 This is the Cube, my name is Dave Vellante and I'm here with Jeff Kelly. We're with Wikibon.org and this is the Cube Silicon Angles production of Splunk.conf 2013. We did Conf 2012 and we're really delighted and pleased and privileged to be back here. Ant Lafave is here. He is a senior systems engineer at Middlesex Hospital in the great state of Connecticut. Welcome to the Cube. It's great to be here, thank you. Yeah, so what do you think of the conference? We were talking about the party last night, a really good time, a lot of excitement. What's your take? It's been enjoyable so far, learning a lot from fellow Splunk users. Splunk really knows how to party, put on a good time and keep their user base engaged. Work hard, play hard, it's kind of the mantra, words to live by I say. So you say you learn a lot. Give us an example, you're a practitioner, you come to these events. I mean obviously it's great, it's fun and all that, but you really come to learn from your peers. I mean that's the number one thing you always hear. I presume it's the case with you as well. Yeah, absolutely. I mean, for example as today I went to a talk where one of the folks was running Splunk in a total virtual environment at our hospital right now. We are running in a virtual environment and to pick up some pointers from somebody else who's been through it maybe a little longer than we have or has a different insight, it's been invaluable just to get that knowledge from someone else who's already done it. So it's maybe a project that you're working on, a thinking about working on, a one that you've begun to implement and you're trying to figure out okay, what are the landmines, what should I not do? It gives me more ideas, more things to work with when I go back to the office. I already got a whole ton of stuff that I want to do, whether that be set up more servers, maybe configure my app a little bit differently. Really with Splunk, all these stuff that I've been doing with it now, it's got so much value and there's, the sky's the limit with it. Well now, I'm not just going on my ideas, what I think Splunk can do. I have a whole bunch of people showing me other things that I didn't even think of that I can do with Splunk. I hear that I'm hearing that a lot at this event is there's so much more I could be and should be doing with the product. But I want to get into some of that before we do. Let's talk about your business, let's talk about the hospital, sort of your role. Tell us a little bit about the organization. So Middlesex Hospital, we are located in Middlesex County in Connecticut. We have a hospital with three emergency departments spread across the county. We also have around 25 network sites, 10 of them being primary care offices. So we do a lot of business throughout the county. What we've used Splunk for in our hospitals deployment is both for network operational intelligence and also being able to audit a lot of the stuff that our users are doing and what patient records are seeing. So talk about your environment a little bit. Can you paint a picture of what it looks like and the major apps that are driving your business? So we have a couple of data centers. We have two located in the hospital for redundancy and we have one located offsite for disaster recovery. The applications that we're running are plethora. We have our EMR, EHR for our inpatients. We have another one for our outpatients. We have our financial system, our employee system. We have a Windows environment. So we're running a ton of Windows apps, databases. We have anything that an enterprise environment would have. We have at the hospital and it's just not a necessity. It's today's environment. And how about cloud? I presume the vast majority is on premise. How are you using the cloud, if at all? We're a Google apps customer. So we have our entire email slash drive system out on the cloud. It's been a learning curve. It makes things a lot easier as far as administration goes and not having to keep that stuff on site. So we've had a good experience with the cloud. When did you go to, not to digress, but I gotta ask you because we're Google Enterprise shop too. But when did you go to Google apps? We went to Google apps approximately two and a half, three years ago. I think we were one of Google's first big healthcare clients. And with that, we had a couple speed bumps, but those have pretty much been resolved and we've been going strong with them now for quite a while. Yeah, at the time, Microsoft really didn't have its cloud act together. Previously you were an exchange customer or is that? Yeah, we were an exchange customer. We had non-premise exchange box. Sometimes it went down a little more often than we'd like, and by outsourcing that to the cloud, we no longer had to worry about that. We can have access to our email systems, both on-site, off-site. Don't need to worry about our ISP. We don't need to worry about power. We don't need to worry about anything. Yeah, you didn't want to be in the email business, right? Exactly. Okay, let's come back to what's happening at the show here. Splunk 6, you saw that yesterday. I presume you were in the audience. You saw the keynote. Is that right? Yes, I did see the keynote. I actually was watching the keynote from my couch because they were streaming it, so it