[HN Gopher] Cisco Acquires Splunk
___________________________________________________________________
Cisco Acquires Splunk
Author : siddharthb_
Score : 736 points
Date : 2023-09-21 12:15 UTC (10 hours ago)
(HTM) web link (www.splunk.com)
(TXT) w3m dump (www.splunk.com)
| frays wrote:
| "Splunk is amazing until the first invoice comes in"
| petecooper wrote:
| I'm using Suricata in production and evaluating OSSEC for
| viability, what else in the SIEM space is worth a look for Linux
| hackers?
| knoxa2511 wrote:
| https://github.com/falcosecurity/falco
|
| Like snort, but looks at system calls.
| bastard_op wrote:
| That's really a shame, Cisco buying anyone is often a death knell
| for the product. Look at their acquisition of security companies
| like Protego, Stealthwatch, ThousandEyes, and others that
| languish there, bled into watered down features for other dubious
| Cisco products and disappear into the ocean. Customers then
| abandon the products to again escape Cisco for other non-stagnant
| and overpriced products.
|
| Already a customer/friend at a $6B retail customer of mine sent
| me the link first thing as a Splunk owner there. Just last week I
| asked if they'd looked at Datadog much yet, and said they'd rip
| Splunk from their cold dead hands. The follow up to the link for
| buyout news as that they were going to start looking at Datadog
| now. Splunk was already expensive, but not Cisco expensive.
| mromanuk wrote:
| I read content from Christopher Lochhead, I was interested in his
| talks about marketing and "category design", many examples were
| done with Splunk.
| smcleod wrote:
| Well they deserve, and can have each other.
| kabdib wrote:
| Yeah, we went ElasticSearch and some bespoke code after Splunk
| decided to raise its prices. Wasn't even a difficult decision,
| don't regret it.
|
| If you can afford Splunk, just wait a couple of years until they
| figure that out.
| prabhatsharma wrote:
| It's like Splunk got saved by Cisco. While they were still
| growing but too many new age players coming up.
| hintymad wrote:
| Great news for companies like ClickHouse, Trino, Elasticsearch,
| StarRocks, Imply, and etc. If Splunk can make it 28B, some of
| those companies should make it too, and most likely more by
| eating Splunk's market.
| unixhero wrote:
| So This is a good move. As Palo Alto has moved into this market
| and is poised to destroy the legacy siem world (splunk et.al)
| with its Cortex data lake
| wittekm wrote:
| Genuinely surprised anybody would acquire Splunk in 2023.
| Whenever you hear about Splunk from security engineers, they're
| actively trying to get off it (edit: yes, primarily because of
| cost). Better, next-gen SIEMs are either here or around the
| corner.
| TecoAndJix wrote:
| I'd love to know what the security engineers you are talking to
| recommend because Splunk ES/SOAR are top notch products - even
| with the cost (which is insane).
| willk wrote:
| I think they're trying to get off of it because it is so
| freaking expensive.
| SOLAR_FIELDS wrote:
| I used Splunk at a previous job and that's one of my few/only
| complaints with it. Great tool but extremely expensive for
| what you get. Datadog is the same way as well as Pagerduty.
| There's not enough competition in these spaces
| phillipcarter wrote:
| Hmm, are you referring to their Observability product or
| SIEM capabilities? There's a wild amount of competition in
| the Observability side of things, but SIEM not so much.
| ec109685 wrote:
| Why is pagerduty hard to switch off of? It has all kinds of
| useless and expensive bells and whistles, while the core
| functionality is a commodity that several companies offer.
|
| We moved vendors a few time and it wasn't that painful.
| solatic wrote:
| Who else will call a POTS phone line when there's an
| alert?
|
| Fact: I'm not going to hear my phone ping in the middle
| of the night. I'm _much_ more likely to hear my phone
| ring.
| hiatus wrote:
| Depending on the team, a phone tree in twilio could do
| the trick, with calls made down the list if people do not
| pick up for escalation.
| Corrado wrote:
| That's super true of PagerDuty. It's a pretty good product
| and cheap when you only have a few people on it. However,
| the jump from the basic license to the next tier is HUGE
| and any add-ons you might need (ie. webhook triggers) bump
| the price up even more. Just having a simple monitoring
| solution with >10 people could cost you $100's a month.
|
| That said, every other product in this space is crap. I'm
| not sure why though. This seems like a pretty good market
| for disruption. Maybe there is some hidden "problem" that I
| don't know about.
| displaynone wrote:
| what's your take on xMatters?
| steveBK123 wrote:
| I was at a shop that got heavily integrated into Splunk for
| security use cases and then entered a split brain mode of 'well
| if you need observability we already have Splunk' but also 'hey
| stop doing so much observability, this thing is expensive!'.
|
| So for 5 years time we used it for observability, we were only
| half-integrated and also trying to get off of it. Great stuff.
| dharmab wrote:
| Worked on a piece of software which suffered from years of
| this split brain. It had some logging and some metrics, but
| the team was told to be economical about observability. This
| resulted in the software having many blind spots which led to
| production issues that had to be manually reproduced. When I
| become responsible for the software I personally overhauled
| the logging and the team had to work together to rebuild the
| metrics functionality.
| steveBK123 wrote:
| this is an area that gets very political with architects,
| managers and other non-coders having too much of a say
|
| a lot of paralysis on the app dev side as the status quo is
| easier than fighting for a sensible outcome
|
| its also something that yes, benefits stakeholders... but
| only on a 2nd/3rd order effect of outage avoidance &
| remediation.. so theres not a huge reward for doing it
| really really well in many shops
| 0xBDB wrote:
| Pretty sure every Splunk customer has that split brain. This
| thing's great, what can we quit sending to it?
| burren wrote:
| What are those next-gen SIEMs? Wazuh?
| [deleted]
| flangola7 wrote:
| What does next gen even mean
| badblock wrote:
| There's a couple out there, Devo, Exabeam and Sumo Logic are
| the big three I've seen most recently.
| throwy1241265 wrote:
| Avoid Exabeam. Their UEBA product is riddled with problems,
| and they are not concerned that it does not display
| timestamps for when the event occurred- they display
| timestamps for event ingestion which can sometimes be hours
| off.
|
| They also seem to outsource much of the development,
| maintenance and support and appear to have high turnover.
| rho138 wrote:
| Avoid Devo, querying across data sets with their system was
| hot garbage in comparison to both splunk and elastic. Then
| when you try and break up with them it becomes a whole
| thing.
| bugsense wrote:
| SumoLogic is equally dead and a way inferior product. It's
| owned by a PE now, the same that owns New Relic so expect
| some action there.
| aeonik wrote:
| Which ones do you recommend? Every one I have tried hasn't
| really given me the same flexibility as Splunk, most seem to
| miss the core part of what makes Splunk cool. Though I'd
| definitely like to see Splunk improve their design.
| dx034 wrote:
| Graylog looks like a good competitor. Certainly won't scale
| as well, but I've had good experience with it.
| cduzz wrote:
| The thing that will totally replace splunk (and elastic and
| snowflake and likely several other whole ecosystems) is
| some random thing pouring data into clickhouse.
|
| I am nervous about how clickhouse is going to monetize,
| whenever they decide to turn on the revenue spigot.
| ejcx wrote:
| I hate to shill in this thread, but that's exactly what
| we built at runreveal, so I completely agree! We saw the
| power of clickhouse when we were at segment and
| cloudflare, so built a company around it.
|
| And since clickhouse is open source, we hope that people
| will stop giving their security data to vendors who then
| charge you rent for it. I think the future is writing
| this data to clickhouse, but also our customer's
| clickhouses
| TheIronMark wrote:
| I used to love Graylog, but I was evaluated it for use with
| AWS and a) it's AWS bits seem limited and b) I found a
| bunch of deadlinks from their github to their site. If they
| can't keep their docs updated, it doesn't give me warm
| fuzzies about their product.
| neonnomad wrote:
| There are some players that are more established than others
| but check out:
|
| https://panther.com - Built on top of Snowflake, so it scales
| well and they are building a more Splunk like interface.
|
| https://runreveal.com - Still seed but shows a lot of promise
|
| https://matando.dev - Still seed and don't have a hosted
| product yet but smart founders that have the right idea
|
| https://hunters.ai - More threat hunting than SIEM but maybe
| that what certain folks need
|
| https://gem.security - Still fairly early but if you are
| focused on cloud use cases this could be more of an option.
| (Disclaimer: I'm an Investor)
| ashtonbaker wrote:
| I would add https://blumira.com to that list; it's more
| mature than at least a few of these (I'm a former employee)
| ejcx wrote:
| Founder of runreveal here, if anyone is interested let me
| know. The news today was big, but not necessarily too
| surprising.
