>> Announcer: Live from Orlando, Florida. It's theCube. Covering .conf18, brought to you by Splunk. >> We're back in Orlando, Dave Vellante with Stu Miniman. John Rooney is here. He's the vice president of product marketing at Splunk. Lot's to talk about John, welcome back. >> Thank you, thanks so much for having me back. Yeah we've had a busy couple of days. We've announced a few things, quite a few things, and we're excited about what we're bringing to market. >> Okay well let's start with yesterday's announcements. Splunk 7.2 >> Yup. _ What are the critical aspects of 7.2, What do we need to know? >> Yeah I think first, Splunk Enterprise 7.2, a lot of what we wanted to work on was manageability and scale. And so if you think about the core key features, the smart storage, which is the ability to separate the compute and storage, and move some of that cool and cold storage off to blob. Sort of API level blob storage. A lot of our large customers were asking for it. We think it's going to enable a ton of growth and enable a ton of use cases for customers and that's just sort of smart design on our side. So we've been real excited about that. >> So that's simplicity and it's less costly, right? Free storage. >> Yeah and you free up the resources to just focus on what are you asking out of Splunk. You know running the searches and the safe searches. Move the storage off to somewhere else and when you need it you pull it back when you need it. >> And when I add an index or I don't have to both compute and storage, I can add whatever I need in granular increments, right? >> Absolutely. It just enables more graceful and elastic expansiveness. >> Okay that's huge, what else should we know about? >> So workload management, which again is another manageability and scale feature. It's just the ability to say the great thing about Splunk is you put your data in there and multiple people can ask questions of that data. It's just like an apartment building that has ... You know if you only have one hot water heater and a bunch of people are taking a shower at the same time, maybe you want to give some privileges to say you know, the penthouse they're going to get the hot water first. Other people not so much. And that's really the underlying principle behind workload management. So there are certain groups and certain people that are running business critical, or mission critical, searches. We want to make sure they get the resources first and then maybe people that are experimenting or kind of kicking the tires. We have a little bit of a gradation of resources. >> So that's essentially programmatic SLAs. I can set those policies, I can change them. >> Absolutely, it's the same level of granular control that say you were on access control. It's the same underlying principle. >> Other things? Go ahead. >> Yeah John just you guys always have some cool, pithy statements. One of the things that jumped out to me in the keynotes, because it made me laugh, was the end of metrics. >> John: Yes. >> You've been talking about data. Data's at the ... the line I heard today was Splunk users are at the crossroads of data so it gives a little insight about what you're doing that's different ways of managing data 'cause every company can interact with the same data. Why is the Splunk user, what is it different, what do they do different, and how is your product different? >> Yeah I mean absolutely. I think the core of what we've always done and Doug talked about it in the keynote yesterday is this idea of this expansive, investigative search. The idea that you're not exactly sure what the right question is so you want to go in, ask a question of the data, which is going to lead you to another question, which is going to lead you to another question, and that's that finding a needle in a pile of needles that Splunk's always great at. And we think of that as more the investigative expansive search. >> Yeah so when I think back I remember talking with companies five years ago when they'd say okay I've got my data scientists and finding which is the right question to ask once I'm swimming in the data can be really tough. Sounds like you're getting answers much faster. It's not necessarily a data scientist, maybe it is. We say BMW on stage. >> Yeah. >> But help us understand why this is just so much simpler and faster. >> Yeah I mean again it's the idea for the IT and security professionals to not necessarily have to know what the right question is or even anticipate the answer, but to find that in an evolving, iterative process. And the idea that there's flexibility, you're in no way penalized, you don't have to go back and re-ingest the data or do anything to say when you're changing exactly what your query is. You're just asking the question which leads to another question, And that's how we think about on the investigative side. From a metric standpoint, we do have additional ... The third big feature that we have in Splunk Enterprise 7.2 is an improved metrics visualization experience. Is the idea of our investigative search which we think we are the best in the industry at. When you're not exactly sure what you're looking for and you're doing a deep dive, but if you know what you're looking for from a monitoring standpoint you're asking the same question again and again and again, over and again. You want be able to have an efficient and easy way to track that if you're just saying I'm looking for CPU utilization or some other metric. >> Just one last follow up on that. I look ... the name of the show is .conf >> Yes. >> Because it talks about the config file. You look at everywhere, people are in the code versus gooey and graphical and visualization. What are you hearing from your user base? How do you balance between the people that want to get in there versus being able to point and click? Or ask a question? >> Yeah this company was built off of the strength of our practitioners and our community, so we always want to make sure that we create a great and powerful experience for those technical users and the people that are in the code and in the configuration files. But you know that's one of the underlying principles behind Splunk Next which was a big announcement part of day one is to bring that power of Splunk to more people. So create the right interface for the right