Splunk .conf19: Data Is Everything

The theme of the conference is "Turn Data into Doing."

Edward Gately, Senior News Editor

October 23, 2019

6 Min Read
Doug Merritt Splunk Conf 19

(Pictured above: Splunk’s Doug Merritt on stage at Splunk .Conf19 in Las Vegas, Oct. 22.)

SPLUNK .CONF19 — An evolved Partner+ Technology Alliance Program, a new partner portal, and new innovations across its Security Operations Suite were highlighted at the start of this week’s Splunk .conf19 in Las Vegas.

The 10th annual user conference has drawn more than 11,000 attendees, including more than 2,200 partners. The theme of the conference is “Turn Data into Doing.”

Doug Merritt, Splunk’s president and CEO, told attendees that data is the answer to everything.

“The data age is just beginning,” he said. “There is no way any parts of our lives can be separated from data going forward. Are you prepared for this new data age?”

The coming divide will be between companies that seize and make things happen with data, and those that don’t and no longer exist, Merritt said.

“The world will depend on those who capture, make sense of and ultimately act on data,” he said. “Your data needs to be liberated to make the right things happen. We are focused on removing the barriers between data and action, empowering people everywhere to bring data to everything.”

Splunk‘s expanded vision is “we are the data-to-everything platform,” Merritt said.

“We are bringing data to every question, decision and action,” he said. “The capabilities we’ve been building … help you act on your data. To do that, you need a system that integrates monitoring, acting, investigating and analysis. It must handle any structure of data, and it must be able to deal with any data source and unlock previously unavailable value.”

Tim Tully, Splunk’s senior vice president and CTO, said his company has acquired six companies in two years and 435 patents have been issued to Splunk as of this week.

“We’re building everything and we’re also buying innovation, and we’re investing in innovation,” he said.

Splunk’s latest acquisition is Streamlio, a platform for fast data, allowing organizations to build data-driven applications to react to data as it arrives. Tully said the Streamlio acquisition will accelerate Splunk’s efforts in real-time stream processing, as well as containerized multitenant cloud platform applications.

The Partner+ Technology Alliance Program now offers enhancements to increase value for partners that build connectors, apps and add-ons to Splunk. This includes a new structure for partner engagement and solution development across the Splunk product portfolio addressing a broader set of customer challenges, the company said.

Splunk also has enhanced its partner portal, making it faster and easier to submit deal registrations, as well as an all-new configure price quote (CPQ) system designed with Splunk partners in mind.

Aziz Benmalek, Splunk’s vice president of worldwide partners, tells us the areas his company continues to enhance remain a key focus, “as we not only embrace and help, and grow with the existing partners that have been with us for many years, as well as bringing a new ecosystem around SIs and managed services providers to add value around services and managed services, and solutions.”

“As we continue to enhance our products portfolio … it really opens the door for more business with the partners that we have and opening the door for a new set of partners,” he said. “All the products that we are acquiring … are cloud-based, and that’s opening a lot of doors for MSP players or born-in-the-cloud providers, where we are engaging with new sets of players on top of the existing ones we are working with today.”

Partners are excited about how Splunk is strengthening its products portfolio and how it’s going to enable multiple use-case scenarios for them to deliver services and …

… add value on top of the platform, Benmalek said.

“The second piece is really enablement, enablement, enablement, help us and enable us from an ecosystem point of view so we can develop the capacity and compatibilities in the marketplace because there is need for developing more expertise in the marketplace across security or IT operations and DevOps on the Splunk platform,” he said. “So enablement is a key element that is important.”

Anchored by the newly launched Splunk Mission Control, the Splunk Security Operations Suite is aimed at making it easier to manage security across the entire threat lifecycle. Mission Control is a new cloud solution that connects Splunk Security Information and Event Management (SIEM) (Splunk Enterprise Security), security orchestration, automation and response (SOAR) (Splunk Phantom) and user and entity behavior analytics (UEBA) (Splunk UBA) products into a single unified analyst experience.

Haiyan Song, Splunk’s senior vice president and general manager of security market, tells us Mission Control resulted from challenging customers to reimagine security operations and “let’s think about how we can automate more.”

“We asked customers, what are the key things it’s important to bring together, to put them in one common workspace,” she said. “It’s really about the whole journey through the security operations center (SOC). You get the events ingested, you use that for better detection and hopefully in the future better prediction. And then investigation, that’s the human biggest thing and that’s Spunk’s biggest thing, but you’ve got to work collaboratively. Investigate and collaboration are two of the key features, and then case management and reporting. You can’t improve if you don’t measure.”

Mission Control is “really that common workspace where we basically bring the entire Security Operations Suite together and we really pick the best of all the different products and put them in a unified presentation layer,” Song said.

“And the work is not done yet; this is just at the very beginning,” she said. “The other key element we don’t talk about as much is we’re doing all this in the cloud, and because we’re able to do that in the cloud and provide that security fabric and the connectivity, now we’re really unifying the work … and enabling people to work wherever they are.”

Splunk also announced new versions of Splunk Enterprise and Splunk Cloud, and the general availability of Splunk Data Fabric Search (DFS) and Splunk Data Stream Processor (DSP).

Splunk DFS accelerates and streamlines the data analytics experience by weaving together insights from massive data sets, across diverse data stores, into a single view.  And Splunk DSP is a real-time stream processing solution that continuously collects high-velocity, high-volume data from diverse sources, turns data into valuable information or insights, and then distributes results to Splunk or other destinations typically within milliseconds, according to the company.

Query.AI has released an app on top of Splunk that helps customers get more value from the platform. Andrew Maloney, the company’s COO, said it’s nice to join Splunk in a partnership relationship instead of a competitive one. He also said his company’s had some “really good conversations with mutual prospects and customers.”

“A lot of folks are now switching to Splunk from other platforms and all the vendors in this space follow their own query structure and search language, and a lot of folks are now just transitioning into security and have to learn how to leverage these tools and what questions to ask,” He said. “So we’re an app on top of Splunk that allows them to simply do that using natural language processing.”

Read more about:

MSPsVARs/SIs

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like