| haxxorfreak wrote:
| Microsoft is doing a surprisingly good job with their
| Sentinel SIEM. The sweetener is they give you free ingestion
| on most of your Office 365/Azure logs which can add up if
| you're shipping out to another platform.
|
| Makes it attractive for enterprises already on their platform
| and they throw in discounts for E5 license tier customers as
| well (gotta keep pushing the "give us everything or pay way
| more for single feature licenses").
| chelmzy wrote:
| He's talking out of his ass. But newish competitors are
| Devo/Sumo Logic.
| TheIronMark wrote:
| SumoLogic is also not cheap.
| sbuk wrote:
| Humio is also promising, however they've been acquired by
| CrowdStrike, who aren't know for low prices!
| phyzome wrote:
| Not sure how well "new" fits Sumo Logic. I was using them
| ten years ago, I think?
| tw04 wrote:
| I haven't heard a single person trying to get off of it because
| "there are better SIEMs" - they're universally looking at other
| options because of the price.
|
| Cisco has the luxury of bundle and save that Splunk does not.
| jabroni_salad wrote:
| former firepower customer... I guess we'll see.
|
| I can see them shipping a really cool-looking whitepaper
| detailing FTD, Amp, and Splunk... but actually operating it
| will feel similar to driving a 20 yr old salt state jeep
| wrangler on the autobahn.
| ta1243 wrote:
| Oh god those firepowers we bought were so bad. The
| controller webpage needed to control our pair needed
| something like 32GB of ram just to load.
|
| Using fortigates now, far happier with them.
|
| But it's not just the firewall level, they were so bad it
| made us reevaluate our core switches and I don't think
| we've bought a cisco switch for at least 2 years.
| georgyo wrote:
| Splunk is a great product with horrible sales and business
| team.
|
| The reason why them _trying_ to get off it is because they have
| a bunch of stuff that is easy and works in splunk, but don't
| want to pay the exorbitant licensing, or pay even more to
| increase their use.
|
| But getting off a good product is hard, and they will continue
| to use it and even pay.
|
| The kind of thing Cisco, Oracle, and IBM love are companies
| with very expensive products in which no development needs to
| happen and customers cannot move away easily.
| baz00 wrote:
| Yeah it's easier getting rid of chlamydia than Splunk sales
| reps.
| sumtechguy wrote:
| > with horrible sales and business team
|
| I was in one of these meetings with like 20 engineers on how
| amazing this thing was. We knew that because we already used
| it it quite extensively. The very extremely hyper sales rep
| kept ducking out of the meeting every 5 mins. I recognized it
| for what it was. He was ducking out to do bumps of coke so he
| could be more pumped to sell us more stuff.
| baz00 wrote:
| I think we had the same sales rep.
| IG_Semmelweiss wrote:
| jesus, that's incredible
| paws wrote:
| Yikes. The only other time I heard about the Splunk sales
| team in the news, it sounded pretty bad also.
|
| https://www.theregister.com/2020/08/12/splunk_sales_discrim
| i...
| mritchie712 wrote:
| here (just made it around the corner): https://runreveal.com/
| softwaredoug wrote:
| Sounds exactly like the kind of Enterprise software Cisco
| wants.... At that pricepoint they don't really care what the
| security engineers want, they sell to higher level folks.
| ikiris wrote:
| Its a great fit for Cisco
|
| They want so hard to be a software company, and they already
| have experience with highly inflated priced products.
|
| Their real target is probably trying to offer this built in to
| meraki like products as a one stop shop. I could see them
| finally burning their monitoring product in a fire and
| replacing it with splunk and grafana then selling it as an all
| cloud solution. At least the intent, we know Cisco's track
| record for integrating acquisitions.
| knallfrosch wrote:
| So Splunk is too expensive and there are better products and
| people keep paying. This doesn't really add up.
| hiatus wrote:
| Inertia can be a strong force in organizations. In good times
| and without external pressures, it can be easier to keep the
| status quo.
| euph0ria wrote:
| I've always found the first 30 seconds of this clip very funny
| when it comes to Splunk:
| https://www.youtube.com/watch?v=o_zonaHyd_g&t=5s
| wg0 wrote:
| Does anyone know why is it expensive?
|
| Also, is it under the hood some Apache SOLR or ES? Or they have
| their own?
| MassiveBonk51 wrote:
| Splunk is so expensive and slow. My workplace keeps trying
| throttle queries and how far back logs are stored. Been spending
| the last month or so adding ELK stack for tracing to our apps.
| dharmab wrote:
| Splunk's advantage is that it can handle volumes of logs which
| ELK, Graylog and Loki simply cannot. If you're not there yet...
| yeah, Splunk is hella expensive.
| 123sereusername wrote:
| Goodbye Splunk. We hardly knew yeah - but thanks for all the
| fish.
| draw_down wrote:
| [dead]
| tedivm wrote:
| > Someone at Cisco did the math on how much a license would cost
| and some snarky soul, kin to my own, said "Are we sure it
| wouldn't be cheaper to buy Splunk?"
|
| That's from a friend of mine in a tech chat.
| [deleted]
| paddy_m wrote:
| How does splunk compare to datadog and new relic?
| Huntsecker wrote:
| we have a large splunk install, and a lot of the comments
| regarding cost are a bit dated. The reason that cost for splunk
| is generally considered quite crazy is that it's based off number
| of messages or lines in logs, however to combat large
| institutions such as mine saying no way they've moved at least
| here to an amount of data that is actively queried and we sign up
| to say 500tb and as long as we stay within that its all good.
| It's still a lot of money don't get me wrong but they've changed
| the setup from the early days.
| gabthinking2017 wrote:
| Did not see this one coming. Wow.
| bugsense wrote:
| It was always a discussion within Splunk even back in 2014.
| nemo44x wrote:
| At scale it's probably cheaper to just buy the Splunk company
| than continue to pay their outrageous license and capacity fees.
| ingen0s wrote:
| Someone made over 40,000% return this morning from a trade placed
| on this news yesterday (before it came out). Strange.
| dang wrote:
| Related ongoing thread:
|
| _Insider trade on Splunk acquisition?_ -
| https://news.ycombinator.com/item?id=37599587 - Sept 2023 (245
| comments)
| queuebert wrote:
| https://twitter.com/unusual_whales/status/170492592683894407...
| fuzzylightbulb wrote:
| "strange"? or "crime"?
| airstrike wrote:
| Better link with data on the deal:
| https://www.prnewswire.com/news-releases/cisco-to-acquire-sp...
| steveBK123 wrote:
| I imagine we will see a bit of a reckoning & consolidation in the
| space.
|
| For a lot of non-megacap companies, while observability is nice..
| it might not meet the ROI hurdle in a high rate / low growth
| environment.
|
| That is - its hard to reconcile sending $$ Millions out the door
| to Datadog, Splunk, Pagerduty while you are trying to cut budgets
| elsewhere.
|
| Some of the disclosures by companies of what they've been
| spending on SaaS are pretty eye popping.
| bane wrote:
| To pile onto the Splunk "love" going on here. Splunk is one of
| those systems that's too "powerful" for small use-cases, but too
| expensive for the ones it's really designed for.
|
| Anecdote, I once worked with a client that _really_ wanted to get
| Splunk, but produced so much network traffic that the
| _discounted_ annual costs were more than the entire budget for
| the rest of the organization combined. That 's staff, the
| building, equipment, power, water, everything...the estimated
| Splunk cost was more than that.
|
| They went with a combination of ELK and a small team of dedicated
| developers writing automation and analytics against Spark and
| some enterprise SQL database. Still expensive, still cheaper than
| Splunk.
| AtlasBarfed wrote:
| Yeah, and there are so many OSS projects aimed at splunk type
| things now.
|
| Splunk / Datadog have the classic user interface lead of a
| closed source solution, but IMO that premium's days are
| numbered.
| nemo44x wrote:
| This was the sweet spot for the ELK stack really. You could get
| the main functionality that Splunk had and self manage it (or
| run out of a Cloud more recently) and scale to whatever you
| wanted to.
| g9yuayon wrote:
| My experience back in Netflix too. Elasticsearch (we didn't use
| the L or K) plus query engine on S3 with a catalog was more
| versatile and way cheaper than Splunk. Nowadays we get a slew
| of performant OLAP storages that can be used for log analysis
| as well, which further render Splunk unnecessary.
| [deleted]
| echelon wrote:
| My experience at a big fintech I won't name: we had our own
| highly engineered in-house metrics system staffed by a big
| team. Custom pipeline, integrations in multiple languages,
| high resolution, custom aggregation and rollups. It was nice.
| We also had in-house logging, exception tracing, alerting,
| service discovery, metrics dashboards, etc. It was all
| actually pretty good. All engineered by xooglers.
