want to be compliant and secure, right. And we cannot compromise actually on security or compliance. I mean, that's really the wrong solution here. So I think we need to come together, understand what each other is trying to do and provide. And actually we need to build better tooling that doesn't get into the way. Today, oftentimes it's painful to have, let's say a compliance solution or a secure solution because it slows down development. I think we need to actually, again, maybe a step function improvement in the type of tooling we'll have in this space. So it doesn't get into the way Right? It does the work it provides. Let's say the security, the security team requires, it provides the guarantees there, but doesn't get in the way of developers. And today it doesn't happen like this most of the time. So we have some ways to go. >> And Garth has mentioning how you guys got some machine learning around different products is one policy kind of give some, you know, open, you know, guardrails for the developers to bounce around and do things until they, until they have to put a new policy in place. Is that an answer automated with automation? >> Big time. Automation is a big part of the answer, right? I think we need to have tooling that first of all works quickly and provides the answers we need. And we'll have to have a way to verify that the answer are in place without slowing down developers.Splunk is, I mean, out of a utility of DevSecOps in particular is around that, right? That we need to do it in a way that doesn't get in the way of, of let's say the developer and the velocity at which they're trying to move, but also at the same time, collect all the data and make sure, you know, we know what's going on in the environment. >> Is AI ops and dev sec ops and GET ops all the same thing in your mind, or is it all just labels >> It's not necessarily the same thing because I think AI ops, in my opinion applies, let's say to even more traditional environments, what are you going to automate? Let's say IT workflows in like legacy applications and infrastructure. Getops in my mind is maybe the equivalent when you're talking about like cloud native solutions, but as a concept, potentially they are very close I guess. >> Well, great stuff. Great insight. Thanks for coming on the Cube. Final point is what's your take this year of the live we're in person, but it's virtual, we're streaming out. It's kind of a hybrid media environment. Splunk's now in the media business with the studios, everything great announcements. What's your takeaway from the keynote this week? What's your, you got to share to the audience, this week's summary. >> First of all, I really hope next year, we're all going to be in one place, but still given the limitations we had I think it was a great production and thanks to everybody who was involved. So my key takeaway is that we truly actually have moved to the data age and data is at the heart of everything we do. Right? And I think Splunk has always been that as a company, but I think we ourselves really embraced that and everything we do is everything. Most of the problems we solve are data problems, whether it's security, observability, DevSecOps, et cetera. So. >> Yeah, and I would say, I would add to that by saying that my observations during the pandemic now we're coming, hopefully to the end of it, you guys have been continuing to ship code and with real, not vaporware real product, the demos were real. And then the success on the open source. Congratulations. >> Thank you. >> All right. Thanks for coming on and we appreciate it >> Thanks alot _Cube coverage here at dot com Splunk annual conference. Virtual is the Cube. We're here live at the studios here at Splunk studios for their event. I'm John Farrow with the Cube. Thanks for watching. (joyful tune)

(upbeat music) >> Hello everyone, welcome back to theCUBE's coverage of splunk.com 2021 virtual. We're here live in the Splunk studios. We're all here gettin all the action, all the stories. Garth Fort, senior vice president, Chief Product Officer at Splunk is here with me. CUBE alumni. Great to see you. Last time I saw you, we were at AWS now here at Splunk. Congratulations on the new role. >> Thank you. Great to see you again. >> Great keynote and great team. Congratulations. >> Thank you. Thank you. It's a lot of fun. >> So let's get into the keynote a little bit on the product. You're the Chief Product Officer. We interviewed Shawn Bice, who's also working with you as well. He's your boss. Talk about the, the next level, cause you're seeing some new enhancements. Let's get to the news first. Talk about the new enhancements. >> Yeah, this was actually a really fun keynote for me. So I think there was a lot of great stuff that came out of the rest of it. But I had the honor to actually showcase a lot of the product innovation, you know, since we did .conf last year, we've actually closed four different acquisitions. We shipped 43 major releases and we've done hundreds of small enhancements, like we're shipping code in the cloud every six weeks and we're shipping new versions twice a year for our Splunk Enterprise customers. And so this was kind of like if you've seen that movie Sophie's Choice, you know, where you have to pick one of your