 Welcome back to theCubesCovered.com Splunk's annual conference virtual this year. I'm John Furrier, your host of theCUBE. As always, we're bringing the best stories and the best guests to you and the best guest today is the CEO of Splunk, Doug Merritt. Of course, top dog at Splunk. Great to see you. Thanks for coming on. Great to be seen. So nice that I can't believe it's, we had a whole year without seeing each other. I love this conference because it's kind of like a studio, taking over a full virtual studio, multiple sets of cubes here. You had the main stage, you got rooms upstairs, tons of virtual interactions, great numbers. Congratulations. Thank you. Thank you. We wanted this to be primarily live, or we are live, primarily on site. And we pivoted, I'm so proud of the marketing team, how quickly they pivoted and I love the environment they've created. I know next year we will be, we'll always have virtual now, we've all learned, but we'll be on site, which will be great. It's good to see kind of you guys telling the story. A lot more stories happening and, we've been covering Splunk since 2012 on theCUBE, I think longer than AWS, I think it was 2013, our first CUBE. Seeing Splunk emerge is, the trend has been, it's new, it's got value, and you operationalize it for customers, something new happens, you operationalize it for customers, and it just keeps on the Splunk way, the culture of innovation. It just seems now more than ever, you guys, we're involved in security early, 2015, I think that was the year we started kind of talking about it, your first year. And now it just feels like something bigger is right here in front of us. And people are trying to figure out, multi-cloud observability, we see that, what, that's a big growth wave coming. What's the wave that's happening? So the beauty of Splunk, and the kind of culture and how we were born, was we have this non-structured backbone, what I would call the investigative lake, where you just dump garbage into it, and then get value out of it, through the question asking, which means that you can traverse anywhere, because you're not taking a point of view on the data, it's usable all over the place. And that's how we went up in security, as we had the IT systems administrators pinging that thing with questions, and at that point in time, the cyber teams were almost always part of the IT teams, it's like, hey, can we ask questions of that thing? It's like, yeah, go ahead, and all of a sudden they got value, and then the product managers, and the app dev guys started asking questions, and so a lot of our proliferation has been because of the underlying backbone of Splunk, the ability for new people to come to the data and find value from the data. As you know, and as our users know, we have tried to stay very focused on a go-to-market basis on serving the technical triumvirate of the cyber teams, the infrastructure management IT ops teams, and the app dev and dev ops teams. And on a go-to-market basis, and the solutions we package, that is we're trying to stay super pure to that, that's $90 billion of total addressable market. We're super excited, it will be well over $3 billion in ARR this year, which is amazing, it was $300 million when I started seven years ago, so that 10X in seven years is great, but $3 billion and $90 billion, like we're all just getting going right now, with those core buying centers. The, we're on top of what Sean Bison and I was going to tell you about, hey, we've got to continue to focus on multi-cloud and edge is really important, machine learning is important, the lever that we've been focused on for a long time that we're continuing to gain better traction on is making sure that we've got the right data plane and application platform layer so that the rest of the world can participate in building high quality reusable and resellable applications, so that operationalization that we have done officially around cyber IT and DevOps, and unofficially on a one-off basis for marketing and supply chain and logistics and manufacturing, that those other use cases can be packaged, repeated, sold and supported by the people that really know those domains, because we're not manufacturing experts, we're honored that Porsche and BMW are using us to get operational insight onto their manufacturing floor, but they led that, we just were there as the technical splunk people to help bring that to life, but there are lots of firms out there that know manufacturing cold, process versus discreet, and they can create with these packages that are appropriate for automotive versus paint versus wineries versus, and that, I think the big accelerant over the next 10 years for Splunk, we've got to keep penetrating our core use cases, but it'll be allowing our ecosystem, and I'm so happy Theresa Carlson's here is just pounding a table of partners to take the other, probably 90% of the market that is not covered by our core market. Yeah, I think that's awesome, and first we'll get to the partner versus second, the rebranding of the ecosystem as it's growing, but you mentioned you didn't know manufacturing as an example where the value is being created, but it's interesting because you guys are enabling that value. Yes. They're adding value, because they know their apps and their experts. That's where the ecosystem is really going to shine, because if you can provide that enablement, this control plane, as you mentioned, that's going to feed the ecosystem. So the question I have for you is, as you guys have become essentially the de facto control plane for most companies, because we're using Splunk for a lot of other great reasons, now you have set them up that way, is the pattern to just keep building machine learning apps on top of it, or more querying? What's the customer next level trends that you're seeing? So the two core focus areas that we will stay on top of is enriching that data platform and ensure that we continue to provide better APIs and better interfaces so that when people want to build a really interesting automotive parts supply chain optimization app that they're able to do that. We've got the right APIs, we've got the right services, we've got the right separation between the application and the platform so they can get that done, and we'll continue to advance that platform so that there's monetization