|
| Someone (not to name names) got bitten by the "anti-
| weirdware" bug and started shifting us off of all our custom-
| built solutions. Every team got hit with major distractions
| from their roadmaps for each of these changes. None of the
| headcount dedicated to staffing the internal systems was
| freed up - they had to run the new integrations.
|
| The decision was made one day to migrate all of our
| observability stuff over to SignalFx. Observability wasn't
| our "core competency" and our systems were "weirdware".
|
| We had to rewrite our instrumentation, all of our reporting
| dashboards, and all of our alerting DSLs changed. They were
| not replaced 1:1 for every system and metric, so we emerged
| in a much worse, much less visible situation across the
| board. Outages happened or went unreported.
|
| Splunk acquired SignalFx and dramatically raised prices. We
| scrambled to do the migration process yet again, impacting
| roadmaps and leading to more outages.
|
| Leadership was changed.
|
| There's one thing to be said about NIH, but when you write
| systems that are already working, inexpensive, and easy to
| maintain, you shouldn't throw them out because you're worried
| analytics isn't your "core competency". Yes - it is your core
| competency, because you're selling uptime to your customers.
| [deleted]
| aprdm wrote:
| Similar to hashicorp vault IMO
| tw04 wrote:
| Splunk is honestly kind of the mainframe of SIEM. If you need
| it, you need it and can probably afford it and they know that.
| Can you do the job with something else for cheaper? Probably,
| but not as good and not as easy.
| bastardoperator wrote:
| That's what I was wondering about when it comes to this
| acquisition. Can Cisco make Splunk even more expensive? I have
| faith they can, I know for many folks, Splunk tops the
| leaderboards when it comes to spend.
| [deleted]
| miguelazo wrote:
| More expensive and less innovative.
| lmm wrote:
| AppDynamics is the one thing I've ever used where the auto-
| tuning actually worked. Wish I could still use it.
| bcrosby95 wrote:
| Cisco will not be out competed in the expensive tech
| industry, so they _had_ to buy them.
| dpkirchner wrote:
| Imagine a merger of Cisco and Oracle...
| baq wrote:
| I'd rather set my bank on fire.
| tough wrote:
| They would do that for you for free
| pgeorgi wrote:
| Oracle? Cisco? Do something for somebody else for free?
| Are you mad? They'll license the fire, and calculate the
| fees based on volume of air heated.
| sonofhans wrote:
| ... and then sue passers-by for pirating their pre-warmed
| air.
| catchnear4321 wrote:
| come now, you really think cisco would do that?
|
| fail to monetize the light?
| SteveNuts wrote:
| I'm sure they'll bundle it or even integrate it with
| AppDynamics
| bugsense wrote:
| Most likely they will let AppD die.
| MarkyC4 wrote:
| Why? I haven't used AppD in ~7 years, but I remember it
| being one of the most pleasurable APMs (but also
| ridiculously expensive)
|
| It seems to me the marriage between APM and logging would
| be a home run.
| runamok wrote:
| Splunk bought SignalFX a while ago and they are trying to
| lean in hard on the observability craze and piggybacking
| on OpenTelemetry. I wasn't involve heavily in this
| migrate to Splunk Observability Cloud project about a
| year ago but it was a shit show and half-baked and
| ultimately they dumped it in favor of DataDog IIUC (I had
| since changed jobs but kept in touch with ex-colleagues).
|
| * https://www.splunk.com/en_us/about-
| splunk/acquisitions/signa...
|
| * https://opentelemetry.io/
|
| * https://www.splunk.com/en_us/blog/conf-
| splunklive/introducin...
| pramodbiligiri wrote:
| I remember this talk about pricing strategy by one of their
| employees in a conference many years back (2017) -
| https://www.heavybit.com/library/video/value-based-
| pricing-s.... What I took away from that talk was that pricing
| can be unintuitive, for both the people setting it and buying
| it.
| weird-eye-issue wrote:
| I just watched the whole video and didn't get that impression
| at all
| rewmie wrote:
| Ok, thanks for sharing.
| tkahnoski wrote:
| Worked at a medium size enterprise and was trying to get some
| detailed performance metrics with a legacy tech stack that
| didn't have a drop-in APM soluion. This was in the age of
| graphite which was great for aggregating metrics cheap but not
| getting detail.
|
| Splunk was used by a much larger product (easily 10x our scale)
| for monitoring events so there was no red tape to start using
| it.
|
| After launching the detailed instrumentation (1 structured log
| event per HTTP request with a breakout of database/service
| activity) I was able to gain all of the insight needed and
| build a simple user/url lookup dashboard page to help other
| engineers see what was going on. We went from being mostly
| blind to almost full visibility in less than two weeks.
|
| The downside was, we increased our billable Splunk usage by 50%
| since we were capturing so much more data per log event than
| the other product just consuming standard IIS/Apache logs.
|
| That type of flexibility was totally worth it. Due to some
| acquisition shenanigans we broke off from that group and wound
| up on ELK stack which didn't perform quite as well, but was
| still usable with the same data. In today's day and age we
| could have just built an OpenTelemtry library.
| closeparen wrote:
| We had an ELK stack I was never very happy with (granted it
| was very old versions) and then it got replaced by
| Clickhouse. It's been excellent.
| ilyt wrote:
| E in it is great, L is fiddly but useful but K is easily my
| least liked tool
| hparadiz wrote:
| Comcast would drop all the error logs for all the cable boxes
| in the country into splunk. I then queried this to figure out
| the error code count in a given period. It's really the only
| thing that can handle the volume.
| sib wrote:
| No wonder Comcast subscriptions are so expensive...
| AdamN wrote:
| Sampling via just enabling it for some hosts/partitions is one
| solution (if you're producing 100M entries a day ... probably
| could just grab 1/100 of those for parsing).
|
| Another solution is pre-processing (serial dupes are not
| forwarded).
|
| Another solution is heavily reduced logging (ERR or higher only
| on prod hosts).
|
| These can be used together and be very helpful.
| throwawaymqsh wrote:
| All technical workarounds for bad pricing.
| kbutler wrote:
| Processing that amount of data is going to be expensive,
| regardless.
| ilyt wrote:
| No, it's orders of magnitude cheaper than Splunk.
| prepend wrote:
| I think it's a situation where splunk doesn't have a
| motivation to reduce cost as they can charge a lot and
| customers pay.
|
| So it doesn't need to be expensive, naturally, it just
| is.
| jorblumesea wrote:
| I'm not sure who splunk is priced for, because every company
| I've been at has ditched it for cheaper competitor products.
| PaulHoule wrote:
| Sounds like something Oracle would love.
| prepend wrote:
| It works too well for Oracle.
|
| Oracle isn't just expensive, it also has to be technically
| horrible but still operational.
| objektif wrote:
| It has to be insanely complicated with horrible UX too so
| probably did not pass.
| theGnuMe wrote:
| sumologic would qualify then.
| networkchad wrote:
| [dead]
| prepend wrote:
| I've had the same experience in that I love splunk and their
| tooling is so easy and powerful. But I can't afford to put
| data, especially long term data that requires reproducibility
| for many years.
|
| I'm always happy when I can use some of our sources that are in
| splunk but get sad that I can't do that with everything else.
|
| Its cloud pricing is funny because it's so much more powerful
| with massive amounts of data, but they charge based on storage.
| Our on prem instance wasn't just simpler to price but we could
| throttle resources to allow for really high volumes of data
| with relatively slow query and analysis.
| swader999 wrote:
| Similar problems with effectively modeling weather or finding
| the very smallest of things, there isn't enough compute power
| or even energy in the universe.
| poobear22 wrote:
| Splunk was so expensive we could not use it to monitor our
| servers used for weather modeling. Seriously. The log files
| generated were at times too voluminous and you frequently
| blew thru your bandwidth cap.
|
| Great product, but completely useless utility value with
| financial considerations for environments with high volume.
| misja111 wrote:
| Sounds like the perfect fit for Cisco
| pbreit wrote:
| Is Splunk printing money like DataDog is?
|
| Any lower priced alternatives? Or self-hosted?
| mikecoles wrote:
| Graylog. It's amazing. Elastic also has an offering.
| EricE wrote:
| Graylog is amazing - and if you have resources to burn
| Security Onion takes it to the next level ;)
| KomoD wrote:
| > That's staff, the building, equipment, power, water,
| everything...the estimated Splunk cost was more than that.
|
| Wow, it's THAT expensive?
| baq wrote:
| The joke used to be 'splunk is amazing until the first
| invoice comes in', it's funny because it's true. Note Datadog
| is very similar in that regard.
| jcrites wrote:
| Yes ... it's very possible for DataDog costs to exceed the
| cost of the infrastructure that it's monitoring (e.g. AWS).
| I've seen it happen.
