 Welcome back to theCUBE's coverage of splunks.com 2021 virtual. We are here live in the Splunk Studios here in Silicon Valley. I'm John Furrier, host of theCUBE, Spiros Xanthos, VP of Product Management for Observability with Splunk is here inside theCUBE. Spiros, thanks for coming on. Great to see you. John, thanks for having me. Glad to be here. We love observability. Of course we love Kubernetes, but that was before observability became popular. We've been covering a KubeCon since it was invented even before during the OpenStack days. A lot of open source momentum with you guys with observability and also in the customer base. So I want to thank you for coming on. Give us the update. What is the observability story? It's clearly in the headlines of all the stories. Silicon Angles headline is multi-cloud observability security, Splunk doubling down on all three. Correct. Big part of the story is observability. Correct. And you mentioned KubeCon. I was there last week as well. It seems that observability and security are the two most common buzzwords you hear these days. Different from how it was when we started. But yes, Splunk actually has made a huge investment in observability, starting with the acquisition of VictorOps three years ago, and then with omniscient and signal effects. And last year with Plummer, a synthetics company who acquired called Rigor, and FlowMill, and a network monitoring company. And plus a lot of organic investment we made over the last two years to essentially build an end-to-end observability platform that brings together metrics, traces, and logs, or otherwise infrastructure monitoring, log analytics, application monitoring, digital experience monitoring, all in one platform to manage, let's say, traditional legacy and modern cloud-native apps. For the folks that know Silicon Angle and Kube, know we've been really following this from the beginning for signal effects, remember when they started. They never changed their course. They had the right history again from Splunk. You guys, same way. Open source and cloud was poo-pooed upon. People were like, oh, it's not secure. It's not gonna ever work. Now it's the center of all the action. And so that's really cool, and thanks for doing that. The other thing I want to get your point on is, what does an end-to-end observability mean? Because there's a lot of observability companies out there right now saying, hey, we're the solution. We're the utility. We're the tool. But I haven't seen a platform. So what's your answer to that? Yes, so observability, in my opinion, in the context of what you're describing, means two things. One is that when we say end-to-end observability, it means that instead of having, let's say, multiple monitoring tools that are silent, let's say one for monitoring network, one for monitoring infrastructure, a separate one for monitoring APM that do not work with each other, we bring all of these telemetry in one place, we connect it. And exactly because actual applications and infrastructure themselves are becoming one, you have a way to monitor all of it from one place. So that's observability. But the other thing that observability also is, because these environments tend to be a lot more complex, it's not just about connecting them, right? It's also about having enough data and enough analytics to be able to make sense out of those environments and solve problems faster than you could do in the past with traditional monitoring. That's a great definition. I've got to then ask you, one of the things that's coming up that came out of KubeCon was clear, is that the personnel to hire to run this stuff, it's not everyone's can get the skills gap problem. At the same time, automation is at an all-time high. People are automating and doing AI ops, GitOps. What do you want to call this a buzzword for that? Basically automating the data observability into the CICD pipeline, huge trend right now. And the speed of developers is fast now. They're coding fast. They don't want to wait. I agree. And that's exactly what's happening, right? We went, essentially, from traditional IT where developers would develop something that would be deployed months later by some IT professional. Of course, all of these coming together, but we're not stopping there, as you say, right? That is shifting left, it's going earlier into the pipeline. Everyone expects, essentially, let's say, monitoring to happen at the speed of deployment. And I guess observability, again, is this, or as a requirement of observability, is this idea, let's say, that I should be able to monitor my applications in real time and get information as soon as something happens. What's the evolution of the shift left trend? Obviously, for the people that don't know what shift left is, you put security at the beginning, not bolted on at the end, and the developers can do it with automation, all that good stuff that they have. But how real is that right now in terms of what's happening? Can you share some vision and ideas and anecdotal data on how fast shift left is, or is there still bottlenecks in security groups and IT groups? So, there are bottlenecks, for sure. In my opinion, we are with, let's say, the shift left or the dev sec ops trend, where we were between IT and devs maybe a few years ago. And it's both a cultural evolution that has to happen, so security teams and developers have to come closer together, understand, like, say, the consensus or the requirements of each other so they can work better together, the way it happened with dev ops. And also it's a tooling problem, right? Like, still, observability or monitoring solutions are not working very well with security yet. We at Splug, of course, make this a priority and we have the platform to integrate all the data in one place, but I don't think it's generally something that we have achieved as well as an industry yet, and including the cultural aspects of it. Is that why you think end-to-end is important to hit that piece there so that people feel like it's all working together? I think end-to-end is important for tourism, actually. One is that, essentially, you have, as you say, you hit all the pieces from the point of deployment, let's say, all the way to production, but it's also because, I think, applications and infrastructure, a familiar infrastructure with Kubernetes, microservices, are introducing so much more complexity that you need a step-function improvement in the tooling as well, right? So