Attending the recent Splunk .conf19, we sat down with Tim Tully, Splunk's CTO to discuss the evolution of Splunk's product line and where the future might lie.
iTWire: Could we start with some background on where Splunk has come from, and perhaps a little saga as to how we got to where we are.
Tim Tully: Yes so Splunk, started off as a product that collected and analysed logs, for mostly IT administrators. Who were collecting logs from server hosts and they want to be able to analyse and query the data to look for issues or events that were happening in the enterprise, and they could use it to monitor uptime and support KPIs and metrics around what's going on. And that that spread like wildfire because it was a fairly unique capability that was actually pretty hard to achieve.
Let's go back to circa 2006 or so, the goal of the founders was to create a Google for the enterprise that can search for logs, with some query language and so we pick up this language called SPL. The magic in the product was that it actually stores the data, it has the query layer and it has the UI, all in one - one binary, so it was super easy to deploy - it all just worked out of the box you didn't have to figure out how to connect everything together. Over time, as a group, our users started using for other stuff - for IT ops, they started to use it for security, and that's how we got into IT security. That was expanding fairly rapidly, we became, a Gartner Magic Quadrant leader in the security SIEM; fantastic success in both of those vertical markets, still the customers continue to buy the core platform. And then, Doug [Merritt] our CEO wanted to make a pretty massive movement into the cloud.
And so I came in and started to expand the R&D footprint, to start to bring more cloud SaaS DNA into the company - this is about 2017. At the same time, I knew that we had to go beyond just unstructured indexing of data, which is basically how Splunk works - it's an index. So I started really focusing on adding capabilities to the platform, like stream processing, like what you saw today with DSP [Data Stream Processor] or federated search that Splunk and talk about other things that are not Splunk. That was the main piece of the Data Fabric Search that you saw. And then at the same time we built a really massive cloud platform.
So we were trying to build a multi-tenant version of Splunk in the cloud using Kubernetes, Docker and so on. So you saw finally after years of R&D, the first two major applications that sit on top of that one was what we call Splunk Investigate which sits on top of the cloud option, the other with the new security product, Mission Control. Then along the way, we also knew that people's working styles and lifestyles are changing, and they wanted to be able to have access to data wherever they were. So you had to have a fairly major investment in mobile, and so we put about 50 engineers into the mobile team to really accelerate that and that's why you saw mobile throughout both days.
iTWire: But having done that, of course, and said, "dear engineer, I know you've at dinner, but here is a problem," you need to be able to make it very seamless which is what we saw in the keynote today.
Tim Tully: That's the key - the usability. So that's why you see so much effort around design as being part of that seamless experience and mobile device management has to be there, so you can onboard the users and so you have to really fill in all these gaps, and usability problems to really make it accessible. So that's where a lot of the last mile problems exist.
iTWire: So you have a very clear understanding of the workflow.
Tim Tully: Yes, we spend a lot of time with our users, watching them operate and we use a ton of it ourselves, so we could have a feedback with their...
iTWire: Well of course, and then that was mentioned again and in today's keynote that early group was saying that we are effectively customers of Splunk.
Tim Tully: So yeah, we use it all day long, we call it Splunk on Splunk.
iTWire: So, what are the current challenges. Firstly within Splunk, and then what you're seeing coming from customers.
Tim Tully: I think within Splunk it's how do you go through the rapid growth that we're going through right now. When I joined, just two years ago, we were about 2000 employees or so, now we're close to 5,500. The revenue's expanding rapidly, we're growing in the cloud really rapidly so the way that we build software is evolving and get the people off premise and in the cloud and one of the hybrids - you saw that piece as well. We want to be multi cloud now, also we've been exclusively in Amazon for quite some time, we're having to go beyond that because that's what our customers want.
The employee footprint, the geographic footprint, the product footprint, the revenue footprint, it's all just expanding so, so quickly, I talked yesterday about adding 40 sites just in the last two years or so. Finally got a presence in continental Europe which we haven't had and it picked up after the signal FX acquisition. So it's just that massive expansion and tomorrow you can imagine, I think we have a good hold of it but you know it's not simple.