|
| (If you aren't careful and aren't managing your costs, but
| I suppose that's true of almost anything =)
| gibolt wrote:
| Sounds like a double whammy. Misconfigure one AWS
| service, and you get hit with a giant bill from both.
| silverfox17 wrote:
| You can't really make an informed decision without knowing
| how much data they were moving. For it to be that expensive,
| you'd need to be moving a ludicrous amount of data, and you
| can always parse data down to the required fields before
| indexing, which saves on licensing costs.
| wbl wrote:
| What are the required fields in an incident with a new bug
| pray tell?
| Damogran6 wrote:
| in 20 years of doing SIEM and SIEMlike solutions, I've yet
| to find an engagement that said 'Oh, yes...our volumes are
| XX and YY'...mostly it's a /shrug and a less than educated
| guess.
|
| There's even reluctance to turning things on and _watching_
| it for 10 minutes. An activity that would immediately give
| you a much better idea of volume. Folks just don't like
| doing it.
|
| Then you get the things were setting up a redundant
| logsource is just unwise. DNS logging was 2 orders of
| magnitude greater than everything else a SIEM was doing.
| And Email was about the same size.
| mrwnmonm wrote:
| [dead]
| andrewjl wrote:
| Having used other ELK stacks for logging, but never Splunk,
| what makes them worth what they charge?
| baq wrote:
| It mostly just works. Back when I was actively using it it
| was IIRC the most stable part of the stack. Only went down
| when daily quota was exceeded. When it ran out of disk,
| nothing broke, it showed a message in the ui. When space was
| added, it just started going again like nothing happened.
| This was something like 2018?
| apricot wrote:
| "Accelerate digital resilience". Huh. Wonder what that means in
| English.
| _nan wrote:
| Does anyone know how would this possibly affect intern return
| offer... Still no news about return offer yet...
| reacharavindh wrote:
| Somebody: Splunk has exorbitant prices and locked-in enterprise
| customers!
|
| Cisco: Oh these guys are just like us. Better buy them up. We
| know this business.
| [deleted]
| JAlexoid wrote:
| I'm surprised that Oracle didn't buy them.
| petetnt wrote:
| It's apparently cheaper to buy Splunk than to a buy Splunk
| license.
| reacharavindh wrote:
| :-) May be team at Cisco just wanted to buy a license, and
| they said "Call us", and one thing led to another, and ....
| lsofzz wrote:
| > It's apparently cheaper to buy Splunk than to a buy Splunk
| license.
|
| Amen :)
| Trias11 wrote:
| [flagged]
| asynchronous wrote:
| Splunk is ridiculously expensive even on an enterprise
| level
| xctr94 wrote:
| It can go as high as 500-1500x compared to some
| competitors. I wonder how amazing Splunk is to be worth
| the price tag.
| caust1c wrote:
| Not the first time they tried to buy a license!
|
| https://www.reuters.com/technology/cisco-made-20-billion-
| plu...
| MaintenanceMode wrote:
| You may be joking but this is why we thought Cisco bought
| Webex back in the day too.
| 0xbadcafebee wrote:
| They bought WebEx for the same reason as most of their
| other acquisitions: vertical integration and diversified
| interests. It doesn't even have to work well, it just has
| to be a feature they can advertise, and dumb executives
| will assume it works and buy it. By the time they've got
| their hooks into you, you realize it'll take years to
| remove it. Pretty good cash flow for years before the
| customer jumps ship.
|
| What's fascinating is that working inside Cisco, the same
| tricks work on them. We'd adopt a vendor only to realize it
| doesn't do what we want, but now we're kinda stuck on them
| and it costs more to replace them. It's a bog-standard
| giant enterprise where the left hand doesn't know what the
| right hand is doing. But they're wizards with cash.
| wholinator2 wrote:
| Yes honestly webex may be the single worst piece of
| software I've ever used in my entire life. I remember
| having to use it for some school projects back in the day
| and it working slower than a snails pace. You literally
| could not type anything into the computer because it was
| so slow it would just lose letters and take 10 seconds or
| so to update your keypresses. Years later i had to use it
| for remote work for a company and it was exactly as
| terrible as it was all those years before. Entirely
| unusable. I jumped ship before covid and all the wfh
| stuff happened to a much much better laid out company but
| i always wonder how anyone managed to accomplish anything
| for those couple years.
| sublimefire wrote:
| My experience was different. I did not know it existed
| before joining a team in Cisco to work on the signalling
| part. Afterwards when moving to Microsoft I saw how
| terrible Teams was in comparison. But to this day I would
| love to get back to Slack if truth be told :)
| ihaveajob wrote:
| I was at Intel when they bought McAfee, whose HQ was
| essentially across the street. The running joke was
| similar.
| DylanDmitri wrote:
| Microsoft's "request for external license" form is one page
| long, and has a "how much would this company cost to acquire"
| section. Or so I've heard.
| com2kid wrote:
| While at Microsoft, a project I was on was acquiring a
| license for a library and just to be sure of everything,
| instead of the standard "usage for this product" license,
| MS acquired a lifetime license to do whatever we wanted
| with the library.
|
| Anyway tl;dr their lead engineer flew out and helped us get
| everything up and running. :-D
| abraae wrote:
| We sold our technology to IBM back in the day (EJB era)
| and the deal involved a "break glass" option where they
| could pay a pre-agreed fee at any time if they ever
| needed the ability to modify our source code.
| geodel wrote:
| Startup Founder: _Come, Hack Big Log Processing With Us!_ (Goes
| on to launch an undifferentiated cloud log processing with a
| hilarious comparison sheet)
| dehrmann wrote:
| They tried buying Linksys, and it was neither of those. They
| sold them later.
| davinci123 wrote:
| when you read Hacker News thread - every single one of them
| feels like the world is falling apart. Splunk is a dud or so
| everyone here thinks:
|
| https://siliconangle.com/2023/08/23/splunk-shares-surge-stro...
| adra wrote:
| Splunk was an absolute game changer when a company I worked
| for bought it. I say bought because we started to pay for it
| before anyone actually used it for anything meaningful. The
| "adoption" (blaming the company that bought it not Splunk)
| was terrible and teams were left to find value or not at
| their discretion without onboarding/training.
|
| The tool itself when I started using it was brilliant and
| quite deep on capabilities.
|
| All that said, the cost structure for the product can and
| SHOULD scare away any SMBs. Hosted or cloud, you're probably
| paying way beyond the value it's bringing in. That's probably
| the single largest determinant to the product.
| bigstrat2003 wrote:
| It's pretty wild to read some of these comments. Splunk is
| one of the best products I've _ever_ used, bar none. The
| price is another matter (it 's bloody expensive, no doubt
| about it), but the tool is amazing. I think all the people
| talking about how much it sucks and can be easily replaced
| are so far off base they aren't even in the stadium.
| flounder3 wrote:
| You've clearly never run it at scale nor have you migrated
| between Enterprise (on-prem) and Splunk Cloud at scale.
| Managing .conf files and eliminating intermediate IDM logic
| was absolutely not "amazing."
|
| https://lantern.splunk.com/Splunk_Platform/Splunk_Cloud_Pla
| t...
| toomuchtodo wrote:
| Everything on HN should be taken with a big ol' bag of salt.
| To do otherwise will cause you to miss out on both employment
| and investment opportunities you won't find elsewhere.
| sanderjd wrote:
| Definitely true that HN comments should be taken with a
| grain of salt from a business / investment / employment
| perspective.
|
| But it's more useful - though still not the full story at
| all of course - as a finger on the pulse of the people who
| actually implement software products, rather than their
| business models and their sales and marketing.
|
| This is not intended to downplay the importance of any of
| those things! Those people are just not the majority of the
| audience here. (I honestly wish I knew where they hang out,
| but I'm not sure there is such a place - all the people I
| know in those roles just play their cards much closer to
| their chests than those of us who participate here.)
| Karrot_Kream wrote:
| It's not really a pulse of implementers either. It's a
| particular kind of engineer. Having been early in a big
| tech and watching it grow and now being in another
| startup, I can tell you that the attitudes for SaaS in
| the industry are much more either positive or calculating
| than the broad negative attitudes and the constant calls
| for NIH on here. If anything they remind me of my cohort
| of college undergrads, excited to write lots of code and
| poo-poo existing solutions because of how "easy" they
| are. Our attitudes changed once our time was worth more.
|
| As far as the business types, why do you think they'd be
| here? The community chants grift, scam, and
| enshittification at pretty much any change in the
| customer contract these days. Is that the kind of
| environment that someone on the business side will find
| welcoming?