persona and the right people. So the traditional Linux sys admin person who's working in IT or security, they have a certain skill set. So the SPL and those things are native to them. But if you are a business user and you're used to maybe working in Excel or doing pivot tables, you need a visual experience that is more native to the way you work. And the information that's sitting in Splunk is valuable to you we just want to get it to you in the right way. And similar to what we talked about today in the keynote with application developers. The idea of saying well everything that you need is going to be delivered in a payload and json objects makes a lot of sense if you're a modern application developer. If you're a business analyst somewhere that may not make a lot of sense so we want to be able to service all of those personas equally. >> So you've made metrics a first class citizen. >> John: Absolutely. >> Opening it up to more people. I also wanted to ask you about the performance gains. I was talking to somebody and I want to make sure I got these numbers right. It was literally like three orders of magnitude faster. I think the number was 2000 times faster. I don't know if I got that number right, it just sounds ... Implausible. >> That's specifically what we're doing around the data fabric search which we announced in beta on day one. Simply because of the approach to the architecture and the approach to the data ... I mean Splunk is already amazingly fast, amazingly best in class in terms of scale and speed. But you realize that what's fast today because of the pace and growth of data isn't quite so fast two, three, four years down the road. So we're really focused looking well into the future and enabling those types of orders of magnitude growth by completely re imagining and rethinking through what the architecture looks like. >> So talk about that a little bit more. Is that ... I was going to say is that the source of the performance gain? Is it sort of the architecture, is it tighter code, was it a platform do over? >> No I mean it wasn't a platform do over, it's just the idea that in some cases the idea of thinking like I'm federating a search between one index here and one index there, to have a virtualization layer that also taps into compute. Let's say living in a patchy Kafka, taking advantage of those sorts of open source projects and open source technologies to further enable and power the experiences that our customers ultimately want. So we're always looking at what problems our customers are trying to solve. How do we deliver to them through the product and that constant iteration, that constant self evaluation is what drives what we're doing. >> Okay now today was all about the line of business. We've been talking about, I've used the term land and expand about a hundred times today. It's not your term but others have used it in the industry and it's really the template that you're following. You're in deep in sec ops, you're in deep in IT, operations management, and now we're seeing just big data permeate throughout the organization. Splunk is a tool for business users and you're making it easier for them. Talk about Splunk business flow. >> Absolutely, so business flow is the idea that we had ... Again we learned from our customers. We had a couple of customers that were essentially tip of the spear, doing some really interesting things where as you described, let's say the IT department said well we need to pull in this data to check out application performance and those types of things. The same data that's following through is going to give you insight into customer behavior. It's going to give you insight into coupons and promotions and all the things that the business cares about. If you're a product manager, if you're sitting in marketing, if you're sitting in promotions, that's what you want to access and you want to be able to access that in real time. So the challenge is that we're now stepping you with things like business flow is how do you create an interface? How do you create an experience that again matches those folks and how they think about the world? The magic, the value that's sitting in the data is we just have to surface it for the right way for the right people. >> Now the demo, Stu knows I hate demos, but the demo today was awesome. And I really do, I hate demos because most of them are just so boring but this demo was amazing. You took a bunch of log data and a business user ingested it and looked at it and it was just a bunch of data. >> Yeah. >> Like you'd expect and go eh what am I supposed to do with this and then he pushed button and then all of a sudden there was a flow chart and it showed the flow of the customer through the buying pattern. Now maybe that's a simpler use case but it was still very powerful. And then he isolated on where the customer actually made a phone call to the call center because you want to avoid if possible and then he looked at the percentage of drop outs, which was like 90% in that case, versus the percentage of drop outs in a normal flow which was 10%- Oop something's wrong, drilled in, fixed the problem. He showed how he fixed it, oh graphically beautiful. Is it really that easy? >> Yeah I mean I think if you think about what we've done in computing over the last 40 years. If you think about even the most basic word processor, the most basic spreadsheet work, that was done by trained technicians 30-40 years ago. But the democratization of data created this notion of the information worker and we're a decade or so now plus into big data and the idea that oh that's only highly trained professionals and scientists and people that have PHDs. There's always going to be an aspect of the market or an aspect of the use cases that is of course going to be that level of sophistication, but ultimately this is all work for an information worker. If you're an information worker, if you're responsible for driving business results and looking at things, it should be the same level of ease as your traditional sort of office suite. >> So I want to push on that a little if I can. So and just test this, because it looked so amazingly simple. Doug Merritt made the point yesterday that business processes they used to be codified. Codifying business processes is a waste of time because business