Main content

Splunk Conf 19 - Splunk edges closer to accepting it is a business solutions supplier

Martin Banks Profile picture for user mbanks October 29, 2019
Despite the 'tech company’ mantle still front-and-center, the available business solutions both grew in number and waved ever-more strongly from around the edges of tech presentations.


Splunk’s annual extravaganza - Conf – attracted a not insignificant 11,000-plus delegates from around the world to Las Vegas this year, and as the majority of them were very definitely ‘techies’ it was hardly a surprise that mentions of business, or enterprises were, while not absent, a bit thin on the ground.

Instead, a good deal of what was presented, particularly at the two main keynote sessions, had their business implications on show, but severely understated. But if you looked, they were there.

The consumerised user interfaces developed out from the smartphone were perhaps the most obvious example. These had become not just ‘single panes of glass’ management consoles, but well-thought-through and laid-out management vehicles, with their design and layout modelled on what has been learned from the smartphone user interface.

The company had even gone to the trouble of designing its own new typeface – the Data Sans font – to ensure the clearest delivery of unambiguous information. This is an interesting idea, addressing the need for ensuring that the data specifically generated for and about digital data and its corollary, business management data, is clearly understood.

(The only irony here, of course, is the choice of name. Calling a font ‘sans’ says it is `sans serif’ – no characters can have those little tags and additions that help delineate between `I, l and 1, and `I, l and 1’ . In practice, it makes significant use of serifs to ensure that no character can be misinterpreted as anything other than itself.)

Yet as CEO Doug Merritt alluded in his keynote presentation, and made more clear in a follow-up briefing, the company now clearly sees itself not just as an enterprise platform and service management business, but as a supplier, increasingly, of self-service management capabilities for business managers. It is now directly addressing the classic problem: the ever-increasing complexity of both the technology itself, and the business and operational processes that can being addressed using it, needing to be absorbed into a new platform that gives business end users a simpler, more flexible, more understandable interface.

He acknowledged that self-management by business managers – even low-level self-development of applications – is now an important goal. He sees a world where the ‘techie’ side of the Splunk user base operates increasingly at the bleeding edge of problem solving and applications development, while the business side makes increasing use of `playbooks,’ packaged solutions that emerge from the development work of the techies.

A Channel, a Channel, my kingdom for a Channel

Merritt also acknowledged that it was impossible for Splunk to address all the needs of business users directly, especially as their range of possible applications will grow with their experience of working with the technology themselves. This will need, therefore, significant growth in the number and diversity of partners able to re-sell Splunk technology as part of a wider package of applications, tools and, above all, on-going management services. The company already has partnerships with the likes of Accenture and Deloitte – the classic large enterprises consultancies -  but Merritt sees a major opportunity for the re-emergence of the VAR community to re-emerge.

An interesting side bar on this aspect is that the company announced at the conference the launch of Splunk Ventures, a fund set up to unearth and finance new startups with good ideas for the application and development of the company’s technology and products. But in a brief discussion I had with him, Merritt revealed that the fund will also be used to help VARs break into this changing marketplace:

I know that their traditional business models leave them with numbers that are not inspiring for the Venture Capitalist community, which makes it hard for them to raise the capital needed. so we will be using the Venture fund to help them. Tell them to get in touch with us.

The business bias is leaking out

The headline topic at Conf was the formal launch of Splunk Enterprise Version 8.0, and the big advance claimed here was the number of management processes included that had impact on both operations and business management. One of the key issues some of these address is the scale to which users are now looking to take their applications of Splunk, and the ops management tasks this now presents to systems administrators. It is also a mark of the changing times that, as Josh Klahr, Splunk’s VP of Core Products, pointed out, the company is releasing major system upgrades to both on-premise and cloud users at the same time:

There's a bunch of features related to security and manageability they both need, such as how do you make sure the system is healthy, how do you do diagnostics, and how you make sure the right people are seeing just the right data. It helps with multicloud as we've got a lot of customers running the same versions across multiple instances and they want that experience to be seamless.