was great. Cool, that is great, isn't it? So what do you think of Splunk 6? What's your take? Splunk 6 looks amazing. I wish I had it when I was developing my app. There's a lot of functionality I'm looking forward to using when I get back to the office, so I will be installing that as soon as I get back. So what's the most appeal to you? Is it the pivot table capability, the modeling, the performance, what is appealing? There really wasn't one thing that stood out. I mean, everything looked useful. Haven't gotten to play with it yet, but I'm looking forward to playing with all of it. So you haven't downloaded it yet? I have not for fear of, I have a presentation today and I'm running Splunk 5 for that presentation. I'm actually going to be doing a demo, so I'm not going to install any new software until that demo is over. Smart, smart man, this is an IT guy now. He's a practitioner who knows his stuff, so everybody who's, it ties to download iOS 7, be careful. So let's get into some of the, let's come back to the hospital. Jeff Kelly, you and I have talked, we were at the MIT data quality symposium, we had a lot of healthcare folks on, the whole electronic medical records. Jeff, what's your take on all this and maybe lead us into that segment? Well, I think the promise of electronic medical records is huge. The idea of digitizing the records so that they can be available, patient records can be available across providers, whether you're a primary care physician or specialist, maybe you come to the emergency room, have up-to-date information across all different providers. Of course, there are challenges with that, different networks, different providers of different networks, different standards. They can't all talk to each other yet, so that's still a work in progress, but there's huge promise there. Another thing, of course, is taking a lot of that data, at least the non-privacy or sensitive data that you can, maybe aggregating it and doing some analytics to drive, to understand high-level trends around medical conditions, things that are happening in your area, maybe on the region or even nationwide. But then, of course, the other component is the meaningful use requirements. The federal government is incentivizing hospitals to adopt the technology, to take advantage of these benefits I just talked about, but part of that is you've got to use it, the hospitals need to start using them and then they've got to prove that they're using them. And so that can be a challenge that I think maybe doesn't get a ton of coverage. So I would love, Ann, to talk a little bit about that. Is that one of the use cases for Splunk, your organization, really, to help basically document what you're doing with EMR? It's kind of, let me start with, what are you guys are doing in terms of EMR adoption and then talk us through kind of how Splunk helps you kind of audit your use of the technology? Right, so we're gearing up for our second at-test station for meaningful use. There's three stages, there's meaningful use one, two, and three. Next year we'll be attesting for meaningful use two. And there's a checklist that the government goes by where you need to be using certified electronic health record products. One of those check boxes is that you need to be able to create audit reports for your EHR system as far as who's accessed what patient records. So we were faced with a challenge, we needed to purchase a product that fulfilled this requirement. It wasn't built into our EHR. So I was offered the challenge to look at a couple of different products, find out which one fit our organization best. We actually, when I was looking at the two products, went, I think we have something already that will fulfill this requirement. And that's when we decided to port that data into Splunk and search it, audit our records and turns out we could. So you were already a Splunk customer using it for basically log management, log analysis or talk us through that a little bit. So we had a proof of concept this spring for our Windows environment. We brought Splunk in, we were given a trial license and we were auditing our Windows systems because we wanted to troubleshoot things quicker, correlate things. And we were actually in our proof of concept phase when this challenge came along. And that was what sold us completely on Splunk was the fact that not only were we auditing our Windows environment and our server environment, now all of a sudden we're able to fulfill a requirement and we were going to buy Splunk anyway. So that made it, I guess that sealed the deal. Yeah, absolutely. Sounds like, so interesting, something you mentioned a moment ago. So the EHR system that you've invested in doesn't have the capability to tell you who's accessing what and when. Did I understand that correctly? Cause that's kind of amazing to me that some of that functionality isn't included when you consider the privacy implications. It's not that the EHR couldn't do it. So they log their data. They throw all their data into a log file. Then they rely on a third party to order that data, to audit that data. So they'll give you the raw information and they do a really good job of it. All the fields are in XML. It's really easy data to work with. So we do have a raw dump from our EHR with all the patient access