children, like this was a really hard, hard thing to pick. Cause we only had about 25 minutes, but we did like four demos that I think landed really well. The first was what we call ingest actions and you know, there's customers that are using, they start small with gigabytes and they go to terabytes and up to petabytes of data per day. And so they wanted tools that allow them to kind of modify filter and then route data to different sort of parts of their infrastructure. So that was the first demo. We did another demo on our, our visual playbook editor for SOAR, which has improved quite a bit. You know, a lot of the analysts that are in the, in the, in the SOC trying to figure out how to automate responses and reduce sort of time to resolution, like they're not Python experts. And so having a visual playbook editor that lets them drag and drop and sort of with a few simple gestures create complex playbooks was pretty cool. We showed some new capabilities in our APM tool. Last year, we announced we acquired a company called Plumbr, which has expertise in basically like code level analysis and, and we're calling it "Always On" profiling. So we, we did that demo and gosh, we did one more, four, but four total demos. I think, you know, people were really happy to see, you know, the thing that we really tried to do was ground all of our sort of like tech talk and stuff that was like real and today, like this is not some futuristic vision. I mean, Shawn did lay out some, some great visions, visionary kind of pillars. But, what we showed in the keynote was I it's all shipping code. >> I mean, there's plenty of head room in this market when it comes to data as value and data in motion, all these things. But we were talking before you came on camera earlier in the morning about actually how good Splunk product and broad and deep the product portfolio as well. >> Garth: Yeah. >> I mean, it's, I mean, it's not a utility and a tooling, it's a platform with tools and utilities. >> Garth: Yeah >> It's a fully blown out platform. >> Yeah. Yeah. It is a platform and, and, you know, it's, it's one that's quite interesting. I've had the pleasure to meet a couple of big customers and it's kind of amazing, like what they do with Splunk. Like I was meeting with a large telco on the east coast and you know, they actually, for their set top boxes, they actually have to figure out in real time, which ads to display and the only tool they could find to process 15 million events in real time, to decide what ad to display, was Splunk. So that was, that was like really cool to hear. Like we never set out to be like an ad tech kind of platform and yet we're the only tool that operates at that level of scale and that kind of data. >> You know, it's funny, Doug Merritt mentioned this in my interview with him earlier today about, you know, and he wasn't shy about it, which was great. He was like, we're an enabling platform. We don't have to be experts in all these vertical industries >> Garth: Yep >> because AI takes care of that. That's where the machine learning >> Garth: Yeah >> and the applications get built. So others are trying to build fully vertically integrated stacks into these verticals when in reality they don't have to, if they don't want it. >> Yeah, and Splunk's kind of, it's quite interesting when you look across our top 100 customers, you know, Doug talks about like the, you know, 92 of the fortune 100 are kind of using Splunk today, but the diversity across industries and, you know, we have government agencies, we have, you know, you name the retail or the vertical, you know, we've got really big customers, they're using Splunk. And the other thing that I kind of, I was excited about, we announced the last demo I forgot was TruSTAR integration with Enterprise Security. That's pretty cool. We're calling that Splunk Threat Intelligence. And so That was really fun and we only acquired, we closed the acquisition to TruSTAR in May, but the good news is they've been a partner with us like for 18 months before we actually bought em. And so they'd already done a lot of the work to integrate. And so they had a running start in that regard, But other, one other one that was kind of a, it was a small thing. I didn't get to demo it, but we talked about the, the content pack for application performance monitoring. And so, you know, in some ways we compete in the APM level, but in many ways there's a ton of great APM vendors out there that customers are using. But what they wanted us to do was like, hey, if I'm using APM for that one app, I still want to get data out of that and into Splunk because Splunk ends up being like the core repository for observability, security, IT ops, Dev Sec Ops, et cetera. It's kind of like where the truth, the operational truth of how your systems works, lives in Splunk. >> It's so funny. The Splunk business model has actually been replicated. They call it data lake, whatever you want to call it. People are bringing up all these different metaphors. But at the end of the day, if you guys can create a value proposition where you can have data just be, you know, stored and dumped and dumped into whatever they call it stored in a way >> Garth: We call it ingest >> Ingested, ingested. >> Garth: Not dumped. >> Data