 From New York, it's theCUBE. Covering Big Data New York City 2016. Brought to you by headline sponsors, Cisco, IBM, NVIDIA, and our ecosystem sponsors. Now, here are your hosts, Dave Vellante and George Gilbert. Welcome back to New York City, everybody. This is theCUBE, the worldwide leader in live tech coverage. And we've been going wall to wall since Monday here at Strata Plus, a dupe world. Big Data NYC is our show, within the show. Omar Triman is here, he's the CEO of Rokana, CUBE alum, good to see you again. Yeah, you too, it's great to be here again. What's the deal with this shirt? It says your boss is useless. What are you talking about? So if I wasn't all mic'd up, I'd get up and show you, but you can see kind of in the faint print that it's not talking about how your boss is useless, right, it's talking about how you make better use of data and what your boss's expectations are. The point we're trying to get across is that context matters. If you're looking at a small fraction of the information, then you're not gonna get the full picture, you're not gonna understand what's actually going on. You have to look at everything, you have no choice today. So Rokana has some kind of ambitious plans to enter this market, generally referred to, I guess, is IT operations, if I can call it that. Why does the world need another play on IT operations? In IT operations, if you look at the current state of IT operations in general, and specifically people think of this largely first as monitoring, is I've got a bunch of systems, I can't keep track of everything, so I'm gonna pick and choose what I pay attention to. I'm gonna look at data selectively, I'm only gonna keep it for as long as I can afford to keep it, and I'm not gonna pay attention to the stuff that's outside that hasn't caused problems yet. The problem is the yet, right? You all have seen sort of the Delta outages, the Southwest issues, the Neiman Marcus website, right? There's plenty of examples of where someone just wasn't looking at information, no one was paying attention to it or collecting it, and they got blindsided. And in today's pace of business, where everything is digital, everyone's interacting with the machines directly, everything's gotta be up all the time. Or at least you have to know that something is gonna skew and fix it quickly. And so our take is what we call total operational visibility. You gotta pay attention to everything all the time, and that's easier said than done, so. Well, because it requires, you gotta pay attention to all the data, although this reminds me of Abhi Metta in 2010 said sampling is dead, right? You would agree. Abhi's right, Abhi's right. And so it's much more than that, of course, right? Sampling is dead. You wanna look at all the details all the time. You wanna look at it from all sources. You wanna keep enough history. So if you're the CIO of a retailer, your CEO says, are we ready for Cyber Monday? Can you take a look at last year's sort of lead up and this year's? And the CEO's gonna look back at it and say, I have seven days of data. What are you talking about last year, right? You have to keep it for as long as you need to to address business issues. But collecting the data, that's step one, right? I think that's where people struggle today, but they don't realize that you can't just collect it all and give someone a search box or say, go build your charts. Companies don't have data scientists to throw at these problems. You actually have to have the analytics built in. Things that are purpose built for data center and IT operations, the machine learning models, the built-in cubes, the built-in views, visualizations that just work out of the box and show you billions of events a day the way you need to look at that information. That's pre-built, that comes out of the box. That's also a key differentiator. Would it be fair to say that Hadoop historically has been this repository for all sorts of data, and but it was a tool set and that Splunk was the anti-Hadoop sort of, out of the box it was an application that had some, it collected certain types of data and it had views sort of out of the box for that data. Sounds like you're trying to take the best of each world where you have the full extensibility and visibility that you can collect with all your data in Hadoop, but you've pre-built all the analytic infrastructure that you need to see your operations in context. Yeah, I think when you look at Hadoop and Splunk and your concept of Rokhan is the best to both worlds is very apt, right? It's a pre-packaged application, it just installs, you don't have to go in under the covers and stitch everything together. It has the power of scalability that Hadoop has, it has the openness, right, because you can still get at the data and do what you need with it, but you get an application that's creating value day one. Okay, so maybe take us, peel back the onion one layer and tell us, you know, if you've got, you can go back to last year's Cyber Monday, you know, and you've got, you know, out of the box functionality, tell us how you make sense out of the data for each organization so that the context is meaningful for them. Yeah, absolutely, and what's interesting is that it's not a one-time task, right? Every time you're trying to solve a slightly different problem, remove the business in a different direction, you want to look at data