>> Announcer: Live from Washington D.C., it's the Cube. Covering .conf2017. Brought to you by Splunk. >> Welcome back, here on the Cube along with Dave Vellante, I am John Walls. We're live at .conf2017, as Splunk continues with day two of its get together here the nation's capital, Washington D.C. Home game for me, I love it. Dave's up the road in Boston, so, hey, you had to hit the road a little bit, but not as bad as it can be sometimes for you. >> No, I'll take D.C. over Vegas. Sorry, Vegas. >> Yeah, but you travel a lot, man, you do, you're on the road. Chris Kurtz travels a lot, too. He's come with us from Arizona State University, he's a systems architect out there. Chris, always good to see you, we had a chance to visit last year for the first time. >> Yep. >> A member of the Splunk trust. And a gentleman with quite a diverse background, I mean. You supported Mars missions. As far as the... >> The Spirit and Opportunity. >> Facilitated out in Phoenix. Working now, as you said, at Arizona State, but also the Trust. Let's talk about that a little bit, because there was some conversation yesterday from the keynote stage about expanding that group? >> Absolutely. >> Adding 14 new members. And for a lot of people at home, who might not be familiar with the Splunk trust, talk about the concept and how you put it into practice. >> Absolutely, so, the Splunk trust is the organization that Splunk set up as a community leader, as a community activist. Our, kind of, watch word is, is that, "We're not the smartest people in the room, "but we'll be the most helpful." and, so, our purpose is... >> John: I'm not sure about that first part, too, by the way. >> Thank you, very much. >> John: I think you're short-changing yourself. >> So, our organization preface is we act as members of the community to help direct community people who have issues and help them externally, but also, to help Splunk and what direction they should go. "Hey, we see this pain point from a lot of the customers, "this is something that maybe Splunk should concentrate on." We're often given access to betas or even earlier, or, you know, even potential products. It's, "How should we build this, is this something that "you would use? "Is this something that you would like?" Table data sets was a feature that I worked on for a year, that was released last year. You know, "Is this something that you would use, "is this something that you would want?" and, sometimes, you know, users fall through the cracks in the support system and they don't know how to get support help, or they don't know where to get directed, and we can volunteer and say, you know, "Show them where the Splunk answers group is very powerful." There's an app for that, we can show them Splunkbase and help them when those things fall through the cracks. So, we provide community enrichment and support, but we're not an official representative of Splunk, even though we're appointed by Splunk on a year-to-year basis. >> John: There aren't that many of ya, right? >> Well, there's a couple, 42 this time. And, you serve for a year and it can be renewed each year, you reapply. Or you can be volunteered, you know, somebody else can... >> Nominate you. >> Can nominate for us. And there's no guarantee. We, the members of the trust vote and then that goes to Splunk and Splunk makes the final decision. Some companies allow that, some don't, it depends. ASU is very generous and let's me participate and give them my time to the organization. >> And I said ASU, Arizona State University. >> That's what I was thinking. >> I never fully introduced that, I'm sorry. >> What do you have to do to qualify and what's the hurdle? >> So, be the most helpful person in the room, that's what you need to do to qualify. So you need to be a part... You can't work for Splunk, you have to be a partner or a customer, and you need to give to the community in some way. So, you need to give back to the community. You participate on Answers, which is the online, kind of, self-support forum. You need to speak in the community, maybe run a user group, a lot of us do run the user groups. I run the user group in Arizona. And, you need to be respected amongst the community and, people go, you know, "I want to go to them, "they'll help me or at least get me to the right person." >> Is it predominantly or exclusively technical practitioners, or not necessarily? >> This year, they divided us in to, kind of, organizational units, so there's architects, and practitioner, and developer. So, we're all technical, but, this year we're going to have the ability to focus a little more on a specific area. You know, "What do you do for a living, "what do you do with Splunk? "Do you architect with Splunk internally, "do you just provide Splunk practice? "Are you a Splunk developer that makes apps? "How do you use Splunk on a daily basis?" And, again, there are partners as well. So, Aplura and Defense Point, I think, are both tied with four members a piece. So that's one of those things that, you know, they're going out to individual customers and helping them everyday. >> So, it's really taking this notion of a customer advisory board to a whole another level. I mean, it's not a passive, you know, group of people that, maybe, meets once a year. >> Right. >> It's an ongoing, active, organic institution essentially. >> Absolutely, we have quarterly meetings online and at those meetings a different Splunk, sometimes executives, sometimes product managers or engineering managers, you know, come and speak to us. And it can be anything from, "Hey, we're developing this "internal product and are we interested, you know, "is that useful to you?" Or, "What enhancements do you feel the product need?" Or, you know, "This is a new feature we're working on "to look and feel." I was consulted about the conf logo. "Hey, Chris, you're an average customer, "which of these four logos do you think really, you know, "kind of helps set the mood?" And, you know, did they take my advice? Does it really matter, no, but they were willing to just... I'm not associated, I'm not in the bowels of the company. >> So this isn't your logo over here? >> That is actually the one that I chose. >> Oh, excellent, I would assume so, right. >> Who organizes the quarterly meetings? >> So, the quarterly meetings