dump. >> Garth: It's ingested. >> Well, I mean, well you given me a plan, but you don't have to do a lot of work to store just, okay, we can only get to it later, >> Garth: Yep. >> But let the machines take over >> Garth: Yep. >> With the machine learning. I totally get that. Now, as a pro, as a product leader, I have to ask you your, your mindset around optimization. What do you optimize for? Because a lot of times these use cases are emerging. They just pop out of nowhere. It's a net new use case that you want to operationalize. So balancing the headroom >> Yep. >> Or not to foreclose those new opportunities for customers. How are customers deciding what's important to them? How do you, because you're trying to read the tea leaves for the future >> Garth: A little bit, yeah. >> and then go, okay, what do our customers need, but you don't want to foreclose anything. How do you think about product strategy around that? >> There's a ton of opportunity to interact with customers. We have this thing called the Customer Advisory Board. We run, I think, four of them and we run a monthly. And so we got an opportunity to kind of get that anecdotal data and the direct contact. We also have a portal called ideas.splunk.com where customers can come tell us what they want us to build next. And we look at that every month, you know, and there's no way that we could ever build everything that they're asking us to, but we look at that monthly and we use it in sort of our sprint planning to decide where we're going to prioritize engineering resources. And it's just, it's kind of like customers say the darndest things, right? Sometimes they ask us for stuff and we never imagined building it in a million years, >> John: Yeah. >> Like that use case around ads on the set top box, but it's, it's kind of a fun place to be like, we, we just, before this event, we kind of laid out internally what, you know, Shawn and I kind of put together this doc, actually Shawn wrote the bulk of it, but it was about sort of what do we think? Where, where can we take Splunk to the next three to five years? And we talked about these, we referred to them as waves of innovation. Cause you know, like when you think about waves, there's multiple waves that are heading towards the beach >> John: Yeah. >> in parallel, right? It's not like a series of phases that are going to be serialized. It's about making a set of investments. that'll kind of land over time. And, and the first wave is really about, you know, what I would say is sort of, you know, really delivering on the promise of Splunk and some of that's around integration, single sign-on things about like making all of the Splunk Splunk products work together more easily. We've talked a lot in the Q and a about like edge and hybrid. And that's really where our customers are. If you watch the Koby Avital's sort of customer keynote, you know, Walmart by necessity, given their geographic breadth and the customers they serve has to have their own infrastructure. They use Google, they use Azure and they have this abstraction layer that Koby's team has built on top. And they use Splunk to manage kind of, operate basically all of their infrastructure across those three clouds. So that's the hybrid edge scenario. We were thinking a lot about, you mentioned data lakes. You know, if you go back to 2002, when Splunk was founded, you know, the thing we were trying to do is help people make sense of log files. But now if you talk to customers that are moving to cloud, everybody's building a data lake and there's like billions of objects flowing into millions of these S3 buckets all over the place. And we're kind of trying to think about, hey, is there an opportunity for us to point our indexing and analytics capability against structured and unstructured data and those data lakes. So that that'll be something we're going to >> Yeah. >> at least start prototyping pretty soon. And then lastly, machine learning, you know, I'd say, you know, to use a baseball metaphor, like in terms of like how we apply machine learning, we're like in the bottom of the second inning, >> Yeah. >> you know, we've been doing it for a number of years, but there's so much more. >> There's so, I mean, machine learning is only as good as the data you put into the machine learning. >> Exactly, exactly. >> And so if you have, if you have gap in the data, the machine learning is going to have gaps in it. >> Yeah. And we have, we announced a feature today called auto detect. And I won't go into the gory details, but effectively what it does is it runs a real-time analytics job over whatever metrics you want to look at and you can do what I would consider more statistics versus machine learning. You can say, hey, if in a 10 minute period, like, you know, we see more errors than we see on average over the last week, throw an alert so I can go investigate and take a look. Imagine if you didn't have to figure out what the right thresholds were, if we could just watch those metrics for you and automatically understand the seasonality, the timing, is it a weekly thing? Is it a monthly thing? And then like tell you like use machine learning to do the anomaly detection, but do it in a way that's more intelligent than just the static threshold. >> Yeah. >> And so I