Splunk .conf keynote notes, quotes & anecdotes

What’s not to love about log file management and trace analytics?

Nothing apparently.

Splunk managed to attract what was claimed to be somewhere over 11,000 attendees to Las Vegas for its .conf 2019 conference and exhibition… and the geek-cognoscenti were there in force to dig deep in all things logs and machine data.

CEO Doug Merritt explained that the event is now in its 10th year and the gathering has grown from what was just 300 attendees in its first year.

Merritt thinks that this is ‘just the beginning of the first data age’ and that the future has everything it in from printed foods, to flying cars to mission(s) to Mars.

“In the [near] future, there will be those companies that seize the opportunity to do [productive] things with data… and those that simply don’t exist,” said Merritt.

But as positive as the drive to data is, CEO Merritt says that there is a real need to ‘liberate’ data, because so much of it is locked into systems, devices and machines.

The ‘shape’ of data

We know that some data is static and stable, we know that data sits in many different data sources and repositories, we know that data works on different time-scales from milliseconds to months, we know that some data is structured, some is unstructured… and some is even semi-structured, even further, we know that some data is streaming data and some data sits in a more orchestrated and federated state than others.

Merritt says that Splunk has been engineered to be able to deal with all those data sources and work to provide the right level of analytics.

So for all of this data, Splunk is aiming to differentiate its offerings for organizations who need to use data in lots of different ways. The company is also looking to provide new levels of infrastructure-based analytics and also offer rapid adoption packages based upon recognised industry use cases.

“As you solve increasingly complex [data] problems, you [the attendees] will be showing the rest of the business what is really possible with new insights in the data that underpins company operations,” said Merritt.

Splunk VP of customer success and professional services Toni Pavlovich took the stage to showcase a use case at Porsche. This section of the keynote featured a demonstration to showcase Splunk Augmented Reality (AR), a technical development which helps engineers fit parts and equipment that actually features video inside the viewing headset experience.

The road to unbounded learning

Splunk CTO Tim Tully brought us out of the customer session (lots of high fives and people shouting ‘awesome!’ – you get the picture) to explain where Splunk is building, buying and investing in new functionalities and capabilities.

“In terms of what Splunk is building, the company is pushing for ‘massive scalability and real time capability’ in its platform… and in a form that is usable in mobile form. The Splunk Data Stream Processor is focused on creating data pipelines and learning use cases into live routing of data to Splunk or other public cloud connectors. We’ve seen customers use it as a data routing message bus, which was actually a surprise,” said Tully.

Many people are working out how Machine Learning really works and using old processes from raw data to feature engineering to model training to model deployment. Splunk promotes a new approach called ‘unbounded learning’ where the model learns continually from the point of deployment.

Tully also talks about what he calls ‘indulgent design’, an aspect of user interface creation that the company has used to create its new Mission Control product, which has a new colour dashboard presented in ‘dark mode’ with an additional ‘notable events’ screen to allow users to really ‘stare at it’ (Tully’s own words) for as long as they need to get data insights.

Font of (data) knowledge

Splunk Data Sans is the company’s own new font which the company has used to brand itself in a new way. The text itself has an elongated bar and clear disambiguation throughout the character set so that anyone looking at Splunk text will immediately be able to recognise it as Splunk, simply by look and feel.

Tully also explained how Splunk wants to extend its mobile capabilities to provide interactive data dashboards that allow users to address incidents more quickly. The company calls this the ability to ‘Splunk data’… and so uses Splunk in this case as a verb i.e. the ability to drill through and analyse data in a live format on a mobile unit… and there’s an integration with Slack to make that easier.

Overall, Splunk moved from broader CEO messages to specific on-screen presentation layer updates with accompanying functionality changes within an hour of keynote, which is pretty deep… well, Spelunking is all about going deep, after all.