processes are changing so fast. The business process that you used in the example was a very linear process, admittedly. I'm going to search for a product, maybe read a review, I'm going to put it in my cart, I'm going to buy it. You know, very straightforward. But business processes as we know are unpredictable now. Can that level of simplicity work and the data feed in some kind of unpredictable business process? >> Yeah and again that's our fundamental difference. How we've done it differently than everyone in the market. It's the same thing we did with IT surface intelligence when we launched that back in 2015 because it's not a tops down approach. We're not dictating, taking sort of a central planning approach to say this is what it needs to look like. The data needs to adhere to this structure. The structure comes out of the data and that's what we think. It's a bit of a simplification, but I'm a marketing guy and I can get away with it. But that's where we think we do it differently in a way that allows us to reach all these different users and all these different personas. So it doesn't matter. Again that business process emerges from the data. >> And Stu, that's going to be important when we talk about IOT but jump in here. >> Yeah so I wanted to have you give us a bit of insight on the natural language processing. >> John: Yeah natural language processing. >> You've been playing with things like the Alexa. I've got a Google Home at home, I've got Alexa at home, my family plays with it. Certain things it's okay for but I think about the business environment. The requirements in what you might ask Alexa to ask Splunk seems like that would be challenging. You're got a global audience. You know, languages are tough, accents are tough, syntax is really really challenging. So give us the why and where are we. Is this nascent things? Do you expect customers to really be strongly using this in the near future? >> Absolutely. The notion of natural language search or natural language computing has made huge strides over the last five or six years and again we're leveraging work that's done elsewhere. To Dave's point about demos ... Alexa it looks good on stage. Would we think, and if you're to ask me, we'll see. We'll always learn from the customers and the good thing is I like to be wrong all the time. These are my hypotheses, but my hypothesis is the most actual relevant use of that technology is not going to be speech it's going to be text. It's going to be in Slack or Hipchat where you have a team collaborating on an issue or project and they say I'm looking for this information and they're going to pass that search via text into Splunk and back via Slack in a way that's very transparent. That's where I think the business cases are going to come through and if you were to ask me again, we're starting the betas we're going to learn from our customers. But my assumption is that's going to be much more prevalent within our customer base. >> That's interesting because the quality of that text presumably is going to be much much better, at least today, than what you get with speech. We know well with the transcriptions we do of theCUBE interviews. Okay so that's it. ML and MLP I thought I heard 4.0, right? >> Yeah so we've been pushing really hard on the machine learning tool kit for multiple versions. That team is heavily invested in working with customers to figure out what exactly do they want to do. And as we think about the highly skilled users, our customers that do have data scientists, that do have people that understand the math to go in and say no we need to customize or tweak the algorithm to better fit our business, how do we allow them essentially the bare metal access to the technology. >> We're going to leave dev cloud for Skip if that's okay. I want to talk about industrial IOT. You said something just now that was really important and I want to just take a moment to explain to the audience. What we've seen from IOT, particularly from IT suppliers, is a top down approach. We're going to take our IT framework and put it at the edge. >> Yes. >> And that's not going to work. IOT, industrial IOT, these process engineers, it's going to be a bottoms up approach and it's going to be standard set by OT not IT. >> John: Yes. >> Splunk's advantage is you've got the data. You're sort of agnostic to everything else. Wherever the data is, we're going to have that data so to me your advantage with industrial IOT is you're coming at it from a bottoms up approach as you just described and you should be able to plug into the IOT standards. Now having said that, a lot of data is still analog but that's okay you're pulling machine data. You don't really have tight relationships with the IOT guys but that's okay you got a growing ecosystem. >> We're working on it. >> But talk about industrial IOT and we'll get into some of the challenges. >> Yeah so interestingly we first announced the Industrial Asset Intelligence product at the Hannover Messe show in Germany, which is this massive like 300,000 it's a city, it's amazing. >> I've been, Hannover. One hotel, huge show, 400,000 people. >> Lot of schnitzel (laughs) I was just there. And the interesting thing is it's the first time I'd been at a show really first of all in years where people ... You know if you go to an IT or security show they're like oh we know Splunk, we love Splunk, what's in the next version. It was the first time we were having a lot of people come up to us saying yeah I'm a process engineer in an industrial plant, what's Splunk? Which is a great opportunity. And as you explain the technology to them their mindset is very different in the sense they think of very custom connectors for each piece. They have a very, almost bespoke or matched up notion, of a sense to a piece of equipment. So for an example they'll say oh do you have a connector for and again, I don't have the machine numbers, but like the Siemens 123 machine. And I'll be like well as long as it's textural structural to semi structural data ideally with a time stamp, we can ingest and correlate that. Okay but then what about the Siemens ABC machine? Well the idea that, the notion that ... we don't care where the source is as long as there's a sensor sending the data in a format that we can consume. And if you think back to the