 Live from the MGM Grand Convention Center in Las Vegas, Nevada, it's The Cube at Splunk.conf 2014. Brought to you by headline sponsor, Splunk. Here is your host, Jeff Kelly. Welcome back everybody to Splunk Conference 2014. Live here on The Cube, I'm Jeff Kelly with Wikibon. I'm joined by Greg Kleinman, who is the director of Big Data Strategy at Red Hat, as well as Sandeep Kinesha, who's the vice president of business development worldwide sales at Function One. Guys, welcome to The Cube. Thanks. We're having a great time here at the show, we're interviewing a lot of interesting people. It's great to have you on. So, Sandeep, let's start with you. I think Function One is maybe a company that our audience might not be too familiar with. Why don't you tell us a little bit about Function One and your role? Absolutely. So, like I said, I'm the VP of business development worldwide sales. The company was founded in 2007 as a solutions and services company. We partnered with Oracle, Splunk, and a couple other vendors along the way. And, you know, we basically have three arguably four lines of business, data security, operational intelligence, and web content management. And, you know, within the operational intelligence space, we're a partner with Splunk. We partnered with Splunk about five years ago. And that's kind of what brought us to the conference. You know, we obviously partnered with Red Hat earlier this year. We're going to start to build a relationship there as well. It's great to be here. So you're going out and taking these technologies from companies like Splunk and helping your customers implement them and make the best use of them? Right. It's essentially we will start out with a customer that, you know, recently purchased the product, help them understand where they're going to get the most value from it. Right. Some of it's identifying use cases. Some of it is just helping them, like, architect it so that it's a solution that's going to last for them. Right. Having done hundreds of deployments now, it's nice to see customers grow. You know, we work with customers that index like 20 to 30 terabytes of data per day, which, you know, on the grand scheme of things is a ton of data. Right. These are massive data sets. So, you know, our relationship there and what we do with customers is basically ensuring that they get, A, the most value out of the product. They're getting, you know, the experience that is necessary to roll out enterprise class deployment. Right. And then, advise them along the way, you know, in a solution to services capacity to make sure they're getting, you know, what they need from it. Right. So, I mean, when you think of Splunk, you think of the, you know, the storage as a component of it, but it's not, Splunk is not designed to be a large scale storage system. Right. So, and I'm, I'm supposedly, that's where Red Hat comes in to kind of help address that issue. Tell us a little bit about, Greg, about Red Hat's role in relationship with Splunk and how you're helping Splunk customers kind of deal with their storage constraints. Yeah, sure. So, as Cindy mentioned, you know, a lot of large customers are struggling. They're throwing out data. They'd like to keep more data to get better analytics, but they're struggling with managing the storage. So, that's where Red Hat comes in. So, we have a new solution that we announced last week, which is kind of a hybrid approach to storage for Splunk, where we keep the hot and the warm data on the index server. So, that provides very good performance for indexing and searches. And then we move the cold data off to Red Hat storage. And that, by doing that, we get the advantages of shared storage where it's very easy to manage. We get better availability. We can handle failures and still serve the data. Very easy to manage, so it keeps the management costs low. But, by keeping the hot data on the index servers, we get very good performance at the cost of commodity servers. So, that really gives Splunk customers the best of both worlds. They get very high performance at a very low cost. And they get better business outcomes because they can keep more data around. That's key, right? I mean, that's the customer that, if you have a customer that's been using Splunk for six months or a year, the reason they're using it is because they can do, like, the pattern recognition, the anomaly detection, you know, generate their ports, like, on the flat for what they need, but it's based on these really massive data sets. So, you'll find, like, a commonality amongst customers is they'll keep the data around, you know, for maybe 45 days depending, or years, depending on what the retention requirement is. And, like, the cost of keeping that data around, if you're talking about, you know, a terabyte or two terabytes of data per day that you're indexing, over a year, that's 700 terabytes, right? So, you know, if you're, maybe the retention requirements will keep it around for several years, right? And the cost of storage will come prohibitively expensive. So, what customers start to do is they either don't keep the data around, right? Or they offload it to something that, like, a shared storage where you're losing performance on it, right? And it's a huge problem, which is what, I mean, Red Hat Storage offers that new hybrid solution that, you know, gives you, like Greg said, it's the best of both worlds. So, the idea is you can store much more data at a reasonable cost, but still have that data available for analysis when you need it to easily bring that back to this one environment should you decide to do that. Is that kind of the value proposition? Exactly. So, then a cold storage is still searchable. So, you know, for, especially for things like cybersecurity analytics, right? The more data you have, the better security you have. Most analysts will tell you that. So, by having a very large cold storage pool, you actually improve your analytics. But you get all the advantages of making it very easy to manage, because managing very large environments on direct-attached storage inside the index service gets to be very cumbersome and just overloads the people. So, this allows them to take that cold storage, which is usually going to be 80, 90 percent of their data and put it on storage that's designed to very low cost, very high-scale, you know, up to