think you'll see things like auto detect, which we announced this week will evolve to take advantage of machine learning kind of under the covers, if you will. >> Yeah. It was interesting with cloud scale and the data velocity, automations become super important. >> Oh yeah. >> You don't have a lot of new disciplines emerge, like explainable AI is hot right now. So you got, the puck is coming. You can see where the puck is going. >> Yeah >> And that is automation at the app edge or the application layer where the data has got to be free-flowing or addressable. >> Garth: Yeah. >> This is something that is being talked about. And we talked about data divide with, with Chris earlier about the policy side of things. And now data is part of everything. It's part of the apps. >> Garth: Yeah. >> It's not just stored stuff. So it's always in flight. It should be addressable. This is what people want. What do you think about all of that? >> No, I think it's great. I actually just can I, I'll quote from Steve Schmidt in, in sort of the keynote, he said, look like security at the end of the day is a human problem, but it kind of manifests itself through data. And so being able to understand what's happening in the data will tell you, like, is there a bad actor, like wreaking havoc inside of my systems? And like, you can use that, the data trail if you will, of the bad actor to chase them down and sort of isolate em. >> The digital footprints, if you will, looking at a trail. >> Yeah. >> All right, what's the coolest thing that you like right now, when you look at the treasure trove of, of a value, as you look at it, and this is a range of value, Splunk, Splunk has had customers come in with, with the early product, but they keep the customers and they always do new things and they operationalize it >> Garth: Yep. >> and another new thing comes, they operationalize it. What's the next new thing that's coming, that's the next big thing. >> Dude that is like asking me which one of my daughters do I love the most, like that is so unfair. (laughing) I'm not going to answer that one. Next question please. >> Okay. All right. Okay. What's your goals for the next year or two? >> Yeah, so I just kind of finished roughly my first 100 days and it's been great to, you know, I had a whole plan, 30, 60, 90, and I had a bunch of stuff I wanted to do. Like I'm really hoping, sort of, we get past this current kind of COVID scare and we get to back to normal. Cause I'm really looking forward to getting back on the road and sort of meeting with customers, you know, you can meet over Zoom and that's great, but what I've learned over time, you know, I used to go, I'd fly to Wichita, Kansas and actually go sit down with the operators like at their desk and watch how they use my tools. And that actually teaches you. Like you, you come up with things when you see, you know, your product in the hands of your customer, that you don't get from like a CAB meeting or from a Zoom call, you know? >> John: Yeah, yeah. >> And so being able to visit customers where they live, where they work and kind of like understand what we can do to make their lives better. Like that's going to, I'm actually really excited to gettin back to travel. >> If you could give advice to CTO, CISO, or CIO or a practitioner out there who are, who is who's sitting at their virtual desk or their physical desk thinking, okay, the pandemic, were coming through the pandemic. I want to come out with a growth strategy, with a plan that's going to be expansive, not restrictive. The pandemic has shown what's what works, what doesn't work. >> Garth: Sure. >> So it's going to be some projects that might not get renewed, but there's doubling down on, certainly with cloud scale. What would advice would you give that person when they start thinking about, okay, I got to get my architecture right. >> Yeah. >> I got to get my playbooks in place. I got to get my people aligned. >> Yeah >> What's what do you see as a best practice for kind of the mindset to actual implementation of data, managing the data? >> Yeah, and again, I'm, I'm, this is not an original Garth thought. It actually came from one of our customers. You know, the, I think we all, like you think back to March and April of 2020 as this thing was really getting real. Everybody moved as fast as they could to either scale up or scale scaled on operations. If you were in travel and hospitality, you know, that was, you know, you had to figure how to scale down quickly and like what you could shut down safely. If you were like in the food delivery business, you had to figure out how you could scale up, like Chipotle hit two, what is it? $2 billion run rate on delivery last year. And so people scrambled as fast as they could to sort of adapt to this new world. And I think we're all coming to the realization that as we sort of exit and get back to some sense of new normal, there's a lot of what we're doing today that's going to persist. Like, I think we're going to have like flexible rules. I don't think everybody's going to want to come back into the office. And so I think, I think the thing to do is you think about returning to whatever this new normal looks like is like, what did we learn that was good. And like the pandemic had a silver lining