beginning of the data stream processor demo that Devani and Eric gave yesterday that showed the history over time, the purple boxes that were built, like we can now ingest data via multiple inputs and via multiple ways into Splunk. And that hopefully enables the IOT ecosystems and the machine manufacturers, but more importantly, the sensor manufacturers because it feels like in my understanding of the market we're still at a point of a lot of folks getting those sensors instrumented. But once it's there and essentially the faucet's turned on, we can pull it all in and we can treat it and ingest it just as easily as we can data from AWS Kineses or Apache Access logs or MySequel logs. >> Yeah and so instrumenting the windmill, to use the metaphor, is not your job. Connectivity to the windmill is not your job, but once those steps have been taken and the business takes those steps because there's a business case, once that's done then the data starts flowing and that's where you come in. >> And there's a tremendous amount of incentive in the industry right now to do that level of instrumentation and connectivity. So it feels like that notion of instrument connect then do the analytics, we're sitting there well positioned once all those things are in place to be one of the top providers for those analytics. >> John I want to ask you something. Stu and I were talking about this at our kickoff and I just want to clarify it. >> Doug Merritt said that he didn't like the term unstructured data. I think that's what he said yesterday, it's just data. My question is how do you guys deal with structured data because there is structured data. Bringing transaction processing data and analytics data together for whatever reason. Whether it's fraud detection, to give the buyer an offer before you lose them, better customer service. How do you handle that kind of structured data that lives in IBM mainframes or whatever. USS mainframes in the case of Carnival. >> Again we want to be able to access data that lives everywhere. And so we've been working with partners for years to pull data off mainframes. Again, the traditional in outs aren't necessarily there but there are incentives in the market. We work with our ecosystem to pull that data to give it to us in a format that makes sense. We've long been able to connect to traditional relational databases so I think when people think of structured data they think about oh it's sitting in a relational database somewhere in Oracle or MySequel or SQL Server. Again, we can connect to that data and that data is important to enhance things particularly for the business user. Because if the log says okay whatever product ID 12345, but the business user needs to know what product ID 12345 is and has a lookup table. Pull it in and now all of a sudden you're creating information that's meaningful to you. But structure again, there's fluidity there. Coming from my background a Json object is structured. You can the same way Theresa Vu in the demo today unfurled in the dev cloud what a Json object looks like. There's structure there. You have key value pairs. There's structure to key value pairs. So all of those things, that's why I think to Doug's point, there's fluidity there. It is definitely a continuum and we want to be able to add value and play at all ends of that continuum. >> And the key is you guys your philosophy is to curate that data in the moment when you need it and then put whatever schema you want at that time. >> Absolutely. Going back to this bottoms up approach and how we approach it differently from basically everyone else in the industry. You pull it in, we take the data as is, we're not transforming or changing or breaking the data or trying to put it into a structure anywhere. But when you ask it a question we will apply a structure to give you the answer. If that data changes when you ask that question again, it's okay it doesn't break the question. That's the magic. >> Sounds like magic. 16,000 customers will tell you that it actually works. So John thanks so much for coming to theCUBE it was great to see you again. >> Thanks so much for having me. >> You're welcome. Alright keep it right there everybody. Stu and I will be back. You're watching theCUBE from Splunk conf18 #splunkconf18. We'll be right back. (electronic drums)

>> Live from Orlando, Florida, it's theCUBE. Covering .conf18, brought to you by Splunk. >> Welcome back to Orlando everybody, home of Disney World, and this week, home of theCUBE. I'm Dave Vellante and he's Stu Miniman. Steven Hatch is here, he's the manager of Enterprise Logging Services at Cox Automotive. Steven, thanks for coming on theCUBE. >> Thank you. >> So, you've been with Splunk for a while, we're here at conf18. Logging services, enterprise logging services. When you think of Splunk, their roots, Splunk go back to, sort of, log files, analyzing log files, it's in your title. (laughs) You must be pretty intimately tied to, as a practitioner, to this capability, but talk about your role and what you do at Cox. >> Primarily, the role is to be the evangelist, the enabler, and the center of excellence when it comes down to getting those best practices propergated within the enterprise. >> So people come to you for advice, council, you play, sort of, internal consultant. What qualified you to do that? You were a practitioner prior to this, so you got your hands dirty and you kind of now, elevated to-- >> My prior role was a Site Operations, or Site Reliability Engineer, and then Manager. And so, having that background, I've been in IT since '96, so I'm a little old in the game, but basically, having that operational knowledge, and knowing how to think big picture when things are happening or transpiring, or the reverse and go back and find that root cause analysis. >> '96, just a pup, my friend, okay? (both laugh) So, talking to Stu, we were talking off camera, about the number of brands that Cox Automotive has, Cox at Kelley Blue Book and at numerous others, like dozens, each of these is kind of it's own data silo. How do you guys go about using Splunk? Are you able to break down some of those silos? Maybe you could share that with us. >> Yeah, so we have been successful on a lot of the big three really, at Kelley Blue Book, Manheim, as well as Auto Trader, to really break in. A