| sanderjd wrote:
| Well, nothing can give a fully _accurate_ pulse, because
| response bias is pretty much inescapable. There 's always
| a huge part of the iceberg that is submerged. To me, HN
| rings as a truer pulse of "silicon valley / startupy
| software developers" than the alternatives on reddit or
| twitter or mastodon or elsewhere that I've read to a
| significant degree. Everyplace has its own unique culture
| with their own unique echo chambers and blind spots
| driven by the people who opt in to that particular place,
| and HN is no different.
|
| But having said that, your comment (and the thread-
| starter) is a pretty good example of "getting a pulse"! A
| pulse isn't just "the average viewpoint", it also
| includes the distribution. And for every bit of
| conventional HN wisdom like "splunk sucks and is too
| expensive", there is pretty much always a comment like
| "splunk is pretty successful, actually". Your "I've been
| around a long time and attitudes toward SaaSes are
| actually pretty positive or at least calculating" is
| _part_ of the "pulse" in this thread.
|
| To wit: I honestly had no idea about splunk. I played
| with it in the distant past and thought "cool!", but I've
| never used it in the auspices of an enterprise license,
| and I've certainly never tried to purchase one myself, so
| I just didn't know anything about this. And if you had
| asked me about their recent earnings, I would have
| similarly had no clue. I just had no idea what the
| "pulse" on splunk was, either way. And now, because of
| the zeitgeisty comments making fun of how expensive it
| is, and also the comments like yours and the thread-
| starter's pushing back on that narrative, I have an
| updated prior on the splunk. It surely isn't the full
| story, and I wouldn't walk into a conversation and be all
| "I'm an expert on splunk, folks!", but I have a much
| better sense than I did a few hours ago. That's what I
| mean by "pulse".
|
| > _As far as the business types, why do you think they 'd
| be here?_
|
| I didn't say I think they'd be here... I'm the one who
| pointed out that they aren't! Honestly not sure how you
| read into my comment what you seem to have read into it.
| But I'm glad I gave you an opportunity to rant a bit!
| moneywoes wrote:
| what other resources do you read?
| toomuchtodo wrote:
| I read everything I can consume (news, analysis, mailing
| lists, etc), but find smaller or private forums to be
| most valuable for participation. "Be conservative in what
| you send, be liberal in what you accept."
| sanderjd wrote:
| This is not actually dissonant!
|
| HN is mostly a place where _technologists_ gather, not
| corporate heads of IT or other business people. This is
| especially true of the subset of users who actively
| participate rather than only reading.
|
| And it is not unusual in the least for an enterprise product
| to be wildly profitable but not admired by technologists.
| Indeed, it's the default; Oracle, SAP, Microsoft, etc.
|
| What is interesting is to look for examples of things that
| _break_ this mold, that are both profitable and mostly
| admired. Frankly, I can 't think of any... All the ones I can
| think of were out-competed and either acquired and ruined or
| just run out of business. Maybe RedHat is the closest
| example... I'm not sure though.
| davinci123 wrote:
| agreed, i will qualify it more as SV developers which is
| like maybe 20-30% of the dev population?
| sanderjd wrote:
| Yes, for sure.
|
| But I don't think there's really a great place to get a
| zeitgeist of the rest of the population. I think they're
| mostly doing other stuff rather than talking about
| technology on internet forums. (They're smarter than us.)
| ping00 wrote:
| great point
| j33zusjuice wrote:
| RH was acquired and ruined already. They were it, though.
| reducesuffering wrote:
| > that are both profitable and mostly admired
|
| AWS?
| sanderjd wrote:
| Actually yeah, closer than most. I think it's a somewhat
| grudging admiration at this point, increasingly so as
| they do more and more also-ran services.
|
| But yeah, this does seem right for the "core" services;
| ec2, s3, maybe lambda, etc.
| JAlexoid wrote:
| AWS business model is to just literally take a popular
| OSS system and provide it as a service.
|
| It was like that from the beginning. That's why there's
| much less animosity towards AWS, because they just allow
| you to run your X without the overhead of infra
| investment.
| fragmede wrote:
| Maybe in the beginning. Taking an OSS package, cloning
| its wire protocol, and then offering their closed source
| almost-compatible version without having to contribute
| anything back upstream earns them a lot of animosity.
| sanderjd wrote:
| That is something they do, which I strongly dislike, but
| it isn't their business model. Their business model is
| "pay us to run things on our infrastructure instead of
| building your own, with an option to be billed based on
| your usage".
|
| The "take a popular OSS system and provide it as a
| service" thing is a complement to that business model,
| because they can say "now that you're using our
| infrastructure, you can also use all these services, and
| we'll manage it for you, and you'll only have a single
| vendor to pay". It provides additional value and lock-in
| to the business model, but isn't the essential part of
| it.
|
| And no, that isn't where it began. Providing managed
| services for open source systems was not a part of their
| initial value proposition. When I started using EC2 (with
| EBS and S3), one of the tricky things was getting our own
| database infrastructure to work reliably on EC2.
|
| It's true that RDS was released not long after, and did
| the "take a popular OSS system" thing, but they really
| didn't embrace that model until years later. Indeed, I
| think RDS still seems like second fiddle to their
| proprietary non-relational DB service.
| fragmede wrote:
| What's interesting is the substance of the complaints of
| those products. Most of the comments are complaining that
| Splunk is expensive, but no comments I've seen are
| complaining that it doesn't work or do as advertised. Same
| for Oracle DB. It's ungodly expensive, and there are (many)
| other options out there, but you don't really see
| complaints that it's not able to perform (after an
| expensive consultant has had a go at your companies
| checkbook). The Fedex and Paypals of the world can afford
| to pay for Cisco/Splunk and Oracle licenses.
|
| What's interesting is things that break _this_ mold, like
| Microsoft Teams, because that 's something that can be
| disrupted, and thus be successful, by having a better
| product.
| sanderjd wrote:
| I think that's _also_ interesting :)
|
| Although "enterprise chat" is also entirely owned by
| unloved corporate products now.
| [deleted]
| justinclift wrote:
| I have some bad news about Red Hat...
| wbl wrote:
| Microsoft contains multitudes, from the successor to VMS to
| the win32 API to some very advanced programming language
| stuff like F#.
| masfuerte wrote:
| F# is nice but seems like a fairly conventional
| functional language. My first reaction to some of the
| features of Koka (also MS) was I didn't know that was
| even possible.
|
| https://koka-lang.github.io/koka/doc/book.html
| wbl wrote:
| The novel part is it gets pushed and used in prod.
| ShrigmaMale wrote:
| stripe, cloudflare (ish), github
| reducesuffering wrote:
| > that are both profitable
|
| none of these are currently profitable
| fiddlerwoaroof wrote:
| I wouldn't put GitHub in the list: lots of people are
| annoyed that they use F/OSS code to train copilot.
| zackmorris wrote:
| Cloudflare's verify human challenge screen is so
| intrusive and frustrating that it will cost them their
| credibility IMHO, if it hasn't already. Some part of me
| feels that a properly designed cache should be able to
| handle any level of abusive traffic like a p2p cache
| would, and if it can't, then what are we all doing?
| fiddlerwoaroof wrote:
| The problem is a cache needs cooperation with the backend
| for invalidation: Cloudflare's robot check can apply to
| every page right before it talks to the backend at all
| networkchad wrote:
| [dead]
| tw04 wrote:
| Wow - I guess I'm both surprised and completely unsurprised.
| Surprised because Splunk is a pretty big pill to swallow.
| Unsurprised because they've obviously been interested in the
| space for a long time (they attempted to acquire Datadog and got
| shot down).
|
| https://realmoney.thestreet.com/investing/technology/cisco-r...
|
| Good luck Splunk folks - Cisco isn't exactly known for their
| software innovation in the upper stacks (they still do pretty
| incredible things at the network OS layer).
| nathancahill wrote:
| Someone wasn't surprised:
| https://x.com/unusual_whales/status/1704870849831125446?s=20
| onei wrote:
| From an outsider perspective, it looks hard to label this as
| anything but insider trading. Is that the wrong take?
| Sebguer wrote:
| Matt Levine's money stuff offered the hypothesis that it
| could just be normal gambling. But, it's almost definitely
| insider trading, and either way, someone will definitely be
| getting an SEC visit.
| posnet wrote:
| They also directly broke Levine's second rule of insider
| trading.
|
| 2. Don't do it by buying short-dated out-of-the-money
| call options on merger targets [0]
|
| [0]: lawsofinsidertrading.com
| theogravity wrote:
| The not-insider-trading possibility:
|
| It's possible someone was selling contracts as a hedge
| since the tech market has been really bad this week. A
| market maker was obligated to buy the contracts.
|
| The person selling the contracts gets $22k in premium, and
| misses out on the pop. The market maker will absolutely
| exercise the contracts and profit.