for folks in many ways. And it sucked for a lot. I'm not saying it was a good thing, but you know, there were things that we did to adapt that I think actually made like the workplace, like stronger and better. And, and sort of. >> It showed that data's important, internet is important. Didn't break, the internet didn't break. >> Garth: Correct. >> Zoom was amazing. And the teleconferencing with other tools. >> But that's kind of, just to sort of like, what did you learn over the last 18 months that you're going to take for it into the next 18 years? You know what I mean? Cause there was a lot of good and I think people were creative and they figured out like how to adapt super quickly and take the best of the pandemic and turn it into like a better place to work. >> Hybrid, hybrid events, hybrid workforce, hybrid workflows. What's what's your vision on Splunk as a tier one enterprise? Because a lot of the news that I'm seeing that's, that's the tell sign to me in terms of this next growth wave is big SI deals, Accenture and others are yours working with and you still got the other Partnerverse going. You have the ecosystems emerging. >> Garth: Yep. >> That's a good, that means your product's enabling people to make money. >> Garth: Yeah. Yeah, yeah, yeah. >> And that's a good thing. >> Yeah, BlueVoyant was a great example in the keynote yesterday and they, you know, they've really, they've kind of figured out how, you know, most of their customers, they serve customers in heavily regulated industries kind of, and you know, those customers actually want their data in a Splunk tenant that they own and control and they want to have that secure boundary around that. But BlueVoyant's figured out how they can come in and say, hey, I'm going to take care of the heavy lifting of the day-to-day operations, the monitoring of that environment with the security. So, so BlueVoyant has done a great job sort of pivoting and figuring out how they can add value to customers and do, you know, because they they're managing not just one Splunk instance, but they're managing 100s of Splunk cloud instances. And so they've got best practices and automation that they can play across their entire client base. And I think you're going to see a lot more of that. And, and Teresa's just, Teresa is just, she loves Partners, absolutely loves Partners. And that was just obvious. You could, you could hear it in her voice. You could see it in her body language, you know, when she talked about Partnerverse. So I think you'll see us start to really get a lot more serious. Cause as big as Splunk is like our pro serve and support teams are not going to scale for the next 10,000, 100,000 Splunk customers. And we really need to like really think about how we use Partners. >> There's a real growth wave. And I, and I love the multiples wave in parallel because I think that's what everyone's consensus on. So I have to ask you as a final question, what's your takeaway? Obviously, there's been a virtual studio here where all the Splunk executives and, and, and customers and partners are here. TheCUBE's here doing all the presentations, live by the way. It was awesome. What would you say the takeaway is for this .conf, for the people watching and consuming all the content online? A lot of asynchronous consumption would be happening. >> Sure. >> What's your takeaway from this year's Splunk .conf? >> You know, I, it's hard cause you know, you get so close to it and we've rehearsed this thing so many times, you know, the feedback that I got and if you look at Twitter and you look at my Slack and everything else, like this felt like a conf that was like kind of like a really genuine, almost like a Splunk two dot O. But it's sort of true to the roots of what Splunk was true to the product reality. I mean, you know, I was really careful with my team and to avoid any whiff of vaporware, like what were, what we wanted to show was like, look, this is Splunk, we're acquiring companies, you know, 43 major releases, you know, 100s of small ones. Like we're continuing to innovate on your behalf as fast as we can. And hopefully this is the last virtual conf. But even when we go back, like there was so much good about the way we did this this week, that, you know, when we, when we broke yesterday on the keynote and we were sitting around with the crew and it kind of looking at that stage and everything, we were like, wow, there is a lot of this that we want to bring to an in-person event as well. Cause so for those that want to travel and come sit in the room with us, we're super excited to do that as soon as we can. But, but then, you know, there may be 25, 50, 100,000 that don't want to travel, but can access us via this virtual event. >> It's like a time. It's a moment in time that becomes a timeless moment. That could be, >> Wow, did you make that up right now? >> that could be an NFT. >> Yeah >> We can make a global cryptocurrency. Garth, great to see you. Of course I made it up right then. So, great to see you. >> Air bump, air bump? Okay, good. >> Okay. Garth Fort, senior vice president, Chief Product Officer. In theCUBE here, we're live on site at Splunk Studio for the .conf virtual event. I'm John Furrier. Thanks for watching. >> All right. Thank you guys. (upbeat music)