lot of that was because of our, already previous, relationships with team members and leaders. On the other side of the coin is the newly acquired companies that are not in Atlanta, Georgia. That are in places like Groton, Connecticut, South Jordan, Utah, Upstate New York, as well as the Toronto area in Canada. And so, WebEx joined me, email just won't cut it. You actually have to sit down with these people and really showcase your business case, your model, and what you're trying to bring to the table. But of course, the approach is always important. >> And are you using Splunk to do that? As a collaboration tool as well? >> Yes sir, yep. >> Explain that a little bit if you would. >> So, a lot of times, as you mentioned, the silos, as a bigger brand now, it's no longer an excuse for you to only be responsible for your data and not showcase it, or share that data. Because we're thinking about the entire life-cycle of Cox Automotive, and this entity of Cox Automotive, that's important to us now. So for you to hold tight, or to hoard your data, or your metrics and not share them, that's not good business anymore. >> Yeah, so Steven, we talked to a lot of companies that do M&A, and it's usually like, well, this is the products we use, these are the structures that we have. One of the things we hear from Splunk is that you can get to your data, your way. How does the Splunk modeling, and how you look at the data, fit into that M&A? Is that an enabler for you to be able to get that in. >> Yeah, and so, when you can showcase the ability of how the data comes in and, quickly. Key word, right? To showcase how that data can be very valuable to them, especially to their stakeholders, that's when light bolts will go off. And, again, it's the stakeholders, and then champions, that we need to bring to the table to make sure that we can get full adoption. >> Yeah, we've also-- Dave's been to the show a few times, it's my first time, and what I've really heard a bunch of is the people that know how to use Splunk, they're super valuable inside of the company. They get training, people inside the company, they look to get hired, tell us a little about what you've seen, what it means to your role inside the company, and as you network with your peers here. >> It's a lot of exposure. A lot of people are very anxious to get some type of insights into their world, their infrastructure, their applications, their business tools. A lot of times, there are people out there that are very savvy from a business perspective, that have a bunch of KPIs in their head, but no one has actually extracted that information from them, and so, our job is to align with their KPIs. You know, over the last couple of years, that's what we've-- the journey that we've been on, is to now revisit the data that we've just ingested. That's the basic foundation. We want to elevate now and really get more mature, and to align with those business KPIs. >> Meaning they got this tribal knowledge in their head, and you want to codify that so that it can be shared. >> Correct. >> How do you go about doing that? Is it sitting in a whiteboard and understanding that? >> It can be a whiteboard, it can be over a coffee. If I need to get on a plane and go see them in person, and to really just listen and ask the questions when it's time but, again, listen and really understand what's important to them, what is important to their business, to their function, to their silos? Cox Automotive has five, of what we call, pillars, where there's international, finance, marketing, retail, or media, and each one of those owners, over time, wants the specific value. >> So if you go and have a chalkboard session, whiteboard session, with one of these folks, how do you operationalize it? You got to figure out where the data exists, so that you can align with what's in their head? Is that right? And then, how do you do that? How do you scale it? >> Well, so, again, you have to start from the top. If you start from the bottom, you'll be in the weeds until the end of time. So that the more efficient manner is to start from the top and realize those KPIs from those leaders, those stakeholders, and then from there, a tool like ITSI, which is basically built around services, entities, and aligning to their service decomposition model, and that right there allows you to stay consistent and efficient on getting that information. >> So you start top down, but ultimately, people are going to want granularity. So you start-- is it top down, bottom up, type of approach? Where you actually drill, drill, drill, drill, drill, and then get to the point where you can answer all those granule questions? And then, by doing that, if I understand it correctly, it sums to the top line, is that fair? >> Yeah, yeah, there's a point in time where you say, you know what? I could really now enhance or enrichen the data by a dataset that I know where it is. So the keypal will get you to a certain point, and then, to find that happy medium, or that common denominator from the data that you already have on premise, or from your apps, wherever they reside, that's where you can meet the gap. >> Otherwise you're never get it done. You'll end up boiling the ocean. >> That's correct, yes sir. >> All right, so, when we talked to you two years ago, you were using Splunk Cloud, you know? And when we talked to practitioners it's-- the things that they're managing, a lot of times now, most of it's not what they own, and so, how do I get the right information? How do I manage that environment? Talk to us a little bit about what you've seen in the maturation of Splunk and Splunk Cloud, if there's anything in 7.2, or Splunk Next, that's exciting you, to help you do your job even better. >> Oh man, so of course, the keynote today, the DSP, the processing layer that's in front of the Cloud, or in front of the indexes now. Where in real time, I can now route data, specifically from a security standpoint. If there's some type of event, without having to go through all the restarts and configuration management and everything else, I can simply put something in there, right there, and move the data, or mask the data. The ability with the infrastructure app, that's exciting to me, as well as all the feature updates for ITSI, enterprise security, as well as the Cloud itself. >> Can