capabilities and there's advertising capabilities and other pieces that they can make their business. The other piece that we'll stay very focused on is within the cyber realm, within IT ops, within DevOps, ensuring that we're leveraging that platform, but baking ML and baking all the advanced edge and other capabilities into those solutions. Because the cyber teams, as we're, where you started with, hey, we really started reporting on cyber 2015, those guys have got such a hard job. And while there's lots of people pretending like they're gonna come in and serve them, it's the difficulty is there are hundreds of tools and technologies that the average CESA deals with, and the rate of innovation is not slowing down. And those vendors that have a vested interest in, I wanna maintain my footprint in firewalls, I wanna maintain it in the end point, I wanna maintain, it's really hard for them to say, you know what, there are 25 other categories of tools, and there's 500 vendors, you gotta play nicely with your competitors and know all those folks if you really wanna provide the ML, the detection, the remediation, the investigation capabilities, and that's where I'm really excited about the competition, the fake competition in many cases, because it's like, yeah, bring it on. I've got 2,000 engineers, all they do, all day long, is focus on the data layer and making sure that we're effective there. And I'm not diverting my engineers with any other tasks that I've got to, it's hard enough to do what we do in the day layer. So. Well, it's interesting, I just had some notes here. I had one data-driven innovation that we've been talking about since you've been here, and we've been talking about data-driven innovation, cybersecurity, you mentioned for many years. It's almost like the balance of, you gotta have tools, but you gotta have the platform. If you have too many tools and no platform, then there's a mix match here, and you get hung up with tools and there's blind spots. So you can't have blind spots, you can't have silos. This is what kind of everyone's pretty much agreeing on right now. It's not a debate, it's more of, okay, I got silos and I got blind spots. How do I solve that? The difficulty, and I touched a little bit of this on my keynote, of there are well over 16, and I was using 16 because DB engines categorizes 16 different database tools, but there's actually more if you go deeper. So there's 16 different categories of database tools. Think relational database, data warehouse, ledger databases, graph databases, et cetera. Over 16 categories, there's 350 vendors. That's not because we're all stupid in tech. Like a graph DB is different than a relational database, which is different than what we do with our schema less index. So there's those categories that many vendors because they're trying to solve different problems. Within the swim lane that you are in, which for us is this non-structured, high volume, difficult data to manage, now the problem is how do you create that non-broken, that end-to-end view, so you can handle your use cases effectively. And then the customer is still gonna deal with the fact that we're not a relational database engine company. We're not a data warehousing company. We're beginning to use graph DB capabilities within our solution sets. We're gonna lean on open source and the vendors can get that. Use the tool for the job you need, but I think what you're hitting on my like is this control plan idea. I want to get back to that because if you think about what the modern application developers want is, they want DevOps, and DevOps kind of want, infrastructure's code's there. If I'm a modern developer, I just want a code. I don't want to configure the data or the infrastructure. So the data value now is so much more important for the developer, whether that's policy-based innovation, and GitOps as some people call it, AIOps. These are big trends. This is fairly new in the sense of being mainstream. It's been around for a couple of years, but this time. How do you see the data being much more of a developer input? Yeah, people talk about DevOps as a new thing. When I was running all the HR products at PeopleSoft in 2004, we had a DevOps team. So that is, yeah, there's always been a group of people, whether it's Desney or not, that are kind of managing the manufacturing floor for your developers, making sure they got the right tools and the right databases. What's new is because of the ephemeral nature of cloud, that app dev work and DevOps, and everyone that surrounds those is now 100% data-driven. Because you have ephemeral services, they're popping up and popping down. And if you're not able to trap the data that each one of those services are emitting and do it on a real-time basis and a thorough, complete basis, you can't sample, then you are flying blind. And that's not going to work when you've got a critical code push for a feature your customer's demanding. If you don't get it out, your competitors are. You need to have assurance that you've done the right things and that the quality and the actual deployment actually works. And that's where what led us to observability three years ago is when we roughly started doing our string of acquisitions is we saw that transition from a stateful world where it was all transaction engine-driven. I've got to insert transaction engines into code, very different engineering problem to, I've got to grab data. And it's convoluted data, it's chaotic data, it's changing all the time. Well, geez, that sounds like it's flunked. And latency issues too, they got to be doing fast. I've got to do it literally in millisecond by millisecond. You've got, our bigger customers were honored because of how we operate Splunk to serve some of the biggest web properties in the globe. And they're dealing with hundreds of terabytes to petabytes of data per day that are traversing these pipes. And you've got to be able to extract metrics from that entire multi-petabyte or trace this entire multi-petabyte stream and you can't hope that you're guessing right by only extracting from portions of it because again, if you miss that data, you've missed it forever. So for us, that was a data problem, which is why we stepped in. And everything's a data problem these days. It's almost, it's the most fun to talk about if you love the problem