 from the MGM Grand Hotel in Las Vegas. Extracting the signal from the noise. It's theCUBE covering splunk.com, 2015. Brought to you by Splunk. Now, here are your hosts, John Furrier and George. Okay, welcome back everyone. We are here live in Las Vegas for splunk.com for 2015. This is theCUBE, our flagship program. We go out to the events and expect to see the noise. Live coverage, two days. Join the conversation, crowdchat.net slash squonk.com. I'm John Furrier, the founder of Slip and Ends. I'm Joe, my co-host, George, Gilburn, Wikibon's big data analyst. Our next guest is Justin Brown, IT engineer, Pacific Northwest National Laboratory. Welcome to theCUBE. Thank you. So, we talked to all those splunk executives, but now we get to hear from you. You like the product, what's going on? What do you think of the announcements? Well, excited about some of the announcements. You know, getting that speed factor in 63 is going to be awesome for us. And then, we got the opportunity to play our ITSI a little bit early, and so excited to see some of the new features in that as well. Yeah, Kevin mentioned that. You guys were early on. What did you think of it? Was it early? Was it code baked out? Was it shipping, good software? And what was the net effect of the outcome of your tire kicking and use case? It sped up what we were already doing, really, because we had kind of had a custom build of an app to try to do exactly what ITSI was doing, and we had presented on a little bit of that in Seattle, and one of the splunk engineers said, hey, we got something to show you that I think you'll be interested in. So he got us involved in the program. We were able to test it out, and where we had previously taken a couple of months to build out that dashboard to kind of show our services, we replicated it in about a day in ITSI. So you can stand up pretty quickly. Yeah, and the maintenance will be a lot easier for us. How about the KPIs? Does this address some of your KPIs around your operations? I mean, what are the key, when does this solve your problem? Is it a silver bullet? Is it an aspirin? Is it a vitamin? Well, a lot of the stuff we had, as far as the KPIs, we had the data there, it was just the ease of pulling it into something that we could alert on or even view uptime and that kind of thing, get those reports for us. So it is certainly going to make a lot easier for us. So in terms of like management, monitoring, these are big areas that people are struggling with, because they now have a lot of disparate systems, hybrid cloud, a lot of different touch points, Internet of Things is not going to make things easier from a complexity standpoint. So how is the new solutions around the intelligence piece solve that? And what's the roadmap in your mind on where the dots connect? Well, for us, we've been kind of using Splunk as a platform to just gather all that stuff in, where before we had different systems, different groups of monitor, and we didn't have visibility into all of them, all groups didn't have that visibility to be able to put those things together. So our focus has been on getting that data in where we know what we're seeing, and then we can start building some KPIs on that data, and monitoring and alerting on those things, and then going forward, we can have that as our platform that we look at. Share a concrete example, before the ITSI software and after. What's the blaring benefit for you guys? Can you point, can you take us through an example? Really it's going to be around alerting on stuff that we care about, I think, because being able to build those notable events, to be able to combine KPIs where it was really complex to build those searches before, to say, okay, if we see this, this, and this, then we want it. So now we can just kind of, in a couple of clicks, say, yeah, and I want to know about it. And so being able to build that out and go deeper, because we had kind of a simple layer as far as our services, where it was that our network service or our web applications, but now we can go down even deeper and say, okay, this depends on this. So you're faster, you can move on things, put rules together, heuristics, around events that are going on. Yeah, not just faster building, but I think the maintenance going forward. Turn around. As things change and being able to make those changes quickly. Can you quantify the time before? Well, like I said before, it took us about two months to build what we were trying to do, and we turned it around in a day after we just turned it on and off. So two months to a day. That's not bad. That's looking good. I can sell that to the boss. It made me a little depressed that I spent those two months, but at the same time, going forward, it's going to be really awesome. You get a raise for that? No problem selling that up the chain, right? Right, sure. Seriously, I mean, management's like pretty solid on that. Yeah, I mean, it's a big drive right now for automation and monitoring to be able to say, we want to know about it before our customers do. And then if we can automate fixes for that and take that a step further, rather than have to call someone in the middle of the night. I know George wants to ask a question. George, hold on for a second. So IT ops is getting automated. That's all going to be all good. The benefits are, you know, time. People save time and money. Money is time is money, all that good stuff. But when does the shift go from there? What do you guys do from a time standpoint? Because now you've got creativity opened up into other areas. What, when does this shift your resources? What do you do with that extra time and creativity? Well, our goal is to get some of those menial tasks and things like that off. Because we have a very talented crew, you know. So, and a lot of times they have to spend so much of their time just doing the work. And if we can get some of that stuff off their plates, that frees them up to do the more innovative stuff and make changes that will benefit the lab as a whole. I mean, that's key. Good job. So, following on that. So you have more time, you know, if you collapse two months into, you know, perhaps a few days. Was the months it took to sort of instrument and monitor the things you were building. Now that that has collapsed so much, does that allow you to build systems far more sophisticated than you could before and essentially, you know, go down the maturity curve and in ways that, you know, weren't possible? I'd agree with that because we had reached kind of a limit to where it was going to get really complex with our queries and our alerts to go deeper. And so with this, we're going to be able to, you know, go down to the root level. You know, this service depends on these two servers and this connection and be able to see those very quickly where before, it was abstracted by several layers. So can you give us an example of an application