we do a little Splunk 101 for my benefit? So I heard today, from one of the product folks, that it used to be when you added another indexer, you had to add storage and compute simultaneously, whether or not you needed the storage, you had to add it, or vise versa. So an indexer is what, is it, essentially, a Splunk node? >> No, it can be a, basically, a Linux host, that actually has the agent running as an indexer with the attached disk. >> Right, okay, and it used to be you had to buy that in chunks, kind of like HCI, right? And you couldn't scale storage independent of compute? >> That's correct. >> What that meant is you were paying for stuff that you might not need. >> Right. >> So, with 7.2, I guess it is, you can split those and you get more granule, or what does that mean for you? >> Well, being a, now four year customer of Splunk Cloud, and anytime we went to the next version of, or license, the next step up, currently we're on about six terabytes. When we go up to eight, that the entailed more indexes being added to the cluster, which meant more time for the replication of search factors to be met, which can take however long, and then, or if there's any kind of issue with the indexer, where one had to be pulled out and another one introduced. How long does that take? Now, with the decoupling of the compute from the storage, it's minutes, and so it's a fraction of the time. >> And if I understand, I understood it real well when it's an appliance, but it's the same architecture if it's done in the Cloud, is that correct? >> It's, essentially, actually, it's a new architecture in my mind, where now it's able to scale more, and then there's-- I'm not sure how much they talked about it, but there's a potential of the elasticity of it. And so, now, I don't have to be so fixed, I can, on certain times, expand the cluster, you know, for search performance, or bring it back down when it's not needed. >> Some of the promise of Cloud. >> Yes, sir, Splunk Cloud. >> So it's like the Billy Dean, the five tool star. You've got the cost, you've got availability, you got speed, you got flexibility, and you've got business value, ultimately, which is what's driving here. So, I take it, I'm inferring here, you'd expect to use this capability in the near future? >> Very much so. >> Great. What else is on your horizon? What are the cool stuff you're working on? And things you want to share with us? >> Well, in addition to our leveraging Splunk Cloud for four years, next year we plan to move away from our current sim tool, into enterprise security. So it's very exciting to hear that they're continually updating that product, and so our security team has been knocking on my door for the last six months to really get that started. So, once we get there, we'll start the migration efforts and get Splunk Cloud now, enabled with the enterprise security, to really empower our security team, and stay ahead of our threats. >> So, I've been around a long time, and, ever since I can remember being in this business, customers have wanted to consolidate the number of vendors with whom they work. But the allure of best of breed always sucks them in to, oh, lets try this, or you get shadow IT. It sounds like, with Splunk, you're approaching this as a platform that you can use for a variety of different use cases. >> That is correct. >> Now, whether or not you reduce the number of vendors is, maybe a separate conversation, but I guess the question I have is, how are you using Splunk in new ways? It sounds like its permutating a line of business, SecOps, etc, is that an accurate picture? If you could describe it. >> Yeah, so Splunk itself, the core is the platform for so many different other functions within the business. You have security, you have the development group, DevOps, where, from a CICD perspective, now they can measure the metrics or the latency in between, when they create a car, say in rally, all the way to the very end of the line, what are all those metrics that are there, that they can leverage to increase their productivity? Obviously, infrastructure. As we consolidate all of our data centers down, wouldn't it be nice to know if these specific low bouncers or switchers are still having traffic to verse them? And to actually get a depiction of the consolidation effort. From a virtualization standpoint, isn't it powerful to know how many devices E6 hosts are actually fully being utilized, and how many are actually vacant? And how much money can be saved if we were actually to turn down those specifics blades or hosts? Or VMs that aren't being leveraged, but they're sitting there, taking up valuable resources. >> I remember when Splunk, right around the time they went public, I remember two instances, maybe three. There was a MPP database company, there was a large three letter firm, and there was an open-source specialist, and I heard the same thing from each of them, was we have the Splunk killer, this was like, five, six years ago. It seems like this Splunk killer was Splunk. And it really never happened. Why is it? Why is Splunk so effective? You obviously see, you know, you're independent, you want to use the best thing for Cox Automotive. What is it about Splunk that sets them apart, puts them in the lead? >> The scale capabilities, having this type of environment with the conferences and the sales group and the support groups, very intentional about listening. Having workshops where they come on premise to help us out on our use cases, to really educate their users, because the more their users are elevated from a knowledge standpoint, the more they will then exercise the application. If they all stay basic, why would I need another component of Splunk? Why would I need enterprise security? Why would I need to expand my subscription into the Cloud? The more I can exercise it, the more I'll need. >> So this is kind of a give, get. They come in knowing that if they expose you to other best practices, you'll going to be more effective in the use of Splunk and you might apply it in to other parts of your business. >> My appetite will grow and my users appetite will grow. >> And these are freebies that they're doing? Services freebies, or are they paid for services? >> Oh yeah, they have no problem coming in, supplying the necessary ammunition, or food, to entice, to have folks come in, but it's powerful to have all the engineers in there to really show us how things work. 