are organized by Splunk in the community. There's a community group that's underneath Brian Goldfarb, who's the Chief Marketing Officer. So, he organizes the quarterly meetings. He gets to herd all the cats, because we're all across the world. You know, you have to figure out a time zone, you have to figure out where, you have to figure out when. But, most of the time, there's some suggestions. "Hey, you know, the engineering manager "for section x would like to speak." But, sometimes it's like, "Yeah, we would like to talk "to the person in charge of Search Head Clustering," for example. "We see some pain points in the community," or something like that, so, it's wide-ranging. But, you know, we're not just a group to rubber stamp anything that Splunk does, but we're also not a group to just sit there and complain about things we don't like. It's really very much a give and take. Splunk is generous and open enough to give us that access, and we take that very seriously. To be able to help guide Splunk in making their product the best it can be. It's an amazing product, I'm an evangelist, have been since I started using it. But, also, to help the customers. If the customers are having a pain point, we're probably going to hear about that first. >> Dave: When did you start using? >> I've been using Splunk for about five years. And when I started using Splunk at ASU, it had been a 50GB license and they'd just bought another 100GB, and it needed re-working, it needed architecting. So, when I came in, our chief information security officer and our VP for operations are the ones who directed me. And I said, "What do you want to grow for?" And they said, "Architect it for a terabyte, "assume it's going to take us several years to get there." So, I rebuilt the current environment and we architected it for a terabyte and here we are, four-and-a-half, five years later, we're at a terabyte. And, we're still growing and we're looking at Cloud, you know, we're looking at other use-cases. I think the biggest ship for us is that, we talked about this briefly last year, is that I work for John Rome, who's the Deputy CIO for Arizona State, and he's in charge of business intelligence and analytics. So, it is an enterprise application for data at ASU. It is not part of the security office, it's not part of operations, it's not part of depth. Those are all customers. And, so, internally those are customers and I think that's an amazing opportunity to say that, "Those are customers of mine." So, I'm not beholden to, you know, building the system so it's only useful for security, or building it so it's only useful for operations. They're my customers, and we avoid any appearance of, "Oh, I don't want to put my data in a security product. "I don't want to put my data in an operations product." Nobody questions putting their data in the data warehouse, that's the appropriate place for the data to go. So, that's the beauty of the system that we've developed, is they're both customers of mine. >> All right, so let's talk about your work at Arizona State, little bit. I don't know the size now, I'm trying to think of it, a huge... >> Chris: We're the largest single university in the United States. >> Probably what, 60,000-70,000? >> Total enrollment 104-110,000. A lot of that's online, I think we have about 78,000 or more at the main campus. But, we're the single largest university in the U.S. There are groups like the University of California that's larger overall, but not single institution. >> So, you know... >> Massive. >> Big project, yeah. Where are you now, then? What have you been using Splunk for that maybe you weren't last year when you and I had a chance to visit? >> Yeah, so, we started using it as a security product. It was brought in to make security more agile in getting that information from the operations and the networking groups, firewalls was the first thing we were brought in for. Now, we're starting to look at other use-cases, we're starting to look at edge cases. "Are we using it for academic integrity?" So, the very beginning so that we're looking at, "If a student is taking a test, are they the person "taking the test?" We're looking at it to make sure the students' accounts are safe and not compromised. We're looking at rolling out multi-factor to the university and being able to protect that. And, we're taking a lot of those functions and pushing them down to our help desk, so the help desk has all of the tools they need to be able to support the student and take care of their issue on the first call. That's really important, we have an amazing help desk organization, amazing care organization. And that's the goal is, it doesn't matter how long the call takes, you do that on the first call. And Splunk is a key portion of that to be able to provide them with the right information. And they don't have to go and try to get somebody from network engineering just to solve the student problem, they can see what the problem is from the beginning. >> Academic integrity, explain that. >> Yeah, so, you know, I don't think that there's any student who doesn't want to do their own work and do the best possible thing they can. But, sometimes, students get in a position where they need some help and, maybe, that isn't always exactly what they should do. So, you need to make sure that the student is taking the test that they're signed up for, that they didn't have any assistance, especially in online classes. We need to keep our degree important and valid, and, obviously, none of our students want to, but occasionally you find somebody who hasn't done exactly what they're supposed to. And we need to be able to validate that. So, we need to be able to validate that someone did what they said they did or did the work that they said they did. It's just like, nobody wants to plagiarize, but, occasionally it does happen and we need to protect ourselves and protect the students. >> And you can do that with data? >> We can absolutely do. >> You can ensure that integrity, how? Explain that a little bit. >> A little bit, yeah. So, we look at where the student logs in from. If the login routinely from Tempe, Arizona and then, suddenly there's a login from someplace else. Oftentimes, that has nothing to do with academic integrity, that has to do with there is an account