Externally, a lot of people want to be Splunk, right. It just sells itself, and there's a lot of companies just run on Spike. I mean you'd be shocked, how many companies run the entire business using our product and so people want a piece of that. You have to stay ahead of your competition and I think that we've done that, especially with what we're doing in machine learning. I think our first machine learning is just totally novel, very powerful. Because we're moving into the stream, making it real time and self aware and self directed, whereas the traditional methods are to train a model, deploy it, make sure it works and training again, six months later, if you remember to. So that's why we like in the stream because you're constantly running back through this, always learning and, I think, I think we're really the only company that's really pushing it that way right now. You saw it twice today.
iTWire: In that vein I remember seeing a report where somebody had been training a neural network to distinguish foxes from wolves. And the authors said, I wonder what it's actually using as its detection method. And they finally worked out, if there was snow in the background, it was a wolf. If there was no snow, it was a fox.
Tim Tully: That's pretty naive, right?
iTWire: I know. Exactly. They let this thing loose, with a whole bunch of pictures.
Tim Tully: Yeah, I mean that's even if you can even explain how it was doing it. Even with a lot of deep learning you can't actually explain it.
iTWire: You can't get there, no!
Tim Tully: We're trying to do a couple things here. One is the real time self-learning, self-correcting, always-on, online real time learning. But the other is really about making it more accessible. It shouldn't be just you know the dude with a PhD who understands all the stuff really well he's the only guy that can do it. Everybody should be able to use it. That's why we put it into the DSP product it should just be something you can drag in and just wire it up and it just works. I think that that's when machine learning really becomes applicable is when you can use it for functional use cases.
iTWire: Absolutely. And by embedding in the stream, you're doing a lot to avoid any unconscious bias.
Tim Tully: Exactly. Yeah, that's it for sure. You hit it on the head.
iTWire: Well, I have a background in biometrics. So I'm very conscious of it.
Tim Tully: You took the words right out of my mouth. I think we're one of the only companies out there that's really pushing it that way. That's why it was so dominant today. I'm really proud of what we've done in machine learning because for quite some time, we were an analytics platform. Fire out a query, you get a result. But there's a lot more you can do with that - proud of what we do.
iTWire: So, when you see a customer implement an accounting solution on top of Splunk you know you've gone too far!
Tim Tully: [laughter] There's people who use it in that way. But that's sort of the power of the tool. A lot of people do that, I've seen it before. I've seen people use it for, business - they run the business on it - they look at revenue, and you can use it for a lot of stuff. But at the same time that's a bit challenging, because it's so powerful can do so many things sometimes we have a hard time explaining what it is.
iTWire: Yes, it took me a while to get my head around it... I actually borrowed one of your engineers yesterday afternoon on the show floor, and said "sit down with me, draw a picture of how the thing looks like and just a basic understanding of where the pieces are."
Tim Tully: I feel bad for the marketing teams at times because it's a hard thing to explain. Fortunately, people who get it, understand it well.
iTWire: And also, being new to Splunk was actually very good because not only did it give me a very simple structure, but it also exposed the places where all the magic happens.
Tim Tully: Yeah, the magic's all under the hood. The fact that it's all a self-contained package that just works out of the box. And that's why one of our tag lines used to be "It just works." Because when you try to do this using open source stuff you wind up kind of welding together all these exotic pieces and then you try to keep it stable and open source orgs is changing all the time. I see customers struggle with that, and then they give up, and then they buy our products. So, one place where that's happening is the DSP product. We built that product after quite some time - a couple of years of R&D and there's a lot of companies that have tried to build that and they've just thrown it out the window. But it just comes from having a lot of guys who come from the open source community, we're using a lot of open source, which is good...
iTWire: ...which may give you some problems with managing your licensing.
Tim Tully: I mean they're all Apache License for the most part.
iTWire: But it's when you start getting a variety of licenses… and some require you to push back [to the common repository] and some..
Tim Tully: ...We try to keep it simple... Docker, Kubernetes, all the big ones, we're not using anything esoteric.
iTWire: So you've talked around customer challenges. I'm not convinced I've heard an answer...
Tim Tully: The one you hear a lot is pricing. We're expensive.
iTWire: For what it is, it's going to have to be.
Tim Tully: Yes. For a really powerful system like this, you have to know, it costs this price; I appreciate that. But I think we're giving customers fantastic value and fantastic power, and we're providing more and more changes to our pricing program to move away from, ingress-based pricing which is more predictable for customers, but also we're moving to a paradigm where, some of the newer products are not priced based on data volume, they're priced on CPU usage. So, the DSP product is an example that it's not based on the number of bytes that flow through the stream, it's based on the number of CPUs in the cluster. So, if you use one byte, that's great. If you use ten billion bytes, it's fine too. So, we're attacking that problem. That's one challenge we hear. Another is they don't understand what it is, they know they want it, but they don't really understand it. That's sort of more of a, customer acquisition problem.
iTWire: Some techie has said to them, "you need Splunk," and that's as far as the conversation went.
