How Splunk is expanding beyond IT and security users

How Splunk is expanding beyond IT and security users

Vendor started life as a big data analytics platform for IT professionals

Credit: Dreamstime

Machine data specialist Splunk is looking to expand its user base beyond IT and security professionals with a new approach to product development under what it calls Splunk Next.

Speaking to Computerworld UK before the vendor's conference in Orlando, head of product marketing Jon Rooney said: "One of the guiding principles is to bring the power of Splunk to more people."

While Splunk CEO Doug Merritt said in a press release: "We are in the midst of the data revolution, and these product updates ensure the Splunk platform evolves as our world does to deliver business outcomes no matter the organisation, team or dataset."

Splunk started life as a big data analytics platform for IT professionals looking to index and make sense of their machine data. It has since pivoted to security, helping teams do the same to combat cyber threats.

"A lot of our success has been bottom up through IT and security practitioners," Rooney said, "which is great and still the core of our DNA, but there are a lot of types of users and functions across a business that maybe don't know about Splunk."

Building an experience layer

In terms of actually delivering this, Splunk has made announcements for things like a revamped iOS mobile app and natural language search functionality.

The new iOS app includes alerting and simplified authentication and the ability to take actions directly within the app.

"If you're at a sporting event, you get an alert from Splunk and you don't have to open a laptop, VPN in and do stuff," Rooney said. "You can look and interact with dashboards and take an action like shutting down a port, for example, on the phone."

Natural language search "abstracts away the complexity of working with our search language, or things that are a bit more hands on keyboard for our power users," he said. "We want to create an experience layer for the non-super users to get value out of Splunk."

This includes allowing users to interact with Splunk data via a voice assistant or a chatbot on Slack.

This shifts Splunk into a more established analytics market that is far more competitive, with the likes of business intelligence (BI) pure plays Tableau and Qlik to reckon with.

"We always want to go from our position of strength because the value of Splunk is never going to be a beautiful dash-boarding experience on top of tightly structured data," Rooney said.

"Our special sauce is our ability to correlate and make sense of data you couldn't jam into a relational database and put another BI tool on top of, it is still the idea of bringing insight to chaos."

However, he added: "We will always have the notion that people who want access to the bare metal get access to the bare metal. We are always going to have the super user experience and a lot of the enhancements to Splunk Enterprise are focused on that."

One example of Splunk moving into different business areas is Splunk Business Flow. Currently in beta, it is aimed more at the traditional BI space.

Rooney uses the example of an online product manager who wants to know how a customer is progressing through a product, and being able to surface that "in a way that is more drag and drop and more visual".

Splunk's recent foray into the internet of things (IoT) is another example of the vendor looking to reach new audiences, focusing its first product in the industrial IoT space with predictive maintenance for manufacturing customers like BMW.

"We did a lot of market research and talking to customers on what is the right beachhead for us and where we could get started," Rooney said. "Obviously there is tonnes of opportunity, but we didn't want to be an all things to all people player in IoT."

Splunk Next

Rooney was speaking more broadly about what the company is calling Splunk Next, a more forward-looking approach to product releases.

This will bring "the power of Splunk to more data sources and more people no matter where, when or how they access that data to deliver limitless insights," the vendor said.

"We have updates to our entire portfolio, including [new additions to the portfolio] Phantom and VictorOps, but we are also doing a series of initiatives that are really about expanding the footprint of what we can do from a product perspective," Rooney added.

As a result the first two beta products announced at .conf were Splunk Data Stream Processor and Splunk Data Fabric Search.

The first allows customers to do more with their data while it is in motion, instead of waiting for it to hit the index. The latter is a highly scalable search functionality that works across indexes.

Leveraging acquisitions

Splunk is announcing a lot this week during .conf, and Rooney puts that down to its recent raft of acquisitions, which has aided growth of the product team at Splunk by 55 per cent in the past year.

"It's twice as much product as we announced last year because through acquisition we have picked up a lot of product teams," Rooney said.

"So not just Phantom and VictorOps, but companies like SignalSense and Rocana. We wanted people that were born in the cloud and big data, so that's given us a ton of product velocity."

VictorOps is a collaboration tool for devops teams to speed up issue resolution and Phantom brings automation and orchestration capabilities to security teams.

The next thing for Splunk is taking those acquisitions and helping them broaden out their target audience. "I think the plan for all of those acquisitions is to expand it more," he said.

More specifically: "While Phantom as we acquired it was a security company, we are going to take those underlying capabilities and apply it to multiple use cases starting with IT.

"Likewise with VictorOps, you think of it as a collaboration and incident response platform for IT, we want to make sure we leverage those same capabilities for our security customers."

Machine learning

Splunk is also continuing to invest in machine learning across its portfolio to help users get to their insights faster.

"We will continue to make investments into machine learning with new versions of user behaviour analytics, which does insider threat detection, anomaly detection for security folks," Rooney said. "Which is really important as the talent shortage continues and people can't hire enough, so how do you start to leverage technology to take care of the first line of defence?

"That model of interaction and the idea that you only boil up the action for the security professionals where you only really need a human brain."

Splunk is also increasingly looking to give users of its IT Service Intelligence product more predictive alerts and actions with its 4.0 release.

"People want to be able to see the health of their systems, looking ahead and trending forward to alert you ahead of time so that you can remediate that problem before it happens," Rooney said.

Lastly, the vendor is expanding its Machine Learning Toolkit by allowing customers to share, shape and build algorithms from GitHub community contributions, extend contributions and functionality from TensorFlow and use a new connector for Apache Spark to tap into the MLib library.

Tags splunk

Show Comments