Ventana Research Analyst Perspectives

As I listened to the keynote address at, conf2012, the annual Splunk user conference, my initial impression was that the company was spreading itself too thin. The company highlighted four rather formidable areas of organizational focus: Enterprise 5.0, the company’s flagship data platform, which is now in beta; Development, which is support for building applications and integrating Splunk within the broader IT infrastructure; Content, the continued development of core applications and use cases in areas such as systems management and security; and Cloud, based on the recent Splunk Storm product, which targets a new class of customer – namely those developers who use services for everything. Is this broad-based vision a realistic goal, or merely an attempt to appease Wall Street pressure given the company’s relatively recent IPO?

The key to answering this question lies in Splunk’s second objective, Development. Splunk sees its software as a platform upon which the developer community can build applications and create value. This business model has worked for such venerable companies as Microsoft, Apple, Amazon and Facebook.  The key is gaining enough traction, and the main driver of such traction is Splunk’s extensible data fabric, with its 170+ REST-based interfaces and SDKs for Python, Java, JavaScript in beta, and PHP as a public preview. Such an approach allows Splunk to develop many use cases outside its core areas of systems and security, and cover the last mile to the business user with personal productivity tools such as Microsoft Excel and visual discovery tools such as Tableau.

In talking with Splunk customers, I found a real passion for the product. Every customer I spoke with was either in the process of expanding their implementation or planning to do so. When asked about Splunk’s competition, customers couldn’t provide any quick answers; most said that there really was not any competition for Splunk.

Some customers were going as far as having an autonomous Splunk team within their organization with an internal chargeback structure. This got me thinking about the fluidity of the software buying process within today’s organizations, as customer analytics and technology spending shifts toward LOB budgets. In this new age, Splunk is potentially a secret weapon of IT, since it gives the IT department the ability to go to other departments and show its business value.

The trick for Splunk will be to quickly expand the use and usability of its product. Systems management and security have catapulted the company over the proverbial chasm of technology adoption, but in order to live up to expectations, it will have to address the needs of the business users – and Splunk should be able to do that, based on the presentations I saw and executive discussions I had at the conference. A sampling of innovative use cases includes:

• Expedia using Splunk to improve customer experience through increased response times, as well as optimize its search engine bidding process;
• Intuit using Splunk to increase customer intimacy by looking at actual site behavior rather than having to get the stated experience from an already frustrated customer;
• Comcast linking customer search behavior, location and billing information to customize content and usability;
• Bosch using Splunk to tie together sensor data from a network of medical devices to increase usability, satisfaction and uptime for in-home care patients.

These are just a few public cases; I also spoke with large telecommunication companies and government organizations that are using Splunk in innovative ways to use data from systems at any velocity.

At the end of the day, the killer application for Splunk is the same as it was for Google: search. It solves the same problem of expanding sets of distributed unorganized data, and it solves it in much the same way; but note that Splunk uses its own implementation of MapReduce. Our benchmark research into information management shows that data spread across too many applications and systems is the number-one barrier to managing data, and as Google did, Splunk helps to solve this problem with a relatively simple and elegant solution. The only real difference is that Splunk targets the business market instead of the consumer market, and the engine returns machine language instead of human language.

Of course, the Google-like search function is a double-edged sword. The ease of use of search and iterative discovery analytics that Splunk provides its users can add tremendous value. At the same time, the interface is not a business user interface. It will need to expand further with data and visual discovery to provide stimulating presentation of the data, many business users or analysts will not be inclined to use the tool. This is one reason I’m excited to see the integration with Excel and visualization toolsets; as Splunk can roll out these tools, it should be able to grow share with business users. Splunk has made it easy to access the tool with a free download on their website.

My recommendation for clients already using Splunk is to look at the expanded use cases above and see if any of these might apply to your organization. As you build your business case, don’t go to business managers (especially high-level ones) and show them a bunch of machine data. Splunk is definitely able to apply search and analytics on large volumes of data for what my colleague refers to them as big data machine for operational intelligence. Give them the right type of analytics and metrics and show them how Splunk helps solve issues such as the 360-degree view of the customer. For those currently without Splunk, there are many use cases including systems management and security along with customer interactions and experience in which it provides value and can combine systems and business data together dynamically.

Regards,

Tony Cosentino

VP and Research Director