 And welcome back everybody. You are watching the CUBE Silicon Angle TV's premiere video production where we go out to the events, the top tech events to extract the signal from the noise from the smartest people at the show. Today we're here at .com 2012 Splunk's annual user conference covering all the action. This is day two. My name is Jeff Kelly with wikibon.org and I'm joined by my co-host here Jeff Frick from Silicon Angle. Thank you Jeff. Welcome everyone. We are excited. We got a full day of lineup and some great guests yesterday. The focus was on a lot of Splunk executives. Today we've got I think more customers, more partners and some other people in the community that are interested in big data. So we start our day off with Dan Woods. He's with CITO Research. Sorry about that. And also a frequent contributor to Forbes.com. So Dan, welcome to the CUBE. Glad to have you on board. Glad to be here. So have you enjoyed the show so far? You've got to walk around, see some interesting things. What has struck you? I think it's been really interesting how Splunk is doing a good job of expanding from its core market in IT to being relevant in different spaces. One of the most interesting things I found was the idea of semantic logging. Right now Splunk is attacking all of these logs that are created by machines. Whether it's web logs or whether it's network logs. But now as time goes on I think applications are going to be recognizing important events and then writing those to logs so that the logs will not be just about machine events but they'll be about business events, customer interactions. I think that Splunk is going to be very useful in using that. I think that's going to be one major trend. I also think that it's really interesting to see how Splunk is usable as a policy engine or a monitoring engine to determine what's normal. One of the big themes at the security conference, I mean the security portion of the talk yesterday was how security can no longer be about detecting patterns of viruses because the attacks are just too sophisticated and they don't have patterns anymore. They can conceal themselves really effectively. What they can't conceal is the unusual behavior that they put forth doing their malicious work. So if you have a really good understanding of what's normal in your environment you can then recognize when something abnormal is happening that might be a security risk. Well what's normal in your environment? It's very hard to kind of figure that out and by using Splunk you can monitor all hundreds of different little ranges that were normal and notice if something strange is happening. So I think that was another sort of expansion of the use of Splunk that I found really interesting. Do you see that trend in security in security companies? I mean is that the way that they're changing the way that they sniff out and find security breaches? Absolutely. If you look at FireEye they're pioneering a whole new way of detecting threats by basically creating a sandbox environment in which they can allow something to operate. When they see what it does they can tell whether it's a malicious thing or whether it's normal. And it's much different than the kind of old model that is really broken of trying to detect threats through pattern matching. Which just doesn't work anymore. I noticed and doing a little research before he came on at CITO Research you're all about kind of teaching leadership in kind of the technical side of the house where traditionally it's been more on the business side of the house. We had Marquis on earlier and he had an interesting statement where the business people now can get information from the same data that he's watching as a security guy and glean some intelligence out of it and come up with some actionable things. So I think it is a great theme I think you guys are latched onto that now there is more kind of business responsibility and leadership responsibility in what was traditionally kind of an IT role. Let's just keep everything up and running and everybody happy. Can you talk a little bit about how you're seeing that trend and what you're doing to help these guys become kind of better business leaders? Well I think the first trend is something that Splunk has been working on for a while which is operational intelligence and the idea is that it's a gradual progression from using machine data for monitoring and operational purposes to understanding more high level concepts that you can glean from that data to then understanding business relevant events in that data and then finally having machine data whether it's from operational sources or other sources become a part of creating insights and I think that it's IT that's going to be the one that understands the all of the machine data sources. It's IT that's going to have to collect the questions that are relevant to answer and then it's IT that's going to finally close the loop and say here's the insight that we could gain and so I think that if you look at the way a data centers run right now you have all these independent systems that are doing various things but then they're also working together in a highly connected way what is business going to be like in five years it's going to be much more automated, more technology everywhere it's going to look a lot more like a data center and I think if we can actually get this right we can teach the business a little bit more how to run these complicated environments and I think things like Splunk or Swiss Army knives for making all this happen that's an interesting point because you know we're seeing especially in the marketing world for instance marketers are quickly becoming IT or I should say technology buyers as much as IT in a way so what is it going to take do you think to kind of make that transition where the business is more automated and the communication between the two between IT and business which has always been a struggle what's it going to take to make that transition so that the business can really take full advantage of what IT is capable of doing with tools like Splunk and other big data like tools that we're seeing hit the market I think that I have a pretty well developed theory of this and let me just try to summarize it the big problem right now we have with technology leadership is that the footprint of technology is rapidly expanding and we're losing control you know the IT function no longer has control because of cloud computing, mobile devices, consumerization so they have less control than ever but IT is still responsible for security for reliability for disaster recovery and so in addition IT hasn't been really well managed in that we've done a reasonably good job of keeping things running but do we know how much it all costs well to some extent and do we know what value it's providing very rarely and so if you ask somebody to prune the unimportant stuff most people can't tell you what's unimportant you know because there's no value accounting in that so I think that the first thing IT does IT needs to do is to do a better job of managing itself you know B show the value of what you're doing now the second thing I think IT needs to do is to reach out across that line and understand what the business wants to do now how do you do that that's very difficult I think a very simple way to do it is just to come around and ask the questions that would be most valuable to answer then that gives you the ammunition to say no to all of these things that come at you as an IT person you get all of these technology choices all these vendors what is Apple most proud of Apple is most proud of saying no and so what in order to understand what an IT person should say no to they have to understand what's important and so you know closing that