petabytes, very easy to manage. But you can still search it, right? So, you still can look for the needle in the haystack for the person who made a break-in attempt, you know, two years ago, correlate that to something that happened last week, see a pattern, you go, oh, whereas if you didn't have that data, you wouldn't have that insight. Right. Well, I think this is a really important conversation because we hear a lot from the Wikibon community. They're, you know, very interested in Splunk, but they want to understand where does it fit in this larger big data world? Because, you know, Splunk is not necessarily designed for petabytes of data. That's not what it's for. It's for more hot data that's coming in relatively real-time operational use cases. But as you said, when you've got that historical context to draw on, your analytics is going to be that much better. And we hear more and more, particularly around security use cases where the analytics component is extremely important. So, Cindy, if I wonder if you could talk a little about maybe some of your customers and what you're seeing and some of the benefits they've gotten from, you know, larger-scale uses of Splunk. Yeah, absolutely, right. I mean, so that really comes down to, like, what the, you know, what the use case is, what the scenario is, right? And what you'll find is that, you know, a good portion, arguably almost half of the customers are using Splunk for security, right? I mean, it's the product that's going to show you where your holes are, right? There's the other side of it, I mean, the other 30, 40-ish percent of customers, you know, that are using Splunk for everything from, you know, improving trade transaction in a financial services company, you know, to tracking POS things in a retail services company, right? I mean, it's the value, the concern, the issue, depending on how you look at it, right, is being able to, to your point, right, get that immediate real-time reporting based off something that just occurred, you know, whether it was two days ago or two minutes ago, right, the thing being able to map that out as a pattern, like, what is the pattern? And that's kind of what Greg said earlier, right? I mean, it's, in order to, you know, get the most out of your data, right, and I'm not trying to cliche it or anything, but in order to get the most out of your data, you need to have most of your data around to search it, right? So when you look at what our customers are doing, right, there's, it's a bit of a mix of bad, right? I mean, there's some customers that have kind of gotten used to the fact that they're just not going to have their data around, right? So they've devised different search algorithms and different logic, right, to do that type of pattern recognition, right? The case can be made, is that the best approach, right? And the answer to that is no, it's not. It's what you do, giving your limitations, right? So a lot of our customers will ask us, so all right, well, you know, what's our next option? What's our next bet? That's bet. What do we do to be able to improve our ability, improve the quality of the results that we're getting back, right? And there are things you can do, you know, from swanky and working within the confines of what the product can do, summary indexing and to just basically trim down the amount of data you're looking at. But if you're looking to get that real recognition, you can't really get it from, like, blocks of summary index. I mean, you can, and it's a great way to do it. I mean, it's definitely not a not-to-word summary indexing. Summary index is fantastic, right? However, having access to the full dataset is much more valuable than, you know, what you get from, you know, random points in time. So, yeah, I mean, that's really one of the key value propositions of, you know, what the movement known as big data, whether you like that term or not. I mean, one of the benefits is you don't have to sample that data anymore. You can bring in all your data and you can find those outliers and maybe you couldn't find if you were just looking at a sub-segment. So, Greg, from your perspective, how are Red Hat customers adapting to this big data world? I mean, it's one thing to have the technology to help them store more data, but you also have to have the understanding on the customer side of what the possibilities are. Part of it is a mindset change that, okay, we don't have to limit ourselves to just certain datasets. Are your customers, in terms of their mindset, keeping up with the technology that's allowing them to do these things? Yeah, yeah, I think that, and if anything, the customers are pulling it, right? So, they're kind of in the middle of seeing their data lifecycle change. As you said, right, the old way was bring the data in, put it in a big structured database, and then throw SQL at it, right, throw analysts at it. They're now in a world where they, it's sort of schema on read, right, where bring all the data in, let's stick it in a big pool, and then let's start playing with it. And that's something that, you know, the enterprises, the traditional guys are, it's a totally different mindset. They don't kind of get there easily, but a lot of the new users, like the marketing departments and the operations teams and the IT, a lot of the people that are here, they get it, and they immediately see the value in just bringing in the data, let's start using it, and then all of a sudden the use case is explode, and everybody wants access, and now all of a sudden they want to keep more data. And so, that's really what's driving the customers, is they see the business benefit, like we saw in the keynotes, like we've seen in a lot of the sessions today. They're seeing accelerating business benefit from bringing in all the data, and then being able to run kind of ad hoc analytics and just make it available to everybody, that's pulling the technology through. And then they now have needs to, oh, we now need to save twice as much data, or three times or ten times as much data as we thought. Gee, we need a lower cost way to do that, that will still scale out, and that's pulling things like Red Hat Storage into the new use cases. And what role, if any, at this point is the cloud play? Are you seeing your customers looking to, looking to cloud to alleviate the need to have these systems on