statements that we're trying to solve. I want to get your reaction to something that you don't mind. I was talking to a CISO and a CIO. We were having a conversation kind of off camera at an event recently. And I said, what's the biggest challenge that you have? I was curious, I asked him. He said, actually it's personnel. People are mad at each other. Developers want to go faster because our CICD pipeline is DevOps. They're coding. They're having to wait for the security groups, in some cases, weeks and days when they could do it in minutes. They want to do it in the pipeline, shifting left as some call it. And IT's kind of getting in the way. So it's kind of like, it's not, they're not getting along very well. Meaning they're slowing things down. I can say something, they really said but they said they weren't getting along. What's your reaction to that? Because that seems to be a speed scale problem that's developer centric. Not organizational. I mean, you've got organizational challenges in being slowed down. So, while we all talk about this in virtual landscape and how exciting it's going to be, you do have diametrically opposed metrics. And you're never going to have, it's very difficult to get a single person to have the same allegiance to those diametrically averaged metrics as you want. So you've got checks and balances. And the reality of what the cyber teams need to be doing to ensure that you aren't just coding effective functions with the right delivery timeframe, but that's also secure, is I think going to make the security teams important forever. And the same thing, you can't just write sloppy code that consumes, that blows your AWS budget or GCP budget within the first week of deploying it because you've still got to run a responsible business. So there are different dimensions that we all have to deal with like quality time and feature functionality that different groups represent. So I believe a converged landscape is important. It's not that we're going to blow it up and one person's going to do it all. It's you've got to get those groups talking better and you've got to reduce the cycle times. Now what we believe it's blunt is with a common data plane, which is the backbone and then solutions built from that common data plane to serve those groups, you're lessening the lack of understanding and you're reducing the cycle time. So now I can look when I'm publishing the code if it's done properly, is it also secure? And the cyber teams can kind of be flying in saying, hey, wait, wait, wait, we just saw something in the data that says we're not quite ready. I'm sorry, I know you want to push, you can't push now. But there'll be a data driven conversation and not this, you shouldn't be waiting a week or two weeks, like we can't operate that scale and you've got to address people with fact and data and logic and that's what we're trying to get done. Yeah, and you guys have a good policy engine. You can put up that up into the pipeline. So awesome, that's great, great insight there. Thanks for sharing. Final question, looking back in your time since you've been CEO, the culture kind of hasn't changed at Splunk. It's still the have fun, hard charging, laid back a little bit in public company now and you still got to meet the numbers but you're growing, business is good but there's a lot more coming. There's a big wave coming. Talk about the Splunk culture. So the core elements of culture that I love that I think all of us agree don't want to change. One, we're curiosity driven culture. Our tool is an investigative tool. So I never want to lose, I think that thread of grit, determination, tenacity and curiosity is paramount in life. And I think literally what we push out represents that and I want our people to represent that. And I think the fun element is really the quirkiness of the fun. Like that is one of the things I love about Splunk. But we are a serious company and we are in the data plane of tens of thousands of organizations globally and what we do literally makes a difference on whether they're successful or not as organizations. We were talking about Walmart as an example and how one second latency can have a 10% drop off in fulfillment of transaction. For Walmart, that's like a billion dollars a week if you cannot get their system to perform at the level it needs to. So what we do matters and the change that we've been driving that I think is a great enhancement to the culture is as we are now tipping to the 50% cloud company, you have the opportunity to measure millisecond by millisecond, second by second, minute by minute, hour by hour and that's a different level of help that you get. You can literally see patterns happening over the course of minutes within customers and that's not something that we were born with. We were an on-prem solution. We had beautiful tools and it was the CIO's problem, the CISO's problem and their opportunity to get that feedback. Now we get that feedback. So we're trying to measure that quirkiness, the fun, the cool part about Splunk with we also have got to be very operationally disciplined because we carry a heavy responsibility set from our customers and we're in the middle of that as the world knows, like we're halfway through our transition to be a cloud-first company but I'm excited with the results I'm seeing so I think curiosity and tenacity go with that operational rigor. Like we should all be growth mindset oriented and very excited about, hey, can I improve? Like is there some information that I need that I'm not getting that will make me serve my customers better and that is the tone and tenor I want across all of Splunk of whether you're an HR or legal or engineering or sales or we serve customers and we've got to be so excited every day about getting better feedback and how to serve them better. Doug, thanks for coming on theCUBE and sharing that insight. I know you had to cancel your physical event. You guys pulled off an exceptionally strong virtual event here in person. Thanks for having theCUBE and thanks for coming on. Thank you for being here and I can't wait to do this in person in our next event. Doug Merritt, the CEO of Splunk here inside theCUBE. theCUBE coverage continues. Stay with us for more. We've got more interviews all the rest of the day. Stay with us. I'm John Furrier, your host. Thanks for watching.