Splunk CEO Doug Merritt updated the audience at the company’s .conf19 event on the company’s strategy, and unveiled some important new pricing changes that give customers a lot more choice.LAS VEGAS – “We’ve been working on data for decades, but the data age is just beginning,” Splunk CEO Doug Merritt announced in kicking off the tenth iteration of the company’s annual user conference, which this year is .conf19. “We are now introducing you to our expanded vision. This is the next chapter for Splunk. We are the ‘Data to Everything’ platform.”
Given that Merritt also highlighted Splunk’s new colours (pink and orange) and his new Splunk socks, it’s not a big stretch to view the ‘Data to Everything’ slogan as a marketing endeavor. However that would not be accurate, said Ammar Maraqa, SVP Business Operations & Strategy at Splunk, who emphasized that the new slogan reflects the attainment of a new stage in the strategy that Splunk has pursued over the last four years.
This strategy reflects Splunk’s evolution from an IT operations company that created a tool to ingest data and index things by time so techs could see precisely what had happened. At that point, their differentiation was their ability to structure data only when a question was asked, which allowed them to retain the raw logs. From there, they evolved naturally into security and related use cases.
“For the last three and half years, a couple things have characterized the evolution of our strategy,” Maraqa said. “We have tried to remove as many inhibitions around customers putting data into Splunk, making it easier to use, more scalable, and more flexible. We also fundamentally opened up the platform. It’s no longer just about the data that sits in Splunk, but about what we mean by the ‘data fabric’ – querying data regardless of where it sits.”
Splunk’s strategy has reached an inflection point, because while a year ago at the Splunk event in Orlando, they announced key products to execute their vision, this year, following extended betas, they are now announcing their general availability. This includes the Splunk Data Stream Processor and Splunk Data Fabric Search, which will be fully unveiled and demonstrated in the Wednesday morning keynote.
“It’s not a change in strategy, but this year, we have the proof points that we have been talking about over the past three years, Maraqa said. “This year we have the general availability of products which support that vision. It also reflects our evolution from a monolithic code base to embrace other technologies, including open source.”
Merritt stressed that this evolution is absolutely necessary.
“In this coming age, there will be only two types of companies – those that seize the opportunity to make things happen with data, and those who no longer exist.
“We help you act on your data,” he told the audience. “To do that, you need a system that investigates and performs analysis with awesome orchestration capability. The ‘Data to Everything’ platform has to handle every structure available. It has to deal with every data source, and unlock previously inaccessible value, across any number of systems without that data being in Splunk. It must be able to handle any time scale from milliseconds to months. We have the only solution that handles these data challenges.”
Merritt emphasized the importance of Splunk’s scalable Index, that lets questions by asked of any non- structured data source, and how three and a half years, ago, they determined that next wave of value would be searching streaming data, and also developed a highly differentiated federated search capability. He stressed the importance of their adding an orchestration and automation capability by adding SOAR vendor Phantom. And he tied this into their ongoing research on mobile and augmented reality, designed to provide value to all users regardless of how technical and data savvy they are.
Tim Tully, Splunk’s Chief Technology Officer, then fleshed the strategy out further, indicating that their innovation strategy has three prongs: build, buy, and invest.
Tully said that Splunk’s own building has three design properties – massive scalability in real time, indulgent design, and a focus on mobile. The new massively scalable elements, which he briefly touched on, include the Splunk Data Stream Processor and Splunk Fabric Search, which will be highlighted on Wednesday. The indulgent design emphasizes consumer-like visuals, and includes Splunk Mission Control, which is also being highlighted on Wednesday.
“Most enterprise software looks terrible,” Tully said. “We could have done better historically but are now kicking ass. Splunk Mission Control unifies our SIEM [Splunk Enterprise], UBA [User Behavior Analytics] and Phantom [SOAR] in a single pane of glass, with a consumer sense of design. It was built for the security user to be projected in a SOC on a big TV.”
The mobile element will bring Phantom and the SOC experience to mobile and to tablets.
To explain the Buy component of the strategy, Tully introduced Karthik Ray, and Spiros Xanthos, who headed up the two companies Splunk acquired in recent months, SignalFx and Omnition, and who have now both joined Splunk. Both acquisitions are monitoring companies, but provide next generation abilities that go beyond Splunk’s own legacy capabilities.
“You need Splunk Enterprise to do traditional monitoring, but for true cloud native monitoring, traditional tools won’t work well because the microservices involved are so complex,” Maraqa explained.
“We wanted to build the best observability product,” Ray told the audience. “Data collection was the easy part. The hard part was making sense of it quickly. We are all about increasing software release velocity with confidence. In this environment, making mistakes is okay – if you have monitoring that automates some form of remediation. We let you move fast without breaking things.”
Maraqa described Omnition as providing next-generation application performance management [APM].
“Traditional APM is all about data collection, but Omnition is best in class for distributed tracing,” he said. “We can now bring together logs, with our Splunk Enterprise SIEM, metrics with SignalFx, and distributed tracing, with Omnition. Bringing them together is an incredibly powerful combination. It’s where we think the market is headed.”
Tully then announced that Splunk has just concluded a deal to acquire Streamlio, an early stage startup that provides distributed messaging.
“It will let us build an even stronger real-time stream processing,” Tully said.
“Streamlio’s technology makes significant advances in streaming and distributed computing,” Maraqa said. “They are the founders of Apache Pulsar, and we wanted to grab their technical talent.”
Streamlio, like Omnition, is an open source company. While before Splunk began its latest stage of expansion four years ago, open source was rather marginal to its efforts, that is clearly no longer the case.
“Open source is important to Splunk,” Tuly stated.
The Invest component of the strategy saw the introduction last month of a $100 million Splunk Ventures Fund and a $50 million Splunk Ventures Social Impact fund. The first investment in the latter was also highlighted on stage. Zonehaven is a cloud-based analytics application designed to help communities improve evacuations and reduce wildfire risk with data, and their CEO and a firefighter involved in the work against California wildfires came onstage and explained how the technology helped humans contain the fires and put them out.
The Zonehaven investment is also significant because it is an example of the expanding use cases that the company stressed as central to their strategy going forward. These applications, like Zonehaven, will leverage the Splunk platform to solve their own specific problems.
Finally, Splunk announced three new pricing models, which will help to address new use cases and customer strategies.
“Pricing innovation is important, and we have released three new pricing options,” Merritt said. The current model – from a time before consumption-based metrics became sexy, is very volume oriented. It remains, but there are three new choices.
“We now have a Predictive Program, for those who have adopted a volume-based framework.” Merritt said. It gives more headroom than the old system however. Before, if you thought you needed a TB, you would buy a TB level. This option gives you flexible tier choices, with 1-2 TB at the bottom, and 2-5 TB above that.
The second new choice, Merritt said, is for those who want Infrastructure based metrics. This allows customers to buy on compute-based requirements, instead of by the amount of data that gets indexed. Its for ones used to infrastructure deals, and who are sophisticated about managing workloads and deploying compute.
“Finally, for those new to Splunk, we now have Rapid Adoption Packages for use cases, as opposed to data volume,” Merritt stated. These have a very low entry price, as little as $10,000 for an on-prem install.