where, say, before you were stuck at the hardware infrastructure layer, perhaps, and now you can do multi-cluster applications because you can look at services instead of hardware? Yeah, one of the things that we struggle with is like, okay, if this server goes down, what customers do I need to notify? Who's affected by this? And that's something we're going to be able to tie in really nicely with ITSI to say, okay, if this server goes down, it affects these things and be able to kick off those alerts accordingly. But can you do it now yet at the level of the service, you know, all the different microservices, like, you know, the little piece of Impala that's running on the Hadoop cluster, that sort of thing. You know, when you see all those pieces fit together, you can now stand up multi-cluster, you know, big data applications on Hadoop. Yeah, and I think we're going to be able to get there. We're not there yet, but in some of the features that I saw in 2.0 and being able to pull in, even without a CMDB pulling in a lot of those entities and stuff through searches and powering that, I think we're going to be able to get there. Okay. How will you guys bring you some operational efficiency, some of your business benefits, like obviously the energy thing, grids, having data? I mean, I can envision, I mean, I just don't know, just share some things that go on in your world that you're enabling. So when you have time savings and your Rockstar G gets to work on innovative things, what are those innovative things? What are some of the things that you guys do that are really, really cool that people might not be aware about that kind of gets enabled underneath the hood? Sure, sure. It's hard to think of a couple of examples because we're so new at this and we're so just now realizing the benefits of it, but we do have several initiatives that we pulled in this last year. So one of the things that we have every year is, and probably a lot of companies do, is locating your assets and making sure that we know where they're at and things like that. So using Splunk, we were able to see when they touched the network, see where they were located. And so there was so much time that was spent from not just IT people, but from administrative staff and things trying to run around and find these computers where we could eliminate, I think it was 70% of that need and take a process that took much longer and condense it down. Yeah, a common trend we see with IT ops that kind of get really good at the dev ops and then scaling up the ops is they get pulled closer to the business, you know what I'm saying? So usually you're like, you're always putting fires out. You're always kind of in the battle mode. And as you free up more time, the tech resources from developer to ops get pulled into the business conversations. Have you seen that yet? Have you seen that? Well, some of the benefits that we, that we're hopefully realizing, we won't be able to see an IT. The Pacific Northwest National Laboratory, they're all about research. They're all about, our mission statement is that we want to transform the world through courageous discovery and innovation. So our goal in IT is to give them the best services and best support and best IT infrastructure that we can so that enable that research mission. So the more we can take off their plates with just the meaningful past, then the more they're freed up to do that. I'm not a scientist. I don't know what kind of stuff they're able to do, but that's our goal. Well, you have to enable that. You create, shredding, remove friction. Exactly. One of the things that sort of science was the precursor to big data, and many of the researchers in computer science saw what was going on and energy and astronomy and things. What data sizes are, data set sizes are you looking at now? And what management changes are we gonna have to, by that I mean IT management changes, are we gonna have to embrace to handle that? I'm not privy to the research data because they keep that a little bit segregated, but just for our IT operations and support of all those, we're running about 450 gigabytes a day that we're capturing. And we're not completely there yet. We're still capturing data sources, but it is a pretty good mode. Any best practices that you would pass along to those who are not quite at your level of maturity? I think you need to begin with the end in mind. Too many times at the beginning, it was just, okay, give us all the data. And if you know exactly what you're looking for, if you have some of those key performance indicators in mind that you're driving towards, you can really help narrow down what you're looking for and get rid of some of the noise. So what does machine learning mean to your job? You guys look at machine learning at all, the impact of what Splunk has done with machine learning and how does it affect your job in the future? Well, we've seen some of the capabilities that are coming out and excited about those, but what we've tried to do is manually do some of those adaptive thresholds based on, we have our core hours, and one of the things that we struggle with is, okay, if something has trouble in the evenings, how do we, what's abnormal for the evenings versus for the day? And so that's going to be a big key area for us, I think, this next portion. Justin, thanks for sharing your insights here. For the folks that are watching, your peers, share with them your take on the IT service intelligence or ITSI, another acronym. I mean, we know ITSM, ITIL, all these are IT terms, but this is a new term. What does it mean? What's the early reviews look like? Share your color and what it means to folks. Well, for us, I think it's going to be the speed of setting those things up and being able to get some KPIs before that we weren't measuring or we didn't have the capability to measure. And so the faster that we can realize or even measure changes that are, we can head things off that haven't even happened yet, that's our goal is to rather than be reactive, I think it's going to allow us to be a lot more proactive. As Dave Vellante always says in the queue, five nines IT, really making a complete, bulletproof streamline, having the metrics so you can invest in the right area. Exactly, we have a lot of needs for reporting, for what's happened in the past year and things like that, but also for what's coming up, being able to trend that data, it's going to be nice. Justin Brown with Pacific Northwest National Laboratory, sharing his perspective on Splunk, but more importantly, the future of services intelligence and literally going from two months to a day. It's a game changer for sure, as Splunk was saying on stage. Thanks for sharing your news, it's theCUBE. Bringing you more insights, more data here live on the ground in Las Vegas. More live coverage from day one of Splunk.com. Let's be right back after this short break.