that you can keep up with the complexity. So bringing everything together and applying analytics on top is the way, essentially, to have this step-function improvement in how your monitoring solution works so that it can keep up with the complexity of the underlying infrastructure application. That's a huge point, Spiras. I got to double down on that with you and say let's expand that because that's the number one problem. Taming the complexity without slowing down, right? So what is the best practice for that? What do people do? Because, I mean, I know it's evolving, it's going faster, but it's still getting better, but not always there, but what can people do to go faster? So, and I will add that it's even more complex than just what the cloud, let's say, native applications introduce because especially large enterprises have to maintain their fruit team, their on-prem footprint legacy applications that are still in production and then still expand. So it's additive to what they have today, right? If somebody was to start from a clean slate, let's say, start with Kubernetes today, maybe, yes, we have the cloud native tooling to monitor that, but that's not the reality of most enterprises out there, right? So I think our goal at Splunk, at least, is to be able to, essentially, work with our customers through their digital transformation and cloud journey so to be able to support all the existing applications but also help them bring those to the cloud and develop new applications in a cloud native fashion, let's say, and we have the tooling, I think, to support all of that, right? Between, let's say, our original data platform and our metrics and traces platform that we developed further. That's awesome. And one quick question on the customer side. If I'm a customer, I want observability, I want this, I want everything you just said. How do I tell the difference between a pretender and a player, a good solution and a bad solution? What are the signals that this is the real deal, that's a fake product? I agree. So, I mean, everyone obviously believes they're original. So I'm not sure if I will, but here's my perspective on what truly is a requirement for observability, right? First of all, I think we have moved past the time where, let's say, proprietary instrumentation and data collection was a differentiator. In fact, it actually is a problem today if you are deploying that because it creates silos, right? If I have a proprietary instrumentation approach for my application, that data cannot be connected to my infrastructure or my logs, let's say, right? So that's why we believe open telemetry is the future and we start there in terms of data collection. Once we standardize, let's say, data collection, then the problem moves to analytics and that's, I think, what the future is, right? So, observability is not just about collecting a bunch of data and dumping it back to the user, it's about making sense out of this data, right? So the name of the game is analytics and machine learning on top of the data. And of course, the more data you can collect, the better it is from that perspective. And of course then, when we're talking about enterprises, scale, controls, compliance, all of these matter, and I think real-time matters a lot as well, right? We cannot be alerting people after minutes of a problem that has happened but within a few seconds if we want it to really be proactive. I think one thing I'd like to throw out there maybe get your reaction to it, I think maybe one other thing might be enabling the customer to code on top of it because I think trying to own the vertical stack as well is also risky as a vendor to sell to a company, having the ability to add programming ability on top of it. I completely agree actually. And in general, giving more control to the users and what do they do with their data, let's say, right? And even allowing them to use open source whatever it's appropriate for them, right? In combination maybe with a vendor solution when they don't want to invest themselves. Build their own apps, build your own experience, that's the way the world works, that's software. I agree, and again, Splunk from the beginning was about that, right? We have thousands of apps built on top of our platform. Awesome, well, I want to talk about open source and the work you're doing with open climate shoes. I think that's super important. Again, go back even five, 10 years ago. Oh my God, the cloud's not secure. Oh my God, open source has got security holes. Turns out it's actually the opposite now. So, you know, finally the people woke up. But it's gotten better, you know? So take us through the open telemetry and what you guys are doing with that. Yes, so first of all, my belief, my personal belief is that there's no future where infrastructure is anything but open source, right? Because people do not trust actually closed source solutions in terms of security. They prefer open source at this point. So I think that's the future. And in that sense, a few years ago, I guess, our belief was that all data collection instrumentation should be standards-based, first of all, so that the users have control. And second should be open source. That's why we, at Omniscient, the company I co-founded that was acquired by Splank, we were one of the maintainers of open sensors and then we brought together open sensors and open tracing in creating open telemetry. And now, open telemetry is pretty much a de facto. Every vendor supports it. It's the second most active project in CNCF. And I think it's the future, right? Both because it frees up the data and breaks up the silos, but also because it has support from all the vendors. It's impossible for any single vendor to keep up with all this complexity and compete with the entire industry when we all come together. So I think it's a great success. I guess kudos to everybody, kudos to CNCF as well, that was able to actually create some of this product. And probably, yeah, CNCF's done an amazing job in going to all those events all the years and all the innovations have been phenomenal. I got to ask you about the silos that you brought it up multiple times. And again, I think this is important just to kind of put an exclamation point on. Machine learning is based upon data. If you have silos, you have the high risk of having bad machine learning. Yes. Okay, so that's, you agree with that? Completely. So customers, now you got to understand this. If you have silos, that