 Live from Washington D.C., it's theCUBE, covering .conf, 2017, brought to you by Splunk. Welcome to the district, everybody. This is theCUBE, the leader in live tech coverage. My name is Dave Vellante, and I'm here with my co-host for the opening session of Splunk .conf 2017, George Gilbert. This is theCUBE's seventh year of doing Splunk .conf. We have seen the evolution of this company from a pre-IPO startup into a $1.2 billion growing, rapidly growing player in the big data sphere. Interestingly, George, Splunk in its early days really never glommed on to the big data meme. They let others sort of run with that. Meanwhile, Splunk was analyzing machine data, helping people solve operational problems, security problems, et cetera, growing very rapidly as a company, getting a passionate user group together and a community together, expanding on that community. And now today, you see Splunk is at the heart of big data. As you wrote recently in one of your pieces, you need big data and big data techniques to analyze all this data. So, give us your take. Where are we at in this evolution of Splunk and the intersection of big data? All right, so I guess the best way to frame it is we had several years of talk from the opens, mainly from the open source big data community, which of course came out of the big tech companies about how they were going to solve problems with essentially instrumenting the new era of applications. These are the web and mobile apps and the big data repositories around them. And I'm going to walk through four sort of categories, like define this class of apps very crisply, so we can say who fits where. Well, let me just ask you, so we're seeing the expansion of Splunk from sort of a narrow sort of log analysis platform into one that is becoming a really more of a platform for big data apps and big data application development and big data apps. Okay, let me give you the crisp answer. Then for years Hadoop said, we're the platform for big data apps. But the problem was it was built by and for big tech companies. So there's a lot of complexity. It's something you and I have talked about for a while. And that sort of choked its adoption beyond the very most sophisticated enterprises. Splunk started analyzing basically log data, machine data, but as that platform grew, they built it not so that they were sourcing really innovative pieces from all over the ecosystem, but so that the repository, the analytics, the user interface, the application development environment were all built to cohere and to fit together, which meant it was immensely easier for admins and for developers to use. And if you look at their results, they're, as you said, a $1.2 billion company. And that's bigger than all the Hadoop vendors combined and they're growing just as fast. Okay, so before we get into it, George, I want to just sort of set it up a little bit for our audience. We're here in Washington, DC, at the convention center, 7,000 plus attendees at this show. And we first started doing the original .conf shows. You know, it was relatively, you know, it's still intimate, but it was a much smaller show. So up to 7,000 people now. 65 countries represented here. Doug Merritt, the CEO, launched the keynote this morning, talked about people coming from 30 million miles, if you aggregate, Splunk's all about aggregating and analyzing all this data. If you analyze the distance that everybody traveled and aggregated, it was 30 million miles. So what's happening here is this is the gathering, the annual gathering of the Splunk community, the conference is called .conf. And what we're seeing really is, and when you listen to Splunk and when they talk about their transformation as a company and their opportunity as a company, really going from security, incident and event management to an organization that's really starting to focus on bringing analytics and big data to the security business. So security is a huge opportunity for Splunk. It's something that they've always been pretty fundamental in. And so George, part of Splunk's evolution as a platform is to really, as you're pointing out, get more into either apps or allowing the ecosystem to develop apps on top of their platform, right? Okay, so that's sort of a great segue to the question of, you know, are they desert tapping or floor wax? You know, are they a platform or an app? And- Answers yes. Yes. Now what they're doing, they're taking a page out of Microsoft's playbook and very few others have made the transition from platform to app. They started really as an app platform. But what's going on now is they basically can take machine data about your applications and your infrastructure from wherever across the cloud on-prem out at the edge. And then they give you end-to-end visibility because you've got all that data and they have some advanced visualization techniques. They make it now in this release much easier to monitor the performance metrics. But then what they're doing, when you do this end-to-end visibility, you have a greater burden on the admins to say, well, when there's an alert, correlate this problem with this problem and try and figure out where it really came from. What they're starting to do, which is really significant, is build the apps on top, which go deep. The apps like Splunk, User Behavior Analytics, Splunk Enterprise Security. What that means is those apps come pre-trained to know how to read the customer's landscape, put a map together, and then also how to figure out so when services are not acting quite right, what to investigate. So in other words, they come with an administrator knowledge baked in. So Splunk has all this data across its 15,000 customers, billions and billions of data points, if not trillions, and they're able to infer from that data and identify the pattern so that they can deliver essentially pre-packaged insights to customers. Yes, and