information. But what we've done is we've taken that raw data and we've put it into Splunk and we now have a application that we can query by what patients records were accessed. Who's been accessing what? Even for HIPAA violations. So if someone's accessed a record where that patient has the same last name, that's potentially a HIPAA violation because it could be a brother, a sister, an aunt and uncle that you shouldn't be looking at their records based on HIPAA. So kind of a not, well maybe this is a partly non-technical question but partly a technical question as well. So how do you as an organization stay current with the regulations you've got to follow with the rules associated with who can access what data when? And then how do you, you've got to obviously follow that and then you've got to turn the technology onto those rules. How do you manage that process? We actually internally have a HIPAA committee. So we meet bi-weekly to go over the latest and greatest compliance challenges. The new regulations, what we're doing in-house and what we should be doing. Different lessons learned from other hospitals throughout the state that we meet with. So to keep current it's a challenge because the rules are changing all the time. There's stricter requirements. There's different applications that are coming out. There's a whole slew of challenges and we really just are trying to keep up, trying to make sure that we remain compliant and one of the ways that we've been able to find out how to do that is by auditing our systems with Splunk. And are you using the data that you've got in your system to do other types of analytics? Is that something you're looking to do or does the privacy environment make it difficult to do that? Not so much. I mean, the information that we're porting into Splunk, we're able to segregate just based on the architecture of how Splunk is laid out. So once we get all of our ducks in a row as far as auditing patient records and being compliant there, we have a bunch of other systems that I've already ported into Splunk in different indexes and some of the data is just sitting there waiting for me to figure out what to do with it. Other stuff we're currently using to troubleshoot network problems. I see us moving forward into maybe monitoring biomedical devices or car door access. Things that other organizations are also using outside of healthcare. Kind of making Splunk a one stop shop as far as knowing what's going on to anything that's plugged into our network. And a couple of other things that Splunk has been emphasizing at this event, Splunk Cloud and Hunk. And I wanted to get your reaction of both of those. So I take it you're not moving to Splunk in the cloud anytime soon. You mentioned Google apps, but I just want to validate. So has the announcement of the Splunk Cloud changed sort of your strategy there or your thinking there? It obviously hasn't changed your strategy because we're going to back and talk to people about it. But what's your reaction as a practitioner? I'd love to get that perspective. Well, we host everything locally with the exception of our Google apps. So we wouldn't be using Google, or I'm sorry, we wouldn't be using Splunk Cloud so much. And we also don't have a Hadoop installation. So we wouldn't be using that either. Although I can appreciate the power that both of those tools are going to give to organizations that are using it. I mean, when we brought Splunk in-house, I thought we're going to need a full-time employee just to manage Splunk. Just because there's so much to it. Well, what I found out when I was using Splunk is, yes, I am working on Splunk pretty much full-time. But Splunk's made my job so much easier and quicker as far as troubleshooting goes that I've had time to explore all the other stuff that Splunk can do for us. And it's become a leaping point to get our organization plugged into all the features that Splunk can provide. So if Splunk can do that in the cloud and with Hadoop, I think those organizations are in great shape. What advice would you give Splunk? Let's say you're sitting down with God for you and saying, Ant, who would you advise me? What should I be focused on? What should I do that would make things better for you? I'm not sure how to reach out to folks that haven't already turned on to Splunk. I mean, the way that I ran into Splunk was I saw a Splunk t-shirt at another conf. So really the thing that I enjoy about Splunk is it's a very nerdy product. It's something that you can dive into and enjoy. There's not a lot of products that you can say that about. A lot of stuff is hard to work with or you're just learning it to fulfill that use case. With Splunk, the sky's the limit. I think that going to other confs and just having people play with the interface, I think that can bring more folks, more exposure to Splunk. Because once you get this tool in a nerd's hands and we know they're all at the confs, you know, they'll be turned on to it. Awesome, Ant LaFave, surrounded by geeks that are geeking out on Splunk. It's awesome. You're a tech athlete. Appreciate you coming on theCUBE. Thanks for your time. Great, thank you guys. All right, keep it right there everybody. Jeff Kelly and I will be back. And with our next guest, we're live here. This is theCUBE. We're in Las Vegas at .conf.