Tim Tully: ...and they don't really understand what it is. But to me, those are the big ones. Some people wanted us to have more mobile, maybe before we did, but I think we've accelerated that, and that's...
iTWire: ...I think the mobile platform, the back end, had to be very strong before you could then go mobile…
Tim Tully: You hit the nail on the head. So, if you're curious, the way it worked. Historically was, we had mobile apps, but they required you to open up ports on the firewall, so that you could [allow access]. So we undid all that, we flipped it on its head. So we had to build all that out, make it scalable, you had to have public/private key encryption and all that. Now all the other products are leveraging it, and so the security product we talked about today leverages that functionality, along with the mobile apps. Customers really wanted mobile, and we brought it.
iTWire: So what keeps you up at night? "We're awake, when we should be sleeping. "
Tim Tully: I think I just have an overwhelming thirst, to keep moving the company along very very quickly. I want more and more AI in the stream as fast as we possibly can and I want more and more delivery to the big one, because I'm just so excited about what we're doing. It keeps me like think about all the possibilities and I will continue to beat our competition. All the [inaudible] of mobile, not so much the competition per se, because I try to really focus on what we can do and how to make customers happy. It's sort of like the Japanese I suppose. As long as you just stay focused on your customers... keep them excited. It's good to know about what competitors are doing but I try to escape that....
iTWire: So what industry sectors have surprised you with both of the level of take-up and unexpected directions they have taken?
Tim Tully: Oh wow, that's a good question. I mean we're, we're in pretty much every sector, you can think of. So, it's hard to say that there really any members...
iTWire: But if you sat back and thought about who your likely customers were going to be and all-of-a-sudden this sector came in that you thought, "hang on, who are you guys?"
Tim Tully: We're in, I think 91 of the Fortune 100 now, so it's hard to say we're really missing any big one. I think I would say rather than being surprised... I think there's some eCommerce customers, where they sell out clothes in five minutes - that sort of use case. There's a major customer that I can't mention, who sort of runs into that and they run into a lot of issues where their inventory runs out in two minutes and they use Splunk to monitor the business and the health of the servers and I think the eCommerce aspect, it's really interesting, because I was thinking of it more as like an infrastructure pipe, but the fact that they're using it to monitor sales traffic is pretty interesting. And I continue to be fairly surprise around how people use Splunk in the university system.
For example, I saw a school in Texas, using our augmented reality stuff in the classroom. Oh that's pretty cool. You know, we think of augmented reality as being mostly for like industrial stuff, or IoT or fulfillment centres and so on but they're using it in a security context in the classroom and I shared it with the team. The University of Connecticut is going to be using augmented reality the lab to look at look at plant experiments. They have a hydroponics lab. They're Splunking data from the lab, by using Arduinos or Raspberry Pi to send data into Splunk and the research scientists in the lab don't know how to use our query language or the UI, they don't want to carry a laptop around. So she used all the augmented reality stuff and she [simply] points the phone at these plants, and then all the statistics with the measurements come up on the phone, she just walks around in the morning... So it seemed there's those use cases popping up. It's amazing, people find use cases for everything... I guess that's the power...
iTWire: I had a long chat with the guys doing the IoT booth, because I worked for a long time delivering training for [an industrial control company]. Oddly, I proposed exactly that [the virtual reality projection of plant data onto devices on the plant floor]. to my employer at least 10 years ago.
Tim Tully: I was pretty surprised with the demand for VR, to be honest. Again, that's an example where our users take us. And you know it's exactly that story. I mentioned the customer that had something on the order of 10,000 things that they wanted to watch and so they had a dashboard for all of it, and they basically said hey we can't look at it on the desktop anymore because it's just too big, so they wanted this infinite canvas and they said, "how about virtual reality, do you do that?" I'm really not sure I want to allocate resources to that, and they wanted it, and now our users love it. It's a very immersive experience.
There's a really surprising use case that popped up out of it after we put it people's hands which was they use it to look at privacy, use cases. So imagine you're in a security operation centre. I have access privileges to a certain set of data, you don't have access to that data. When I'm wearing the headset I can be fully immersed in that data without worrying about people walking by or looking over my shoulder. And that's not something I had actually predicted I was pretty surprised, but they want that sort of infinite canvas. It was interesting. So, we can do pretty amazing things with... that was one engineer that worked on that whole VR system.
iTWire: I can see with what you're doing, you're going to do a lot of damage to the MES [Manufacturing Execution Systems] sector. And then Historians and all that... which is a big line of business for many industrial automation vendors.