differently. So we think of this more as kind of a toolkit that helps you navigate where to find the root cause or isolate where a particular problem is or where you need to invest or grow the business. And so in the Cyber Monday example, right, what you want to look at is, let me take a zoom out view. I just want to see trends over time, the months leading up or the weeks leading up to Cyber Monday, let's look at it this year, let's look at it last year, let's stack on the graph everything from the edge caching to the application, to my proxy servers, to my host servers, through to my network, like give me the broad view of everything and just show me the trend lines and show me how those trends lines are deviating. Where is their unexpected patterns and behavior? And then I'm going to zoom in on those. And what's causing those is there a new disconfiguration, did someone deploy a new network infrastructure? Like what has caused some change? It's all good, we're making more money, more people are coming to the website, it's actually a capacity issue, we just need to add more servers. So you kind of get the step back, show me everything without a query and then drag and drop zoom in to isolate where are there particular issues that I need to pay attention to. And this is infrastructure. It's infrastructure all the way through applications. It is, so you can do application performance management as well. We don't natively do the instrumentation, there's a whole domain, which is I want to do bytecode instrumentation. We partner with companies that provide APM functionality, take that feed and incorporate it. Similar to, we'll partner with companies that do wire level, deep packet inspection. I was going to say take that feed and incorporate it. Some stuff we do out of the box. So NetFlow, things like IP fix, statsd, syslog, log4j, there's kind of a lot of stuff that everyone needs standard interfaces that we do out of the box. And there's also pre-configured, we think of it as sort of content-oriented parsers and visualizations for an open stack or for a cloud foundry or for sort of a blue coat system. So there's certain things that we see everywhere that we can just handle out of the box and then there's things that are very specific to each customer. So a lot of talk about machine learning, deep learning, AI at this event. How do you leverage that? How do we fit in? You know, it's interesting, because we talk about the power delivers in the product, but part of it is that it's transparent, right? Our users who are actually on the console day-to-day or trying to use your account to solve problems, they're not data scientists. They don't understand the difference between analytic queries and full tech search. They don't understand machine learning models, right? They're IT people, is that correct? They're IT folks whose job it is to keep the lights on, right? And so they expect the software to just do all of that, right? So we employ the data scientists. We deliver the machine learning models. The software dynamically builds models continuously for everything it's looking at and then shows it in a manner that someone can just look at it and make sense of it. So it might be fair to say, you know, maybe replay this if it's coming out right, but most people, and even the focus like of IBM's big rollout this week is, okay, people have got their data lakes populated and they're just now beginning to experiment with the advanced analytics. You've got an application where it's already got the advanced analytics baked into such an extent that the operator doesn't really care or need to know about it. So here's the caveat. People have their data lakes populated with the data they know they need to look at and that's largely line of business driven, which is a great area to apply big data machine learning analytics. That's where the data scientists are employed. That's why what IBM is saying makes sense. When you get to the underlying infrastructure that runs at day to day, the data lakes are not populated. They're data puddles, right? They do not have the content of information, the wealth of information. And so instead of saying, hey, let's populate them and then let's try to think about how to analyze them and then let's try to think about how to get insights from them and then let's try to think about how to, right? And then and then how about we just have a product that does it all for you, right? That just shows you what to do. I mean, I don't want to pollute my data lake with that information, do I? I mean, right? Well, what you kind of want is you want to take the business feeds that have been analyzed and you want to overlay them. So you want to send those over to probably a much larger lake, which is all the machine data underneath it. Because what you end up with, especially as people move towards more elastic environments, sort of hybrid cloud environments. In those environments, if a disk fails or machine fails, it may not matter, right? Unless you can see the top line revenue have an impact, maybe it's fine to just leave the dead machine there and isolate it. So like how IT operates in those environments requires knowledge of the business in order to become more efficient. You want to link the infrastructure to the value. Exactly. Okay, so you're taking feeds essentially from the business data and that's informing prioritization. That's