'Cause, again, it's a win, win. >> And you're a football fan, I understand? >> Oh, yes, sir. >> Chiefs are your team, right? >> That's correct. >> Were you a football player? >> For a little while, yes. Now I coach, so that's my-- >> And you coach, what? >> Little girls. >> Kiddie football, huh, awesome. Is that Pop Warner these days, still? >> I guess you call it that. >> Flag football or tackle? >> Tackle football >> Really? >> Yep. >> Eight years old? >> Yes, my son is eight and he's playing full back right now, I'm very excited, happy father. >> Is he a big boy, like his dad? >> He's going to be bigger, I think, than his father, yes, sir. (both laugh) >> That's awesome. Well, listen, thanks very much, Steven, for coming on theCUBE, it's really a pleasure meeting you. >> That's appreciated, thank you very much. All right, keep it right there everybody. Stu and I will be back with our next guest. We're live from Splunk .conf18, you're watching theCUBE.

(upbeat music) >> Live from Orlando, Florida, it's theCUBE covering .conf18. Brought to you by Splunk. >> Hello everybody, welcome to Orlando. This is theCUBE, the leader in live tech coverage, and we're here at Splunk conf .conf 2018. The hashtag is #splunkconf18. My name is Dave Vellante, I'm here with my co-host Stu Miniman. Stu it's great to be in Orlando again. Last year we were in D.C. This is our seventh year covering Splunk.conf and we've seen the company really move from essentially analyzing log files on PRAM in a perpetual license model, to now a company that is permeating all of IT into the lines of business. Security, IT performance, application performance, moving into IOT. Really becoming a mature company. It's a company with $1.7 billion in revenue forecasted for this year. They were talking about a $17 billion market cap, they're growing at 36%, and they're a company Stu, that is in the process of successfully going from a perpetual license model to a renewable model. Splunk set the goal of being 75% renewable by 2020. Sounds like renewable energy, but repeatable renewable from a subscription standpoint, they're already there. So you're seeing that in the execution. This is your first .conf, or conf as they like to say. We were at the ESPN Wide World of Sports Center, you saw what, what's the number, 8,000 people? >> Yeah I think 8,000 at the show this year, it's strong growth, and Dave I've been hearing from the team for years the excitement of the show, the passion of the show, saw like, right over near where we were sitting there's the whole group of that was the Splunk trust. They've got the fezzes on, a lot of them have superhero capes on, and it's what you'd expect from a passionate, technical maybe even geeky audience. Things like, we're announcing the S3 API-compatible storage. Everybody's like, yay we're so excited for this. It's hardcore techies. >> What was the other big clap? Screen? >> Yeah, that's right dark mode. We're going to go to dark mode, I don't have to play with the CSS. Anybody that's played with a website, changing these things is not trivial. I click a little button and the joke was this was the bright one for the executives, but when I'm down in the gamer center I don't want this glaring screen here, so I can switch it over to dark mode. And people were pretty excited about that. >> So again the roots of Splunk, they took log data and analyzed it. Doug Merritt the CEO, talked today talked about, making things happen with data. I thought he did a really good job of laying out the past, putting the past behind us in terms of he said, "I've been to I can't tell you "how many Master Data management classes "trying to optimize the database, "trying to codify business processes "and harden those business processes." The problem is data is messy. Data is growing so fast, business processes are changing so fast, the competition is moving so fast, customers are changing. So you have to be able to organize your data in the moment. So, the whole idea that, even go back to the early big data days and Hadoop, the whole idea was to bring five megabytes of compute to a petabyte of data. And no schema on write, or what some call schema on read. Splunk was really a part of that. Put the data, get the data organized in a way that you can look at in in a moment, but then let the data flow. So that has definite implications in terms of how you think about data. It's not trying to get the data all perfect so you can use it, it's trying to get the data into your data ocean, as we like to say, and then have the tooling to be able to analyze it very, very quickly. They announced Splunk 7.2 today which is a big deal. Some things, we'll talk about a few of the features, obviously focused on performance, but one of the things they talked about was basically being able to split storage and compute. So previously you had to add essentially a brick of storage and compute simultaneously. We've heard about these complaints for years in the conversion infrastructure space, it's obviously a problem in the software space as well. Now customers are able to add storage or compute in a granular fashion, and they're cozying up to Amazon doing S3 compatible store. >> Dave, I love that message that he put out there you said, "life is messy. "You can't try to control the chaos, "you want to be able to ride those waves of data "take advantage of them and not overly "make things rigid with structure." Because once you put things in place you're going to get new data or something else that's going to come along and your structure is going to be blown away. So when you need to search things you want to be able to look at them in that point in time but be able to ride those waves, flow with the data, live the way your data lives. That's definitely something that resonates in this community. Dave, something I've watching this space, as an infrastructure guy and watching the Cloud movement, there were a lot of reasons why traditional big data failed. I kind of never looked at Splunk like most of those other big data companies. Yes they had data, yes they're part of the movement of taking advantage of data, but they weren't, oh well we have this one tool that we're going to create to do it all, like