premise where you've got a, you still got to bring in the hardware and you've got to maintain your data centers, and the cloud offers a way to abstract away some of that challenge. Are you seeing the cloud play an increasing role in kind of this large scale data storage? Yeah, absolutely. If anything, we see, so the cloud adoption is driven by the cost savings within IT, right? It's just a much more efficient platform to run on. But as you look at, okay, what workload do we want to put on the cloud? Things like big data are very attractive because they're big, and there's tons and tons of data, and just like we talked about, you want to share that to lots of places, just like Splunk Show talks about. Once people get a taste of it, they want more of it. And all of a sudden, you've got people using it that you didn't expect to use it. That's the perfect scenario for cloud. It scales out easily, it's very fast to implement, and you want to share with lots and lots of people, and the cloud platform allows you to do that. So we see big data as kind of a leading workload for things like cloud. Yeah, Sandy, what are you seeing in terms of your customer base? Relative cloud adoption, and kind of this collision course between big data and cloud, are the two kind of good pairs, as Greg was describing? Yeah, I mean, there's definitely a lot of customers that are moving in that direction. There's, I would say, as far as saying the adoption of it goes, it's an evolving process. There's definitely people that are a little bit hesitant towards it, there's definitely customers that are all about it. When you kind of compare the two, say where we are today to where we think we'll be six months or a year from now, the number of people and customers that are moving towards cloud is going to increase. That's potentially a poor variety of reasons. I mean, there's the hardware cost, there's the total cost of ownership, honestly. The amount of time that gets spent managing your hardware, managing the deployment, which just goes away. I mean, it's not gone entirely, but it's far less than what it would have been had you had everything in-house. And there's definitely movement there. I mean, I think from the ability to search over data and massive amounts of data, that's going to remain unchanged. But the biggest thing that's going to change is the amount of time that gets spent managing that infrastructure. It's no longer, you think about it in terms of productivity. I mean, how much of your time gets spent into the upkeep, the maintenance, the patching, the availability, the ability to elastically expand. It's time consuming, it's also really expensive. So when you're looking at the Splunk cloud or the cloud in general, that's the value add. For newer customers to Splunk and customers that aren't necessarily sure that that's the direction they want to go in, it's a no-brainer. I mean, hey, let's take this thing up, let's get started, let's move towards it. But the customers that are a little more established that have been using the product or products like it for several years, I don't know. I've had the conversation with our customers, especially ones that are doing 10, 11 terabytes a day. I'm like, hey, do you want to go in this direction? You'll save this much money. You can reallocate that money to enriching the value add that you're getting out of the product as opposed to the technology stack of making the product run. There's definitely a case to be made there. But I think it's something you'll see more in the next six months to a year than the customers that are using it today. Yeah. So, we only have a couple minutes left. Greg, we'd love to get your take on Splunk. I mean, so we're seeing, you know, several announcements here this week around, you know, they're rolling out things like Mint, their mobile application, but even taking a step back from any specific announcements. I mean, what is your take on Splunk's development over the last year, couple years? I mean, now that they're a public company, they're growing like crazy, they've got pressure from Wall Street, of course, as well. What's your take on how Splunk is developing and investing their resources? Yeah, so, I mean, from our perspective, it's a rocket ship, right? Just like we're seeing sort of very fast-paced adoption in our customer base. It's a very sort of high-growth application for running on rail, and we obviously see that. A lot of people run Splunk on Red Hat and Price Linux. We're also seeing pickup in our middleware businesses, where people are asking for, how does this work with Splunk? How can I get my data into Splunk? How do I get my data out of other things into Splunk? So we're seeing it across the board in our business, so it's very pervasive and high-growth in our customer base. The thing you see on the charts up to the right, that's what we see happening in our customer base with Splunk. In terms of your customers, do you feel like Splunk did the areas where they're investing their money around enabling more rapid application development and mobile first and security? Are those areas aligned with what your customers are most interested in? I mean, it's something that customers are demanding now for, you know, they first came to Splunk a couple of years ago and in the last year or two there needs to be a better way and a faster way of producing apps on Splunk and they've done that. I mean, Splunk's lived up to what they've committed to their customer base in a great way. Splunk for Mint is huge. It's an enormous step forward that customers want. A lot of customers spend their time developing those things on the mobile frameworks. Now you don't really have to. It's been a tremendous opportunity to get there. We've been a pretty large part of making those things happen behind the scenes. Working with Splunk Engineering and other folks as well as customers to kind of proof out the concepts. But the fact that Splunk committed to it, they lived up to it and they delivered it. So it's going to be huge. Well, we'll be interested to see next year when we're back here at the show kind of the progress that they've made. So Greg from Red Hat, Sandy, Function One. Thanks for watching. Keep it there. We're going to be back in just a minute with continuing live coverage of Splunk Conference 2014, live on The Cube, here in Las Vegas. Stay tuned.