exactly right. So take as an example point of sale systems, right? All the point of sale systems today are just PCs, they're computers, right? I have to monitor them in the infrastructure to make sure it's up and running. As a side effect, I also know the transactions. So as an IT person, I not only know that a system is up, I know that it's generating the same amount of revenue or a different amount of revenue than it did last week or that another system is doing. So I can both isolate a problem as an IT person, right, as an operator, but I can also go to the business and say, hey, nothing's wrong with the system. We're not making as much money as we were. Why is that? And let's have a conversation about that, right? So it kind of brings IT into a conversation with the business that they've never been able to have before using the data they've always had, right? They've always had access to. Omar, we were talking a little before about how many more companies are starting to move big parts of their workloads into public cloud. Yeah. But the notion of sort of hybrid cloud, having a hybrid cloud strategy is still a bit of a squishy term. Yeah. Help us fill in for perhaps those customers who are trying to figure out how to do it, where you add value and make that possible. Well, what's happening is the world's actually getting more complex with cloud. It's another place that I can use to cost-effectively balance my workloads. We do see more people moving towards a public cloud or setting up private cloud. We don't see anyone whole-scale saying, I'm shutting down everything, and I'm going to send everything to Amazon. I'm going to send everything to Microsoft. Even in the public cloud, it's a multi-cloud strategy. And so what you've done is you've kind of expanded the number of data centers. Maybe I add a half-dozen data centers. Now I've got a half-dozen more in each of these cloud providers. It actually exacerbates the need for being able to do multi-tier monitoring. Let me monitor at full fidelity, full scale, everything that's happening in each piece of my infrastructure, aggregate the key parts of that, forward them on to something central so I can see everything that's going on in one place, but also be able to dive into the details. And that hybrid model keeps you from clogging up the pipes. It keeps you from information overload. But now you need it more than ever. And to what extent does that actually allow you, not just to monitor, but to remediate? Well, the sooner you notice that there's an issue, the sooner you can address that issue. And the sooner you see how that issue impacts other systems, the more likely you are to identify the common root cause. In examples of customer we worked with prior to Rokon, I had spent an entire weekend isolating an issue. It was a ticket that had gotten escalated. They found the root cause, the core system, and they kind of looked at it and said, well, if that core system was actually the root cause, these other four systems should have also had issues. They went back into the ticketing system. Sure enough, there were tickets that just didn't get escalated. Had they seen all of those issues at the same time, had they been able to quickly sort of spin sort of the cube view of everything, they would have found it significantly faster. They would have drawn that commonality and seen the relationships much more quickly. It requires having all the data in the same place. So part of it is that, it's part of the actionable information is to help triage the tickets in a sense as that's the connection to remediation. Context is everything. Okay. So how's it going? I mean, we're kind of a heavy lift. I mean, you're going after some pretty entrenched businesses that have been used to doing things a certain way. How's business, how are you guys doing? Business is amazing. I mean, the need is so severe. We had a prospective customer we were talking to who's just kind of starting to think about sort of this digital transformation initiative and what they needed from an operational visibility perspective. We connected them with an existing customer that had rolled out a system and the new prospect looked at the existing customer, called us up and said, that's what we want right there. And it's just everyone's got centralized log analytics, total operational visibility. People are recognizing these are necessary to support where the business has to go and businesses are now realizing they have to digitize everything. They have to have the same kind of experience that Amazon and Google and Facebook and everyone else has. Consumers have come to expect it. This is what is required from IT in order to support it. And so we're actually getting, you say it's a heavy lift, we're getting pulled by the market. I don't think we've had a conversation where someone hasn't said, I need that, right? That's what we're going through today. That is my number one pain. That's good. Now heavy lifts are good if you got the stomach for it, right? That's what I am. And if you got a tailwind, that's fantastic. It sounds like things are going well. Oh my congratulations on the success. I really appreciate you sharing it with our CUBE audience. Thank you very much. Thanks for having me. You're welcome. All right, keep it right there. Everybody will be back with our next guest. This is theCUBE, we're live day four from NYC. Right back.