some of the new players. They're playing with all the latest things. You want tentraflow, you want to do the A.I, the ML. Splunk is ready to take advantage of all of these new waves of technologies, and they've done a couple of acquisitions like VictorOps in the space that they keep growing and the goal is, you mentioned the revenue, but Splunk today has I think it's 16,000 customers. They have a short term goal of getting to 20,000 but with what they started talking about in the keynote today, Splunk Next, they really want to be able to do an order of magnitude of more customers and when you get great customer examples like Carnival Cruises. The CEO I thought, talked about the sea of data. Lots of good puns in the keynote there but mobile cities floating around and lots of data that they want to be able to get the customer experience and make sure the customer gets what they need and make sure that Carnival knows what they have to make sure that they're running better and optimizing their business too, so great example. Looking forward to talking to them on theCUBE. >> Well and they have many dozens, I think it's in last quarter, it was like 60 plus deals over a million dollars. They have many $10 million plus deals. That's an outcome of happy customers, it's not like they're trying to engineer those deals. I'm sure some of the sales guys would love to do that. But that's a metric that I think was popularized by the likes of Aneel Bhusri at Workday, certainly Frank Slootman at ServiceNow. It's one that Wall Street watches and Splunk it's an indicator. Splunk is doing some very very large deals that underscores the commitment that many customers are making to Splunk. Having said that, there are many more that are still smaller users of Splunk. There's a lot of upside here. And they're going into a serious TAM expansion that's something we're going to talk to Doug Merritt about. Making acquisitions of a company, VictorOps was their most recent acquisition sort of security orchestration and management. They're doing, the ecosystem is growing, they're doing bigger deals or partnerships with the likes of Accenture, Deloitte is here, EY. Accenture actually has a huge space at this event, and those are indicators. I want to go back to something you said earlier about the failure of big data. Certainly big data failed to live up to the hype in many ways. You didn't see a lot of wholesale replacement of traditional databases and EDWs. You did see a reduction in cost, that was the big deal. But clearly enterprise data warehouses and ETL, they're still a fundamental part of people's data strategies despite what Doug Merritt saying, hey, the data is messy and you've just got to let it flow, essentially what he's saying. There is still a need for structured data and mixing, sort of, interacting of structured and unstructured data. Bringing transaction data and systems of intelligence together, analytic data. But the one thing that big data did do and the Hadoop movement, it did a couple things: one is, architecturally it pushed data out and back in the day you had to get a big Unix box and stuff everything in there. It was your god box of data. And you had Oracle licenses and Sun Microsystems boxes and it was very expensive. And you had a couple of people who knew how to get the data out. So the goal of democratizing data, what it did is, it is messy. Data went out to the distributed nodes and now the edge. But it brought attention to the importance of data and the whole bromide of data driven companies. And so now we're in a position to make a new promise and that promise is A.I, machine learning, machine intelligence, which seems to be substantive. We talk a lot on theCUBE is this old wine, new bottle? And we had an event in New York last month and the consensus from a lot of practitioners and others in the room was: no there's something substantive, the data substrate is now in place. Now it's all about taking advantage of it. Tooling is still complex but emerging or evolving. And I think the cloud, to your point, is a huge part of that. By integrating data pipelines in the cloud it dramatically simplifies the deployment model and the complexity of managing big data. >> Yeah, Dave, as you said, there used to be these giant boxes and some of these initiatives I needed 18 months, you know, millions of dollars and a large time you either need to be a country or a multi-national company to be able to put this thing together. I remember one of the earliest case studies that David Floyer did when we were looking at big data it was how do I take that 18 month deployment and drive it down to more like a six week deployment, and when you talk about A.I, ML, and deep learning, the promise is that a business user should be able to get answers in a much much shorter window. So actionable on that data, being able to do things with it not just looking backwards but hear the team. So I want to be able to be proactive, I want to be able to be responsive. I want to even predict what my client is going to need and be ready for it. >> So as Doug Merritt said that digital and physical worlds they're coming together. They don't stop evolving. They're organic. Your data model has to be flexible. It's a sea of data. It's an ocean of data. It's not a confined data lake, as John Furrier and others like to say. And so I was happy to hear Doug Merritt talking about a sea. We use the term oceans because that's really what it is. And oceans are unpredictable, they're sometimes really harsh, they can sometimes be messy. But they're constantly evolving and so I think that kind of metaphor works in this world of Splunk. We've got two days here of coverage. A lot of customers coming on today, in fact, Splunk is one of those companies that puts many customers on theCUBE, which we love. We love to dig in to the case studies. We've got some ecosystem partners. Some of the big SIs are coming on and of course, we're going to hear from some of the product people at Splunk that go to market people. Doug Merritt will be on tomorrow. And a number of folks. I'm Dave Vellante, @DVellante on Twitter. He's @Stu. Stu Miniman. Keep it right there, buddy. We'll be back with our next guest right after this short break. You're watching day one from Splunk conf18 in Orlando. Be right back. (soft bouncy music)