compromise. We need to protect the students' personal information, both HIPAA and FIRPA. We need to protect their privacy information, just generally available PII. So we look at when they logged in, where they logged in, how they logged in. Did the how-to factor worked? I think academic integrity is really a much smaller portion of that, I think the more thing is we need to protect those students. So, we look at how they logged in, when they logged in, what type of machine they logged in from. I mean, if you're using a Surface and you've been using a Surface to login for months and then, all of a sudden, you login from an iPhone, you might have gotten a new iPhone, but, you know, you might not have. So, we put all those pieces of information, all those launch together to build a case that, "Do we need to reset this user's password for safety?" >> But I think academic integrity's important from the brand as well, because the consumers of your students, the employers out there, they may be leery of online courses. So, to the extent that you can say, "Hey, we've got this covered, we actually can ensure "that academic integrity through data." That enhances the value of the degree and the ASU brand, right? >> Absolutely, we don't think that any student wants to do anything that they're not supposed to. It does happen, you know. >> But even if it's one, right, or even if it's the perception of the employer that it can happen? >> John: The possibility. >> Yeah, and I think that's a really good point, is that we need to protect that brand and we need to protect the students. I think protecting students is the number one thing, protecting employees is the number one thing. Everything else falls from that. >> Okay, what about other student behaviors? I mean, you're sort of trafficking around campus, maybe, food consumption, dorm living, I mean, all these kinds of things that with sensors or, what have you, you could extract reams of data? >> We're doing a lot of that. We're partnering with Amazon to look at the Amazon Echo and using them in dorms to provide them voice interface. "Echo, where is my next class?" Or, "What time does the Memorial Union open?" Or, "How late can I get a pizza," and that type of thing. We want to build an environment that's not only fun for the students, but very powerful, and uses the latest technology. >> Pricing, I want to talk pricing, all right? I dig for the one little wart in Splunk and it's hard to find. But, I've heard some chirping about pricing because pricing is a function of the volume of data. The data curve is growing, it's reshaping. What are your thoughts? What do you tell Splunk about pricing? >> So, a lot of people say, "Man, Splunk is expensive." And, I don't think Splunk is expensive. Once you've achieved a volume, it's got a good pricing structure. I think that anything that Splunk tries to do to change the pricing model is a bad direction. >> Dave: So you like it the way it is? >> I like it the way it is. I believe that we've made an investment in a perpetual-licensed product and I certainly don't think that what we're spending on it, for a maintenance year is a bad thing. And i think that we get a good value for the product. And we're going to continue to use it for years to come. >> I've always felt, like, "Your price is too high," has never been a deal-breaker for software companies. They've generally navigated through that criticism. And it's been, you know, ultimately an indicator of success more than anything else. But, your point is if the values there, you pay for it. Are you able to find ways to save money using Splunk that essentially pay for that premium? >> Absolutely, so one of the very first things we did with Splunk, is we looked at our employee direct deposit, we talked about this briefly last year. We looked at employee direct deposit and we were being targeted by a Malaysian hacking group who was using phishing emails to phish credentials from us. You know, you send an email that looks very much like a university login and says, "You need to login "and change your password or you're not going to be able "to work in an hour." A lot of employees, especially employees in areas that aren't high tech, you know, in the psychology department, they may fill-in that information and then the hackers login and change their direct deposit. And then the university ends up paying the employee again and eating those costs. Our original use-case was on-the-fly, we saved $30,000 in a single payroll run. Pretty easy to pay for Splunk when you do that. And so, that was our very original use-case. And that came from just looking at the data. "Is this useful, where are these people logging in from?" There's a change, you know, and I think that that's very important. The thing I love about Splunk is, because it's schema on demand, because there's no hard schema, and that it's use-case on demand. Is that, every single good use-case in the very beginning was standing around the water cooler, having a drink and saying, "I wonder if combine data set A, "we combine data set B, we come up with something that "nobody was asking about." And now when we something that we can help fix, we can help grow, we can make more efficient. To the question of how you deal with all that data is, you tune, you decide what data is important, you decide what data is unimportant, you clean up the logs that you don't care about. And we spent a year, we didn't buy Splunk for one year, we didn't buy a new license, or didn't buy an expansion license, because we took a year to compact and say, "Okay, all the data we're getting "from this firewall, is that all necessary, "is there anything redundant?" "Does it have redundant dates, does it have redundant "time stamps, et cetera." >> Right. >> And I pulled that information out and that just gave us a little bit of breathing room, and then we're going to turn around and take another chunk. >> Help. >> No schema on right sounds icky but it's profound. >> You mentioned the word, help, again, big word, key word. Chris Kurtz, one of the most helpful guys in the community of the Splunk. >> Thank you very much. >> Thanks for being with us, Chris Kurtz. Back with more, Dave and I are going to take a short break, about a half-hour, we'll continue our coverage here live at .conf2017. (upbeat music)