equals bad future. Correct. Because machine learning is baked into everything now. And I will add to that. So silos is one problem and then not being able to have all the data is another problem, right? When it comes to being able to make sense out of it. So we're big believers in what we call full fidelity. So being able to connect every byte of data and do it in a way that makes sense, obviously economically for the customer. But also have let's say high signal to noise ratio, right? By structuring the data at the source, open telemetry is another contributor to that. And by collecting all the data and by having an ability, let's say to connect the data together, metrics, traces, logs, events, incidents. Then we can actually build a lot more effective tooling on top to provide answers back to the user with high confidence so then users can start trusting the answers as opposed to they themselves always having to figure out what the problem is. And I think that's the future and we're just starting. So I want to ask you now and my final question is the culture. And when you have scale with the cloud and data goodness where you have people actually know the value of data and they incorporate it into their application, you have advantages, you have competitive advantages in some cases, but developers who are just coding love DevOps because it's infrastructure as code. They don't have to get in the weeds and do the under the hood. Data has that same phenomena right now where people want access to data but there's certain departments like security departments and IT groups holding back and slowing down the developers who are waiting days and weeks when they want it in minutes and seconds for have these kinds of things. So the trend is, well, there's first of all this there's the cultural of people aren't getting along and they're hating each other or they're not liking each other. There's a little conflict. Always kind of been there, but now more than ever because why wait? I agree. How can companies shorten that cycle, make it more cohesive, still decouple the groups because you got for you got compliance. How do you maximize the best of a good security group, a good IT group and enables as fast as possible developers? I agree with you by the way this is primarily cultural and then of course there is a tooling up as well, right? But I think we have to understand, let's say as a security group and as a set of developers what are the needs of each other, right? Why we're doing the things we're doing because everybody has the right intentions to some extent, right? But the truth is there is pain. We are me, I mean myself like as we develop our own solutions in a cloud native fashion, we see that, right? We want to move as fast as possible but at the same time we want to be compliant and secure, right? And we cannot compromise actually on security or compliance. I mean that's really the wrong solution here. So I think we need to come together, understand what each other is trying to do and provide and actually we need to build better tooling that doesn't get into the way. Today oftentimes it's painful to have let's say a compliant solution or a secure solution because it slows down development. I think we need to actually, again maybe a step function improvement in the type of tooling we have in this space so it doesn't get into the way, right? It does the work, it provides let's say the security, the security team requires provides the guarantees there but doesn't get in the way of developers. And today it doesn't happen like this most of the time. So we'll have some ways to go. And Garth is mentioning how you guys got some machine learning around different products. Is one policy kind of gives some open, guard rails for the developers to bounce around and do things until they have to put a new policy in place, is that an answer with automation? Big time automation is a big part of the answer, right? I think we need to have tooling that first of all works quickly and provides the answers we need and we have to have a way to verify that the answer are in place without slowing down developers. Splank is, I mean, out of you let's say of DevSecOps in particular is around that, right? That we need to do it in a way that doesn't get in the way of let's say the developer and the velocity at which they're trying to move but also at the same time collect all the data and make sure we know what's going on in the environment. Is AIOps and DevSecOps and GitOps all the same thing in your mind or is it all just labels? It's not necessarily the same thing because I think AIOps in my opinion applies let's say to even more traditional environments where you want to automate let's say IT workflows in legacy applications and infrastructure. GitOps in my mind is maybe the equivalent when you're talking about like cloud native solutions but as a concept potentially they are very close I guess. Well, great stuff, great insight. Thanks for coming on theCUBE. Final point is what should take this year of the live we're in person but it's virtual. We're streaming out. It's kind of a hybrid media environment. Splunk's now in the media business and studios and everything. Great announcements. What's your takeaway from the keynote this week? What's your, you got to share to the audience this week's summary. First of all, I really hope next year we're all going to be in one place but still given the limitations we had I think it was a great production and thanks to everybody who was involved. So my key takeaway is that we truly actually have moved to the data age and data is at the heart of everything we do, right? And I think Splunk has always been there as a company but I think we ourselves really embrace that and everything we do is everything, most of the problems we solve are data problems whether it's security, observability, DevSecOps, et cetera. So. Yeah, and I would say, I would add to that by saying that my observations during the pandemic now we're coming hopefully to the end of it you guys have been continuing to ship code. Yes. And with real, not vaporware, real product the demos were real and then the success on the open source. Congratulations. Thank you. All right, thanks for coming on theCUBE. Appreciate it. Thanks a lot. Okay, CUBE coverage here at dot com Splunk's annual conference virtual is theCUBE, we're here live at the studios here at Splunk Studios for their event. I'm John Furrier with theCUBE. Thanks for watching.