|
| (This is coming from someone who sold APPL calls expiring
| tomorrow for .08 at a high strike today)
|
| Personal opinion: It's insider trading. You'd need a ton of
| shares to be able to sell $22k worth of contracts at a high
| strike unless you're doing naked options selling.
| qeternity wrote:
| This is not quite how things work. Market makers don't
| just take risk and not hedge. They would have hedged
| deltas (by shorting stock) and gamma/vega by selling
| other stuff (or this offset stuff they had sold
| previously). Impossible to say whether an MM would have
| made or lost money but usually gap moves like this cost
| MM on a net basis.
| roozbeh18 wrote:
| Easy for sec to identify affiliation to Splunk for this
| call.
| kabes wrote:
| What's the chance the sec will go after this? I guess
| they don't have the capacity to go after all these cases,
| even the clear cut ones
| patrikmansuri wrote:
| That's exactly what it looks like
| secfirstmd wrote:
| Possibly. I guess you can't remove the idea that the
| information was found through some open means. For all we
| know the private jets of the Cisco leaders might have been
| in the same location as those from Splunk.
| aodin wrote:
| They bought 1-day options, so they knew the timing of the
| announcement.
| noselasd wrote:
| Did anyone do the same the two days ago? (but just did't
| make any money yesterday ?). What about 100 days ago ?
| And so on.
|
| It is certainly no secret that Cisco wanted to buy Splunk
| for $20BN in Februart 2022
| secfirstmd wrote:
| Yeah true. Pretty hard to figure out that accurately from
| open sources.
| fatnoah wrote:
| I don't have the knowledge or the patience to find out,
| but it would be interesting see the overall pattern of 1
| day calls on Splunk stock to see if this was an outlier.
| smilbandit wrote:
| My depth of stock trading stops at the buy low sell high
| level. Can someone explain a little more if you have time?
| What would have happened to those trades if splunk had went
| down 20%?
| DSingularity wrote:
| They lose 22,000$
|
| This was insider trading.
| qeternity wrote:
| This is an overly simplistic view of options trading.
| Let's say I had a view that the stock was going to be
| volatile, more so than options implied, but didn't have a
| directional view. I could buy the calls and short the
| stock and scalp my gamma during the move.
|
| Or let's say I was short the stock and wanted to hedge
| during a volatile FOMC period.
| paulddraper wrote:
| They better be in Congress, or they're gonna be in big
| trouble.
| ransom1538 wrote:
| rsyslogd strikes again.
| bugsense wrote:
| Splunk is a dead player too. It's a great match.
| Covzire wrote:
| This might be why Cisco bought them:
|
| OMB Memorandum M-21-31[0], "Improving the Federal
| Government's Investigative and Remediation Capabilities
| Related to Cybersecurity Incidents" which includes directives
| to ensure event logging goes well beyond the current norms.
|
| By all accounts I've heard it's going to enrich the fortunes
| of every single SIEM/Log aggregation company out there,
| pretty much every govt contractor is going to need larger
| licenses in the next few years as contracts get rewritten
| with this EO in mind.
|
| [0] https://www.fedramp.gov/2023-07-14-fedramp-guidance-
| for-m-21...
| alephnerd wrote:
| Partially, but Splunk has been on the market for sometime
| actually. Also, large companies that compete with Cisco
| like CRWD, PAN, etc have been building out SIEM
| capabilities, as has Cisco, though Cisco being Cisco it
| didn't get the attention needed.
| jitl wrote:
| We [Notion] switched to Splunk Cloud a year or so ago, and
| it's vastly better than the other logging systems we've used.
| Much, much better than Kibana/Elasticsearch. We don't need to
| worry about indexed property limits anymore, yay. I'm a happy
| user.
| akulbe wrote:
| What makes you say Splunk is a dead player?
|
| Not arguing with you, it's genuine curiosity on my part.
| markstos wrote:
| Splunk bought VictorOps and the product has been stagnant
| or even worse since then.
|
| PagerDuty is significantly better for about the same price
| and demonstrates ways in which the product could have kept
| improving.
| liveoneggs wrote:
| they price-out medium customers so mind-share decreases
| dangus wrote:
| Are medium-sized customers valuable to Splunk?
|
| In sales we call this "Ideal Customer Profile." Why do I
| want a customer with less money to spend if I have a
| product with enough capability for the gigantic money-is-
| no-object customers?
| tyingq wrote:
| I believe the idea is that the big customers are
| interested because everyone is raving about it. If you
| price out the smaller customers, there's nobody to rave
| about it.
|
| Consider, for example, that Akamai's revenues are sitting
| in a plateau over the last 5 years, while Cloudflare is
| moving up.
| alephnerd wrote:
| > I believe the idea is that the big customers are
| interested because everyone is raving about it. If you
| price out the smaller customers, there's nobody to rave
| about it.
|
| That's not how enterprise procurement works, which is
| what makes the big bucks for companies like Akamai and
| Splunk.
|
| Cloudflare traditionally targeted mid-market and is in
| the process of building out an upper market/enterprise
| motion (I worked with the guy they hired to lead that in
| a previous role).
|
| I can dig deeper into ICP, Market Segmentation, and
| Enterprise sales if interested. There is too much FUD on
| HN
| mardifoufs wrote:
| I am super interested! Enterprise is like a rabbit hole
| to me
| tyingq wrote:
| How is what I said "FUD"? I know what it stands for. I
| don't see where I went with any of those three themes.
|
| Akamai has certainly done well over their lifetime, but
| their revenue for the last 5 years is very flat. That's
| not "FUD".
| alephnerd wrote:
| That wasn't aimed at you. I meant the general discourse
| of Enterprise Sales and GTM on HN is filled with FUD
| nemo wrote:
| >big customers are interested because everyone is raving
| about it.
|
| In this case the big customers are already using it.
| Splunk's value proposition for those customer is that
| they can handle with a massive volume without a hiccup.
| Small customers don't have the needs where Splunk is
| uniquely useful.
| baq wrote:
| That's why companies die in the long run.
|
| Microsoft dominated the nineties especially and the
| naughts less so but still because the marginal price of
| their OS was zero - due to piracy. Yes they didn't like
| business to run unlicensed but if you were a customer,
| nobody cared, because in 5-10-20 years you'd be a paying
| business or would work for a paying business.
|
| Splunk doesn't get that. There are no hobbyist/prosumer
| splunk installations. Zero. Nada. That's also how Linux
| won in the server space - nobody set up Windows servers
| as a hobby and 20 years later we're here.
|
| IOW it's medium-term short-sightedness, if it makes
| sense. Tactically good, strategically so-so to bad,
| depending on your moat and momentum.
| bigstrat2003 wrote:
| > Splunk doesn't get that. There are no hobbyist/prosumer
| splunk installations. Zero. Nada.
|
| Not true. I ran a free (legit!) Splunk instance in my
| homelab for years. It's been several years since I shut
| the homelab down, so I couldn't tell you if they still
| have hobbyist licensing, but they certainly had it in the
| past.
| baq wrote:
| I'll call you an unicorn :)
|
| I know they have a free license for super small
| deployments but haven't heard of anyone actually using
| it.
| yetanotherloss wrote:
| It was at one point usable but they drove off the
| hobbyist/small business crowd a long time ago. We do some
| work setting up elasticsearch tools that aggregate and
| filter data later sent to central splunk purely to affect
| a large reduction in license costs.
| optimalquiet wrote:
| A question: where did the hobbyist/small business crowd
| go?
| moneywoes wrote:
| do they not want to onboard these customers and then grow
| with them
| manicennui wrote:
| I doubt that the parent has any idea what "medium-sized"
| means. A few million in revenue is not medium sized.
| xwolfi wrote:
| I work in a 100+ year old giga bank, systemic in the
| country it comes from, in their Hong Kong investment bank
| branch.
|
| We loved Splunk, we invested quite a bit in it both for
| technical monitoring and business intelligence. After a
| while the price went so high we cut it all, moved to
| kdb/tableau/elk/whatever crappier system that cost less.
|
| Money is ALWAYS an object and Splunk makes sure to dig a
| hole deep enough for even the deepest pockets. I too
| prefer my shareholders to collect the fruit of my labor
| rather than... Splunk. At least they can reinvest some
| profit in us. Not Splunk, nope, they keep digging that
| hole in our pockets.
| singingfish wrote:
| We moved a business from splunk to ELK a couple of years
| ago. The actual work of doing so took less than a day.
| The maintenance processes changed, and some things are
| not as good. But aside from the beefy machine we run ELK
| on it costs next to nothing, and is very reliable.
| cityofdelusion wrote:
| Spot on. I also work in a 100+ year old gigantic
| corporation with big money and we are also moving off
| Splunk due to rising costs. Enterprise customers do not
| just pay whatever the sales folks ask for. Splunk is dead
| growth wise if they don't fix their pricing.