gap is the next and once you have questions that are worth answering you can put a dollar value against those questions and then the budget's no problem you know we can answer this question that would be worth a million dollars to answer for twenty thousand dollars that's a project that's approved right there and then so then I think it's also a question of having IT assert itself and not play a role of a second class executive you know we have to realize that we alone can master this technology you're not going to teach a business person to be an IT person to understand all the potential of the technology it's up to us to really to do that and I'm going to turn my devices off now we're all connected all the time that works at all some really good insights there so I wanted to switch gears a little bit and talk about Splunk kind of as a company and where they've come from and where they are today and what you think they need to do to kind of continue on this momentum they've obviously had a great year success with IPO in April they had a great quarter they just closed picking up I think over 400 new customers in the quarter I think 98 orders of 100,000 or more so they're obviously growing and really kind of firing on all cylinders right now but as you mentioned I believe you mentioned earlier we're seeing a lot of new use cases being developed by their customer base they're starting in the infrastructure area in the data center but then they're moving to other areas we heard a great anecdote yesterday about analyzing elevator data with Splunk so we're seeing these different use cases which is very exciting but also Splunk is now going to have to continue this their momentum while scaling to new use cases into new areas what do you think they need to do to kind of keep this going as a company that's been very successful so far they've got a lot of really happy customers but keeping that going as you grow can be a challenge for companies what do you think they need to do well I think that Splunk is sort of like pearl or Java or Python in that it is a platform for doing many many different things and so in terms of going to market they have to go to market at the same time to the early adopters which they're very successful and are enthusiastically adopted by and startups especially are embrace Splunk then of course they have all the apps they're using to go in a targeted way and go after the early majority and late majority by solving specific problems but how do they become what God-free-solving called the data fabric for not just the startups not just the early adopters but for everybody else and I think the key to that is first of all this book that I was privileged to help work on with David Carrasso solves one of the big problems that happens in these early majority accounts and that is people use Splunk to solve a certain problem and then they confuse the potential of Splunk with the path they took to solve a certain problem and so one of the reasons that we wrote this book is so that it would be easier to understand the entire big picture of Splunk not just what you happen to do with it to solve your certain problem now once you do that then all of a sudden you start harvesting data and delivering it all over the place. We talked about one pattern which was the establishing what's normal for security but there's other patterns like for marketing for example is there a way that you can correlate two or three different marketing event streams that are going into Eloqua or Marketo or something but they don't exactly have an event as wide an event recognition system and maybe you can identify a really important marketing event that should be sent as a text to a salesperson. Well that's just a whole another area of event processing in one vertical and I think what's going to happen is that over time maybe Marketo and Eloqua will do that but there's all of this stuff you discover about what data can tell you before it's been embedded in an application. I talked to the guys at MessageBus who were on Silicon Angle earlier and they explained how they are using Splunk as a policy engine to keep track of the best practices that you need to adhere to so that your mail gets accepted by the big mail senders and so that shape of those policies is just crazy. They've got four different spam, four different collections of PhDs working to stop spam and each of them have a different set of rules and those rules are constantly changing so your behavior as somebody who wants to send mail and have it received has to keep up with those and they use Splunk as sort of like a first line of defense machine learning sort of knowledge capture device to do that. So you can see that here we've talked about business policy engines, we've talked about marketing events we've talked about the elevator example I think that for Splunk to really get to where it needs to be it needs to be inside these centers of excellence and not just one, it should be in the business process management center of excellence, it should be in the integration center of excellence, it should be in the business intelligence center of excellence and so when Splunk learns how to tell its story to IT so that all of these people who are doing these established functions now realize they have a much more valuable way of doing it I think that will then people will start understanding that generic operational intelligence message that Splunk has been trying to send. It's just wild to me that here we are in 2012 and one of the key attributes to help this company be successful is a book but it's a new way to do a book, as David talked about yesterday, it's being publishing on demand, it's being able to update it, it's being able to have free electronic versions that are distributed lots of different ways but at the end of the day it's still a book, it's still a great way to get information across, to give examples, to let people really tap into the power of what Splunk is delivering and it just sounds like we're just riding the tip of the iceberg as to where businesses could continue to extract value from their data via Splunk. Yeah, I think that the interest, we've done more than 25 books at CITO research on all sorts of topics from Wikis, we did Wikis for Dummies, to Lost in Translation which is about IT alignment and the most recent one was API's strategy guide that was published by O'Reilly and the thing about it is it's important not to confuse the form of the thing with the purpose of the thing the form of this is a book, it's got pages of course it could be delivered on a Kindle but the purpose is to collect a bunch of knowledge and then to stream it out in an easily digestible form that's what a book is and so will we always need to collect a bunch of knowledge and then make it palatable to certain audiences? Absolutely, that's never going to go out of style. Yeah, that's great. Thanks a lot. So we are here at Splunk's COF 2012 it's a humid day, it's not the dry heat in Las Vegas that they usually talk about, we've got about 80% humidity as the flood waters evaporate into the air. I'm here with Jeff Kelly, we're here with Dan Woods from CITO Research, again also contributes to Forbes day two of the Splunk conference coming to you from theCUBE, again at siliconangle.tv premier video broadcasting service where we do go out to the events, we talk to the people you want to hear from, we get the information you want to hear and do it in a nice way, do it in a conversation way, get right to the right to the information, it's not a press release. So we're really happy to have you, we've got a full day lined up, we've got another guest getting mic'd up over there with the crew, so we will take a short break and be back in just a few minutes. Thanks. Thanks so much Dan.