Tim Tully: yeah me again it goes back to just listen your customers and use cases. We build the best part of what they ask about, and then try to wow them along the way.
iTWire: We all know that data continues to expand - where's the main growth coming from? What I'm trying to ask is, what's the next big thing, because certainly video usage is expanding both in quality and quantity. I mean, we know that YouTube's just getting crazy. But what's next, is there a next?
Tim Tully: Yes. I think the expansion, mostly just comes from the pervasiveness of mobile video and apps, there's a lot of data that's generated by that and also just the way that people build applications is evolving. The fact that people are moving off microservice based architectures means there's many more services that, as part of a transaction, generate a ton more data. You take that and you multiply it by the cost-product of the number of devices out there you just wind up with this massive influx of data.
In terms of what's next. I think it's just going to be about continued IoT - get more devices on the network talking to each other, generate more data, the more communication there is, the more logging that's going to happen. The more you want to collect those transactions... More and more devices are going to come online, you're going to have more and more self-whatever - self-driving cars autonomous-this autonomous-that, it's all going to create a ton of data that you want to collect in the back-end, the machine learning loop and that's really the main growth factor.
iTWire: We have all this social media, whether it's Facebook or Twitter or whatever else and that market is broadly saturated I can't imagine that there's much more to do - you're going to tinker at the edges but there's no major new inventions as far as I can see, so I'm kind of wondering where does society go next?
Tim Tully: We're thinking about that as well. And I'm trying to think about, not only in terms of how you use and consume data but also how you collect it. So I'm spending a lot of time in the background thinking about, what's the next generation we'd actually pull out data, especially on the edge. So we're starting to increasingly think about hardware based ways to do that, that are super super cheap. And hopefully we'll be able to talk about that soon.
iTWire: Are you going to be embedding data collection devices in every 5G tower?
Tim Tully: I can't talk about it... but, I would just say that what we're looking for really cheap accessible ways to deploy devices at the edge to help customers collect more data that they want. Keeping it really economical is the key there to make the collection viable. but I think you hit the nail on the head - the 5G piece is a parallel, literally an interesting story.
iTWire: With regard to 5G. The meteorologists in the world, both love 5G and hate it. They hate it because it's going to affect satellite detection of rain - because the frequencies are very, very similar. But, they love it because the plan is to put signal strength detectors everywhere - the 5G signal has a predictable attenuation due to rain. So they will be able to start measuring rainfall to the house.
Tim Tully: That's awesome. Imagine like that level of granularity data collection. That's what I'm after. Yeah, and you hit the nail on the head. You stole my thunder!
iTWire: But the fact that these are just signal strength leaders they're not even go to impact the network, other than sending data back.
Tim Tully: There's that collection piece of it but also, we spend a lot of time talking about DSP today. Imagine if I could extend that DSP paradigm, beyond a cluster that you hear about us being within a Co-Lo, to having that stream processing pipeline also be out on the network somewhere right at the edge. So you could have the pipeline, connecting all the way from that small device we're talking about that sits on 5G pumping data into this room. It's all part of the same pipeline. That's where it all begins to come together. But yeah, you stole my thunder there.
iTWire: I was talking to Haiyan Song a couple days ago, and we approached a topic you and I talked about a little bit earlier. I said that as we're moving forward, we're taking a jigsaw view of applications, such that, you've got the big picture of everything you want to achieve and you decide well that unit there, it's not really doing what I want. I can pull it out, replace it with something better, and not impact everything else, and that then allows me to speed up my audit process. It allows me to leave everything alone and only and only work with what I need to get. And I think that that's what the future of computing is - in terms of public computing.
Tim Tully: Yeah, I totally agree. And that's why you need things like the observability suite that we talked about, because all of those little components talking to each other, and you need to be able to figure out which ones slow and where the bottleneck is and that's what all that Signal FX stuff is about really, because that's how people are moving applications these days. And I think we're ahead of the curve on that.
iTWire: That comes back to your comment about everything is generating data all the time... and the more you do that structure, the more they're going to be very chatty.
Tim Tully: Definitely. I think we're thinking about the same things.
iTWire: That's all I wanted to cover with you. So, thank you for your time.
Tim Tully: You're validating for me! I think you might be the first guy I talked to that actually thinking about this stuff. So thank you too.
The author attended .conf19 as a guest of Splunk.