you're actually putting your finger on two things that are important. First, like the applications, the package tabs, like User Behavior Analytics, which is basically for looking for bad actors and intrusions, and Enterprise Security, which is sort of a broader look. Those come so that they're trained to figure out your landscape and what's normal behavior, but they announced something else just this morning, which was sort of a proactive support where they take all the telemetry data from customers as they opt in, and they learn from that about what's normal and abnormal and what's best practice and what's not. And so then they can push out proactive support. Okay, let's do a quick rundown. We don't have much time here, but let's talk about the cloud strategy. I mean, Splunk has a relationship with AWS. Where does Splunk, in your view, fit with the whole cloud, hybrid cloud play, on-prem, in the public cloud? I know they've said publicly that 50% of their customers, or at least maybe it's their new business, is cloud only, and then the other 50% is either on-prem or cloud, either all on-prem or on-prem in cloud, so some kind of mix. So where do they fit in the whole cloud, hybrid cloud mix? Okay, you also touched again on a couple key things. One is, where can they run so that customers can have the same development platform and admin experience wherever the customer data may be, whether it's on-prem, on the edge, or in multiple clouds? That is, they've addressed, because they're a self-contained environment, so they can run on different platforms, different locations. But at the same time, when you're working with Splunk on-prem, you're really in a very different ecosystem than when you're using it in the cloud, because in the cloud, you might want to take advantage of special purpose machine learning tools or special purpose analytic databases that have capabilities that are there. AWS services, for example, yeah. Yes, that are there in the cloud. Now. Is that a friction point for Splunk? And is that the point of, are there clear swim lanes or does it start to get fuzzy? I would call it less a friction point and more of a set of trade-offs that their customers will encounter that are different. Okay, like the integrated iPhone versus other third-party sort of tooling. Yeah, and it's worth mentioning that, to stay in that self-contained and compatible sort of platform sphere, this little biosphere, wherever it may be, you lose out on the platform-specific specialized services that might be on any particular platform. And the fact that you have that trade-off is goodness, you know, as opposed to- Choice. Okay, a couple other things. So we talked a little bit about the, and you and I, as you say, I've talked about this forever, admin and developer complexity, what's Splunk's recipe for simplifying that and how does machine learning fit in? Okay, so on the issue of admin complexity, I'm going to, and developer complexity, I'm going to pull up a cheat sheet here that I started pulling together, just probably the complexity is going to freak out our video support guys. But if you look at the typical open source analytic application and the pipeline that's underneath it, it's got an ingest phase, process phase, it's analyzing the data, it's running predictions, it's serving the data. Sounds like the Hadoop pipeline, the flow of the workflow, yeah. Whether it's Splunk or Hadoop, it's the same set of steps. It's a big data workflow. When you're dealing with large volumes, right? And whether you're dealing with Splunk or Hadoop, you have to deal with stuff like data governance, performance monitoring, scheduling, authentication, authorization, resource isolation. All the enterprise level stuff that we've grown to understand and love. If in the open source ecosystem, each stage of the pipeline is a different product and each of those admin steps is implemented differently because they're coming from different Apache projects. You've got what I call is potentially a Frankenstein kind of product, like its creator might love it. Okay, so you're saying Splunk's strategy will be to integrate those and be as simplified, almost like the cloud guys would aspire to do. Well, that's the other thing. See, Splunk had this wonderful thing on-prem where they were really the only one who was unifying big data. In the cloud, it hasn't happened yet. Like Amazon's answer to customers is, oh, we take any and all comers, you can use our services, you can use others. But you will see over time, probably first by Azure and then later by Amazon. Okay, so we're out of time. But so these are some of the things we're tracking. Watching Splunk's TAM expansion, the whole cloud, hybrid cloud strategy, simplifying big data complexity, where does machine learning fit in? Some of the things we didn't get into were breadth versus depth. Splunk is kind of doing both, going deep with certain applications, but also across horizontally, across its platform. And then of course we haven't talked about IoT, but we will this week. IoT and edge processing, what's the right strategy there? We'll be unpacking that all week. Splunk is a fun crowd. I mean, you can see the t-shirts. The t-shirts are fantastic. Drop your breaches, the end of metrics, taking the SH out of IT. These are some of the t-shirts that you see, some of the slogans that you see around here. So Splunk, really fun company. The other thing that you'd note about this ecosystem, this audience is, when Splunk makes an announcement, you get genuine applause, laughter, applause. Really, really passionate customer base. A lot of these conferences we come to, it's sort of golf claps, not here. It's really heartfelt. So George, great analysis. Thanks very much for helping us kick off. Keep it right there, everybody. We'll be back with our next guest. This is theCUBE. We're live from the district at splunk.conf 2017.