Splunk is well-known, and even beloved, to many an enterprise IT team. Its heritage of rapidly ingesting unstructured data from a vast range of devices and applications, then providing fast insights and deep dives into all the information, has made it a leader in IT operations and security.
Splunk began life in 2004 when its founders envisioned a Google-like search for the enterprise, allowing IT teams to ask any question, limited only by their imagination, drawing on all the data available from any server, network device, application or other items.
Fast forward to 2020 and while the heart of Splunk remains fixated on this simple premise and aiding organisations in having data as the basis behind all decisions. At the same time, the product has advanced significantly.
"The feature I'm most excited about is stream processing,” Merritt told iTWire. This is no insignificant feat; Splunk’s reputation for the speed at which it ingested new data was predicated on the idea you can dump anything into the Splunk index without spending any time curating it. Unlike a typical relational database, say, where you must transform your incoming data into the right format Splunk was happy to take your data as it came. Internally the product created a “garbage lake”, as it is known, and then devised semantic meaning as users ploughed through the data with Splunk’s Search Processing Language, or SPL.
Stream processing is a whole different ball game where you draw value out of the incoming data stream. It’s become a necessity with the massively increased volume of real-time data today’s APIs and IoT interfaces generate. Stream processing means Splunk can provide real-time alerts and actionable insights on threats and other items as it happens. For Splunk to apply meaning and structure to data during ingestion, while maintaining the speed for which it is well-known, is a serious engineering feat. Under the hood, it’s still loading the raw, unmanaged data into the index but is simultaneously dipping into the stream to draw out value as it happens.
Acquisitions and growth
Meanwhile, Splunk has continued its acquisition journey after its high profile purchases of Phantom Cyber Corporation and VictorOps in 2018, including SignalFx and Omnition in 2019 and now Plumbr and Rigor in October 2020. These products were “a string of pearls to help foster our credibility,” Merritt explained, augmenting features and capabilities for cybersecurity, IT operations and application observability. These latter two specifically related to application performance management and enriching the existing observability suites.
With these acquisitions Splunk has greatly expanded its end-to-end capacity for IT and security teams to pre-empt potential problems and to otherwise observe precisely what is happening within an application or infrastructure issue, to set up virtual “war rooms” and bring in the right people and data while bringing a situation to resolution.
Even so, ultimately Splunk has remained focused on high-volume data where time is the most significant equation - “and it is ill-mannered and difficult to see into,” Merritt notes. This is different from conventional analytic products that centre around a data warehouse. Yet, even so, Splunk’s advances in structured data have opened more doors in the business arena. “There are customer IDs, part numbers, and a bunch of interesting information that lets you bring more real-time sense to HR, Finance and Manufacturing,” Merritt said.
“I do envision a day Splunk is playing a part driving those decisions,” he told iTWire.
There's no doubt Splunk is moving ahead at a fast and focused pace, remaining true to its roots while greatly expanding its range and offerings. This doesn’t happen in a vacuum. “My favourite part of Splunk is the people and culture,” Merritt said. “I’m proud of them all, all the team want to work hard, get their hands dirty, really empathise with customers and put them front and centre. Everyone works hard with humility, and I want us to continue that.”
The COVID-19 pandemic hasn't been easy on anyone, but Splunk steered its way with the aid of three corporate priorities the company devised over five years ago to assist anyone in the company with a conflicted decision, Merritt explained. These are:
- Customer success
- World-class products and services
- Attracting and retaining the world's top talent
"We really used those over the past few months,” he said. “We tried to retain the world's top talent as front and centre. We’ve been very flexible on delayed payments and extending contracts because so many companies are going through so much hardship. When you are tested you lean in and people remember. The empathy quotient is high in the company, reflecting on life every single day.”
"2020 has been more stressful this year than others with kids at home and parents we are worried about, and loved ones dislocated. We rotated everything in the company to provide support for our employee base, tripling down on health and mental wellbeing benefits and giving significant time off to the company as a whole. We had days where nobody except mission-critical staff worked so we could refresh, we gave everyone a 30-day window to take off with no explanation required and we gave everyone November 4th off to have their voice heard in the US election. We continued to lean in on employee resource groups. We maintained a lot of focus on how we keep a high bar on expectations, and we still expected people to show up and serve customers, but we knew everyone was dealing with a lot.”
With 2020 almost behind us, the most important message Merritt wants to communicate for the future is Splunk’s cloud-first direction. “When I interviewed for the CEO role 5.5 years ago I promised the board I was going to blow up everything in this company, and it could have gone wrong,” Merritt said. “It was a super successful on-premises one-product company. With cloud there’s a whole load of services, they’re elastic, not stateful, and it’s about earning your customer’s business every single day. You need to de-construct and construct to be a cloud-first company and this brings risk but also the opportunity to think differently about our company.”
Typically a board may vote for such radical change only when they are at an all-time low but in Merritt’s case, the board saw his vision and voted for it when they were doing well. And now “over 50% of total bookings are cloud,” Merrit said. “It’s a changed metric. Invoicing is over time, not up-front. Cash flow and revenue got whacked. Everyone had to carry an extra load.”
“You don't just say we'll be cloud-first. We're re-writing the SPL language, re-thinking how indexing works and leaning into observability as a brand new category.”
As to Australia - "it's a great market," Merritt said. “Simon Eid is one of Australia’s most innovative tech leaders out there.”
With pandemic-mandated travel lockdowns, Merrit said, “I miss being in Sydney, Brisbane and Melbourne. Australia’s an amazing country.”