Two closely related areas the company has addressed are the need for mobile applications and the need to completely rethink dashboarding and presentation of systems management data. The latterhas sprung out of the development work in mobile applications, where the focus is on the delivery of information, clearly and quickly, on a small screen moved the company to look at its own efforts across the board.

This has obvious implications for business use of Splunk as the ability to identify, monitor and observe any number of different KPIs is a fundamental task of business management. This is also where the new typeface, Data Sans, will have its primary role. This is all combined into the new Splunk Mission Control offering.

The company is also extending its efforts into other areas of richer user interfacing, with the introduction of natural language capabilities. Interestingly, the company has not gone with Insight Engines for this role, according to Klahr, despite having invested in the company two years ago. He was unable to name the technology provider, but the application is pretty straight forward, at least to begin with – use a mobile phone to ask Splunk to deliver up information to the phone screen.

This obviously has applications for both sys admins and line of business managers from the off, each of whom has an immediate and on-going interest in KPIs of one sort or another. It might also mean that the dwindling percentage of mobile traffic currently made up of voice calls may suddenly see an uptick if such applications take hold. The level of cheering this received when demoed at the keynote suggests it might prove popular (at least until staff get home). Klahr said:

The mobile team has also be working on the use of augmented reality to really improve data access for non-technical users and anyone working with business or technical assets out in the field. Using a mobile phone or similar device they can scan an asset tag that identifies the specific device – not just its type but the individual devices and its full history – and do anything from update or optimise the software for better performance through to being guided through an on-site repair process. This allows businesses to move from reactive to predictive maintenance, for example, which can save time and money. This is now a really big application area for Splunk.

One development with real business potential is the combined launch of Data Stream Processor and Data Fabric Search. Here the company has brought together the technologies of two recent acquisitions, SignalFx and Omnition. The former provides real-time monitoring and metrics for cloud infrastructure, micro-services and applications, while the latter adds a distributed tracing technology for monitoring micro-services and applications as they operate.

Together, they provide tooling to measure, monitor and manage data on the fly rather than just at rest. So, for example, it will be possible to route data, and perform analytics on it while in motion. Klahr sees this opening up the possibility for machine learning while the data is in motion, meaning action can be taken with it by the time it arrives somewhere:

We can apply machine learning models, do scoring, do data enrichment, data masking, data filtering, data aggregation and a range of other tasks, all on streaming data.

This has obvious business application. It will also allow the system to assess the percentage of data that has no business value and, if necessary, discard it while in transit. It will also allow users to conduct federated searches across multiple data centers.

One important step the company has taken in the direction of business needs can be seen in the launch of Business Flow. In essence, this pulls together many of the capabilities recently introduced that will allow a user to analyse and interact with the flow of a business process to not only directly respond to and resolve a specific component of the process but then analyse out the results in advance and identify others areas of the process where improvements or optimisations can be made, with the aiming of smoothing and speeding the flow of the whole process.

Finally, yes, there were also some security specific announcements with the latest version of Enterprise Security, Version 6.0, and User Behaviour Analytics Version 5.0. The former adds improved asset and identity framework enhancements to improve scalability and performance, while the latter allows Security Operations Centre teams to build advanced, customised Machine Learning models for baseline activities and tracking end user deviations against them.

It is one of the realities for the likes of me that we attend conferences that are not intended for us, to see the world differently from those daily users of the technologies that form the grist for the conference mill. The 11,000+ that attended were very much in favor of the tech being demoed and discussed, cheering and whooping at every announcement. But even more than in past years I sat and listened to ‘tech’, but saw ‘business’ peeping out and waving round the edges of everything I heard. And it was clear that CEO Merritt sees that as well.

The rapid increase in cloud, AI, ML, and edge usage, alongside the absorption of the consequent complexities back into the technology so that new business applications appear which combine greater functional richness with simplicity of operation, means that there is every chance that even the techiest of tech companies (aka Splunk) will, come next year, accept that they are now purveyors of business solutions.

A grey colored placeholder image