| adrr wrote:
| Because those medium-sized customer become large
| customers and getting more people to use your product
| builds up skill set in people. Switching cost is very
| expensive. This is why we'll probably see DataDog and
| Newrelic dominate the logging space because of their no
| contract plans that you can scale up to negotiated rates
| when you become larger. Even getting a POC of splunk is
| expensive and sales team will push for a contract.
|
| What splunk has going for it now is that they have lot
| invested in compliance and security but its only matter
| of time before other providers start offering the same.
| Only use case i would consider them for is a SIEM.
| Datadog logging is so cheap and works and gives me more
| money to spend on other things.
| andrewflnr wrote:
| Mindshare is valuable, was the point GP was making. If
| midsize customers ignore you because you're too
| expensive, and then implement something else before they
| get big enough to afford you, where do you get new
| customers? Forget growth, how do you replace attrition as
| your existing customers die?
|
| Personally I can't say if that's actually happening with
| Splunk, but it's a very plausible scenario.
| frankchn wrote:
| > Mindshare is valuable, was the point GP was making. If
| midsize customers ignore you because you're too
| expensive, and then implement something else before they
| get big enough to afford you, where do you get new
| customers? Forget growth, how do you replace attrition as
| your existing customers die?
|
| Somehow companies manage to make it work extracting money
| from your existing money-is-no-object customers. Oracle
| and IBM have basically zero mind-share amongst HN reading
| folks, but yet there they are.
| bvirb wrote:
| I've recently dealt with multiple companies who started
| using IBM Aspera (which as a vendor to them means we have
| to use it too) only for it to work miserably. I've also
| seen a couple tiny, perfectly functional MySQL databases
| replaced by expensive, slower Oracle databases with much
| higher maintenance costs.
|
| I think once a customer with a big enough budget is
| recognized by sales at one of these big organizations
| they make the sale happen. They talk to the higher-ups
| and either make them happy, or feed them a lot of FUD (or
| both), and then they're in, regardless of what the people
| working with the products (many of whom might be external
| vendors or consultants!) think.
|
| They're basically focused on more traditional sales &
| marketing instead of more grassroots sales & marketing
| (mindshare), but at least in my experience they
| definitely still get new customers.
| manicennui wrote:
| Their revenue is increasing and their losses are
| decreasing. They are fairly close to profitability. This
| is just nonsense.
| ransom1538 wrote:
| I have never. Once. worked somewhere that could afford
| splunk. But I have used it on trail many times, very
| cool.
| pantulis wrote:
| It's better -because it's easier to scale- to sell a
| single 1M$ license than selling a thousand 1000$
| licenses.
| toomuchtodo wrote:
| More efficient considering the typically long and drawn
| out enterprise sales cycle efforts as well.
| nickstinemates wrote:
| I completely disagree with both the spirit of the comment
| as well as the particular strawman presented.
|
| It is not better at all, by almost any metric other than
| overhead. Losing 1 of 1000 customers @ $1000 is very
| different than 1 of 1 customer @ $1M. One is easy to
| manage, the other leaves you dead in the water. In
| addition, you'd start to make concessions/unnatural
| decisions because you're so lopsided in diversity. And
| you're going to get completely fucked at renewal time.
| and, and and..
|
| Good M&A teams know this. They build a risk profile when
| revenue is a component of the acquisition. The acquiring
| party gets to learn a _lot_ about the fundamentals when
| putting deals together and it 's all factored in.
|
| To put it simply: having a healthy balance of revenue
| from multiple sources is a premium. Those are
| opportunities to advance your relationship and grow. Too
| many eggs in too few baskets are _major_ red flags that
| will have your revenue working against you.
| makeitdouble wrote:
| That's fine as long as your product stays competitive.
|
| But as you lose the smaller and middle-range customers,
| you're also missing on the trends of the market, while
| getting shaken up by the big players you can't afford to
| say no to. If one of your whales needs feature Y, no
| matter how exotic you think it could be, you'll have to
| implement Y, bloating your product for the rest of your
| clients.
|
| And while you're doing that, smaller competitors slowly
| creep up, eating up the bottom of you market, until
| you're stuck in a niche.
| hunter-gatherer wrote:
| I'm in a fortune 100 and we are looking at replacing
| splunk for sentinel because of cost of splunk. I don't
| use either in my day to day and have no horse in the
| race, but if my company is doing it then the cost of
| splunk must not be trivial.
| mschuster91 wrote:
| > And while you're doing that, smaller competitors slowly
| creep up, eating up the bottom of you market, until
| you're stuck in a niche.
|
| So what, milking mega enterprise for ossified products is
| a decently profitable niche. IBM, SAP, that huge American
| company powering a lot of hospital IT, Cisco itself...
| manvillej wrote:
| Epic, ServiceNow, Workday,
|
| Basically every ERP technology every invented.
| mschuster91 wrote:
| ServiceNow actually is quite decent... if you have a good
| management team, that is. I know a well run
| implementation and one that's a horrid clusterfuck no one
| wants to use (and because of that, they're implementing
| some AI chatbot, which I'm sure will piss people off even
| more).
| hermanradtke wrote:
| > that huge American company powering a lot of hospital
| IT
|
| Epic
| pbjtime wrote:
| The software seems very lazy. The interface belongs in the
| 90s. They've been resting on their laurels for eons. The
| fuckin basic ass PowerShell IDE that comes with windows is
| about seventeen trillion times more well designed and user-
| friendly.
| yanellena wrote:
| > Cisco isn't exactly known for their software innovation in
| the upper stacks
|
| I spend most of my day managing Meraki networks and some of
| that is seriously powerful and innovative.
| nosequel wrote:
| They bought Meraki.
| fsckboy wrote:
| > _They bought Meraki._
|
| and they're buying Splunk, so if the concern is continued
| innovation at the upper levels of the stack...
| marcus0x62 wrote:
| Most of Cisco's current product suite came via
| acquisitions[0]. The difference with Meraki, compared to
| the typical Cisco acquisition, is how independently they
| were allowed to operate. WebEx was a similar story. Cisco
| would tell you that acquisition is a core competency of
| theirs[1], but having worked there for 8 years (including
| during the WebEx and Meraki acquisitions,) I'd say their
| track record is far more spotty. A few successes like
| Meraki, a bunch of mediocre examples and a few really bad
| ones, like Scientific Atlanta.
|
| 0 - Even switching originally came to Cisco via a whole
| series of acquisitions in the 90s. You could argue -- and
| Stanford certainly did -- that routing was an acquisition
| of sorts, as well.
|
| 1 - Their M&A guy even wrote a book about it, called Doing
| Both, which purported to explain how Cisco achieved so many
| of their goals by refusing to make false "either/or"
| decisions. Ironically, almost every example in the book was
| something that Cisco is spectacularly bad at.
| TylerE wrote:
| Scientific Atlanta... there's a name I haven't heard in a
| long time. Didn't they use to make crappy cable boxes,
| back when cable TV meant a box that connected to the
| antenna input via coax.
| BatFastard wrote:
| I worked at Scientific Atlanta in the 90s, designing
| stealth radar systems. Some very cool tech they
| developed. They also did a lot of satellite comms. And a
| lot of telecom tech.
| marcus0x62 wrote:
| SA made set top boxes along with a bunch of back-end
| infrastructure to make them work. It was an acquisition
| that made sense on paper -- Cisco did (does) a lot of
| business with service providers, they make cable modem
| termination systems (the headend devices that handle
| cable modem connectivity,) had dabbled in IP video, so it
| was a natural evolution to make and sell the rest of the
| gear you'd need to operate a cable-based service
| provider. I don't think they were counting on how rapidly
| Internet streaming would take over, but in any case, the
| acquisition didn't work out so well and last I heard they
| had divested it.
|
| One other thing that I think feeds into these acquisition
| mishaps is that Cisco has, in my opinion, consistently
| over-estimated how much intelligence would be needed (or
| wanted) in the core network. In their view, intelligent
| network services = expensive network devices = revenue
| for Cisco. I think what the Internet specifically and IP
| in general, as well as the evolution of LAN technologies
| over time have proven is that when it comes to the core
| network, simple is almost always better and intelligence
| should move to the edge, where innovation can happen
| quicker and where services can be implemented in
| software.
|
| As an example, at one point they had what was,
| essentially, a middleware system (like Websphere,) which
| they called Application Oriented Networking. The idea was
| you would deploy these on your network gear, throughout
| your network, and it would provide message routing and
| translation services. They had a whole "architecture"
| built for it, called Services Oriented Network
| Architecture[0]. I don't think the people who built it
| really understood that it provided no real advantage over
| a cluster of middleware/ESB/MQ servers in a data center
| and that nobody was going to pay a huge premium to build
| that capability in their _IP routers_.
