It Takes a Village: The Splunk User Conference 2013

Collaborative community adds value to Splunk software and tools

When IBM distributed its operating system in the 1950’s, it actually sent the source code to its customer base. Many IT shops then actually modified the operating system with their own customized code. In 1955, IBM 701 users in the Los Angeles area decided to get together, discuss their operating system modifications, and share code libraries amongst the group. This fortuitous meeting led to the creation of the IBM SHARE user group. IBM realized that SHARE was more than a customer meeting – it represented a new way to increase the value of software by encouraging its users to collaborate on new ideas, use cases, experiences, and actual code sharing. I offer this nugget of computing history as it serves as useful background for my visit to the 2013 Splunk user conference this week in Las Vegas. While FireEye has gotten a lot of recent buzz around its IPO, Splunk has become a proven security IPO success story. The company went public in 2012 and now has a market cap of around $6.5 billion. Why the lofty valuation? Wall Street 20-something analysts will point to revenue and earnings growth but after visiting the user conference, I think Splunk’s value can also be attributed to its users for several reasons: 1. Users view Splunk as a Tabula Rasa. Splunk critics complain that its software is great at data collection but doesn’t help much with data analysis. If this is true, it doesn’t seem to bother the company’s thousands of customers or the users I spoke with in Las Vegas. Alternatively, these users look at Splunk as a blank slate that can be used for a multitude of security and IT operations use cases. I chatted with users who were just beginning to create dashboards and rule sets and attended presentations where large organizations were building sophisticated analytics engines for incident prediction and anti-fraud applications. One of Splunk’s clear strengths is its flexibility and users seem to be taking full advantage of this. 2. Splunk customers act as a community of users willing to share experiences and help each other out. Many of the user conferences I attend are dominated by one-way communications from vendors to users. Not this one. There were tons of workshops where users were sharing use cases in detail, discussing scripts, rule sets, and lessons learned. Geeky? Absolutely but the users I spoke with found this extremely useful in helping them accelerate new initiatives or come up with unique ideas for security efficacy and efficiency. 3. User collaboration and sharing helps them increase the value of Splunk. The story I heard over and over from users was that they continue to wring more value out of Splunk over time. Some of this is related to experience but users were pretty adamant about the collaboration and direct help they receive from others in the Splunk user community. No, Splunk isn’t perfect and many users offered suggestions they’d like to see in future Splunk revisions. Nevertheless, they were pretty happy with Splunk 6 which was announced at the event. The latest version of Splunk provides more canned analytics support, adds additional role-based access controls, and eases management of server clusters. The users I spoke with were glad to hear about this additional functionality and claimed that Splunk had done a good job of reacting to customer input. There are lots of successful technology companies but many depend upon the basics: Engineering, software development, and strong distribution. Once in a while however, an unusual company goes beyond business 101. In these rare cases, it creates an emotional bond with customers and facilitates ways that customers can make similar connections with each other. IBM Share did this in the 1950s and Apple is the modern day King but other less visible examples like F5 Networks also come to mind. After attending the event this week in Las Vegas, I’m adding Splunk to this list. Splunk does more than develop and sell software, it’s created, supported, and nurtured a community.

Copyright © 2013 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.