Splunk and the pursuit of the business use case

SUMMARY:

According to SVP Rick Fitz at the company’s recent .conf2017 in Washington DC, the coming year will see a real splurge of development in business use for Splunk.

Chasing business use cases

It’s a simple enough thesis:

We have seen it before in IT and security, and we are now starting to see it in business. It takes time, but business people hear a business story and think, ‘maybe I could do this too’.

This was Rick Fitz, Splunk’s SVP for IT Ops and Development, Business Analytics and IoT, outlining the core change that is now underway in an emerging interest amongst business managers about how Splunk’s machine log analytics capabilities might apply to business management:

Most often the use of Splunk starts in the IT/ops or Security/Ops areas of a business, with a great deal of cross fertilisation between them. The business management side of the business then starts to pick up on it and the potential it might have there. But that dynamic is now in the process of developing and business managers are starting to come to Splunk directly with enquiries on what is possible. This as a great example of the ‘ah-ha’ moment in action, the point in time when a type of user ‘gets it’.

Part of job is now to pull out the stops on fostering the process and moving Splunk into the world of direct Biz/Ops rather than as a spin-off. Speaking to diginomica at the recent Splunk .conf2017 event in Washington DC, he outlined how the company is tracking the new business focused use cases that users are starting to come up with.

When one comes up that represents a user experience that can be sold to the mass market, the company makes a move to develop and build on it. There are now several of those examples based on Splunk Enterprise, he said:

Dubai Airport, where the entire airport operations are being run off the back of machine data, is a case in point. That is an example where there is a large amount of sensor data being generated from a large number of different areas across the business.

The goal is the create a user experience much more tailored to the business user than the normal target of the techie, as each side sees data completely differently. Security people, he suggests, talk about threats, while IT people talk about how to fix things and resolve problems. Business users, however, don’t want to learn how to code-up Splunk, they want to get to information about their business metrics and we try to build user experiences that help them interact with their data. So what’s now needed are enough examples so that a design can be pulled together to map onto the broader market.

There are characteristics being seen consistently now: such as the pressure on real time operations. Business users are less concerned about historical data in Fitz’s view, so they need time-series data that provides access to the most current data available. That way they can improve their customer experience or trap business problems as they develop. The primary goal it to provide tools that help users look in the ‘now’, observing the data and, maybe, physically observing the process.

The company expects many of these developments to come through via third party partners and this is already starting to happen. For example, natural language query building was demonstrated at the .conf event, as was the growing application of augmented reality for tasks such as annotating a photograph of an object with all the data that is known about it. This would be aimed at technicians working out in the field fixing something. If they can take a photograph of a unit or sub-system or sensor, it can then be annotated with everything we know about its specification, operation and maintenance requirements.

There seems to be a specific advantage for Splunk when it comes to Biz/Ops and business management applications. Because the core technology is analysis of raw machine logs, performing a classic business task – a database query – requires a query to be written just the once and put it to work simultaneously on every and any database system being used. The query does not have to be re-written to work with the specific query syntaxes of individual applications.

According to Fitz, Splunk is currently doing much experimentation in areas such as these:

We don’t have all the answer yet when it comes to Biz/Ops, but we are seeing patterns emerge.

That is an observation which prompts the obvious question: how far down the road is all this? Fitz reckoned:

Some are already available, using our search and reporting applications, today. We are working on the user experiences and the processes – the flow users go through – trying to get that right. I would say we are a year or so away from getting that right. We still haven’t nailed the user experience, though we have some prototypes we’re working on, so we’re still in our concept phase on this.

His mention that some business people are not well-disposed to the idea of using SPL (the programming language) leaves the door open for a Biz/Ops adaptation of it to make an appearance, and Fitz acknowledged the possibility that an approach developed for IT/Ops users – a `back door’ specifically tailored for IT/ops tasks – may well be reworked for Biz/Ops people:

It has to be said that business analysts, who often have a data science background, totally get SPL because it represents datasets, pipelines and the rest. But for classic business management users, I expect to see metaphors for business actions and activities coming through. We have tried something around an Excel spreadsheet metaphor which sort of worked, but didn’t quite nail it. So we’re still working on that.

He certainly sees the natural language interface holding out great potential in this area, and it is investing heavily in this area.  The company is also investing in other interface options between business activity and raw Splunk, such as working with images and AI tools. In most cases, the investment is more in a co-marketing effort that anything else, for with much of this the company is still not certain which options are going find sweet spots with business users.

My take

It is a fair bet that next year’s Splunk conference will see a large rush of new business applications based on the use of machine log analysis. What is more, it is a safe bet that many of these will come from new partners with eyes fixed firmly on the business management marketplace.  In part 2 of this look at Splunk’s move into the Biz/Ops sector, I’ll take a look at how start up, Insight Engines, is starting to make natural language querying look more than a bit useful).

Image credit - Freeimages.com/ Mihai Eustatiu