|
| 0 - https://www.cisco.com/c/dam/global/it_it/solutions/en
| t/tecno...
| TylerE wrote:
| I was thinking way earlier than that. My grandparents had
| a Scientific Atlanta box connected to their giant piece-
| of-furtniture Hughs and Mathis TV. This was late 80s,
| early 90s, long before digital TV, or cable having more
| than 30 or 40 channels.
| marcus0x62 wrote:
| I believe they made equipment related to cable/satellite
| TV as far back as the 70s.
| biggerstep wrote:
| Yep. I worked at SA from the mid-90's through the mid
| '10's. They left the satellite business and focused
| (mostly) on cable systems. Was a lot of fun as digital
| settops rolled out, then DVR, then HDTV. As others have
| noted, the Cisco acquisition in 2006 did not, uh, work
| out too well. I believe Cisco had visions of video
| control "in the network", but that was never going to
| work for extant cable systems, and we couldn't get an
| IPTV solution going for lots of reasons. Loved my time at
| SA but it was oil and water with Cisco.
| PeterCorless wrote:
| I sat in on the all Cisco acquisitions teams from c. 1994
| - 1999. Even during that heyday there were awesome
| acquisitions that took off and others that went nowhere.
| Cisco was historically always better at hardware
| acquisitions than pure-play software. It would often kill
| the software products entirely -- Internet Junction, TGV,
| Precept come to mind.
|
| The one other rule that John Chambers lived by was "no
| merger of equals." It was always about a big fish
| swallowing a smaller one. Cisco's market cap is an order
| of magnitude greater than Splunk's, but this is as close
| to breaking that Chambers Rule of Acquisitions as
| anything they've done to date.
|
| Here's the full history of Cisco acquisitions. Maybe
| someone with more M&A lore would scorecard it to see
| which were dreams and which were duds.
|
| https://www.cisco.com/c/en/us/about/corporate-strategy-
| offic...
| throwaway892238 wrote:
| Based on my experience in (mostly) software companies,
| hardware just seems more likely to work. The people
| building it are formally trained, the government forces a
| minimum amount of safety testing, and a design mistake
| could cost millions to fix, besides the reputational
| damage. Software is more like getting retail workers to
| build a remote controlled forklift out of junkyard parts.
| marcus0x62 wrote:
| I think they had _better_ success integrating hardware
| companies, but SA -- which was pretty much a hardware
| company -- was a pretty big counter-example. I'd also
| argue the further they strayed from their core market,
| the worse the results. See also: Flip and Linksys.
| avrionov wrote:
| I wonder if this segment is ready for disruption. Splunk is very
| expensive, ElasticSearch is still lacking many of the features of
| Splunk and when hosted on AWS is very expensive. SumoLogic was
| acquired by private equity, which means that it won't get
| cheaper. DataDog is also very expensive.
|
| Solution like SnowFlake for logs / telemetry where compute and
| storage are separated might be the future.
| danielodievich wrote:
| Observe Inc. is disrupting this just in that kind of way
| already. https://www.observeinc.com/blog/how-observe-uses-
| snowflake-t... describes how.
| dogman144 wrote:
| A stack we'll see:
|
| - panther siem (python alerts, thank the lord) and then pandas
| + databricks + s3 data lakes for deep analysis and IR
|
| - maybe swap in panther SIEM for XDRs, if they get better out
| of the box
| jensensbutton wrote:
| Snowflake... is not cheap.
| avrionov wrote:
| Snowflake is not cheap, but they had the right idea to
| separate the compute and storage.
| mikeshi42 wrote:
| We're[1] building the OSS equivalent when it comes to the
| observability side of Splunk/DD, on Clickhouse naturally of
| course but believe in the same end goal of lowering cost via
| separation of compute and storage.
|
| [1] https://github.com/hyperdxio/hyperdx
| manicennui wrote:
| ElasticSearch by itself is not a Splunk replacement except in
| very simple use cases.
| ak217 wrote:
| I haven't used Splunk in a number of years due to its cost.
| Splunk seems like a good pairing for Cisco - it's complementary
| to its other offerings to less price sensitive orgs, like Meraki.
|
| I've used several Splunk competitors (Sumo Logic, Datadog, etc.)
| that all have various strengths but suffer from a lesser version
| of Splunk's problem (once you're locked in and up for renewal,
| watch out). I also tried some ELK-based stuff, which just plain
| sucked.
|
| The one thing that hasn't sucked is AWS CloudWatch Logs, after
| they added Insights (a log query engine). It has reasonable
| pricing and works really well if you're on AWS.
| physicles wrote:
| We've got some logs in CloudWatch, but I barely use it because
| the query interface is unfathomably slow (in terms of query
| throughput). Do you use the web interface to query, or some
| other way?
| ak217 wrote:
| The Logs Insights interface (https://us-
| east-1.console.aws.amazon.com/cloudwatch/home?reg...) is fast
| enough for all our needs. You have to make sure you're using
| Insights and not the plain Logs query APIs, which are indeed
| very slow.
|
| For some applications, it also makes sense to use the built
| in Logs API that exports logs to S3 (the export process is
| very fast) then use any of a variety of tools geared toward
| searching through data on S3.
| stuff4ben wrote:
| I guess Cisco's AppDynamic acquisition from a few years ago isn't
| panning out. Or maybe they're complimentary, who knows?
| MDGeist wrote:
| I bet they will just try to upsell all the AppD customers with
| Splunk ES/SIEM. If the Thousand Eyes and AppD integration is
| any indicator they will add a button in AppD that opens up
| Splunk...
| dangus wrote:
| AppDynamics is primarily an APM product, not a SEIM.
|
| Also, from a business perspective, Cisco basically removed a
| competitor from the field.
| bugsense wrote:
| Thoughts and prayers to the people who will be tasked to
| consolidate the portfolio.
| KhoomeiK wrote:
| Not gonna lie, I'm not looking forward to seeing the Cisco logo
| every time I go to Santana Row.
| [deleted]
| projectileboy wrote:
| Does anyone have an example of an acquisition where the products
| of the acquired company then became better?
| troupe wrote:
| Webex is much better under Cisco than it was on it's own.
| Cisco's expertise in hardware made for a great combination and
| has kept the product aligned with interoperable standards more
| than Zoom and some of the others.
| mrits wrote:
| T-Mobile buying Sprint was a huge improvement for me.
| jabroni_salad wrote:
| Them buying Iowa Wireless was a boon for me. Before that it
| was either deal with verizon, or deal with being on a limited
| regional network.
|
| Waiting for the shoe to drop on that Mint Mobile acquisition
| though...
| projectileboy wrote:
| The responses here are giving me some hope. I've just had
| _many_ experiences as a customer where products I've used
| became worse (or were shut down) after their companies were
| acquired
| missedthecue wrote:
| There are exception, but Microsoft seems pretty good at this.
| GitHub, Minecraft... Skype got a lot better for me in terms of
| reliability after the acquisition too, of course they've been
| competed away by other voips like Facetime and Whatsapp these
| days.
|
| LinkedIn is better than ever for finding a job, or advertising
| a job, even though lots of people here don't like it because of
| the LinkedIn poasting culture.
| prepend wrote:
| > Minecraft
|
| Is so much worse under Microsoft. As a parent, it's funny how
| much Microsoft hate is in the house because the Minecraft
| fuckery. They made new versions, migrated accounts, added
| micro purchases, made mods harder.
|
| My 5-year-old had a Mojang account and could download and
| install Minecraft. Migrating to a Microsoft account was very
| hard and took multiple attempts and my direct help. And for
| some reasons "sucks."
| revskill wrote:
| Youtube, Instagram.
| xcdzvyn wrote:
| Why YouTube? It was definitely worse pre-acquisition, but so
| did the rest of the internet. Do you think it could've gone
| under without Google's capital?
| supertrope wrote:
| https://arstechnica.com/gadgets/2015/04/cheaper-bandwidth-
| or...
| jojobas wrote:
| Companies rarely buy other companies in order to make buyee's
| product better, they buy them to boost the buyer's business or
| at least remove competition.
| regularfry wrote:
| They don't buy _in order to_ make the buyee 's product
| better, but continuing to improve the product may be
| necessary to realise the value of the purchase particularly
| if regular updates and improvements are a big reason that
| customers stay with the brand.
| dhaulagiri wrote:
| Heroku. Better until it wasn't...
| sokoloff wrote:
| Android
| jve wrote:
| GitHub
|
| I'm sure there are tons of other, lesser known acquisitions...
| looking at what Apple acquires - seems relevant to be
| integrated into their products:
| https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitio...
|
| Oh, wow, they even acquired Intel smartphone modem business at
| 2019 and other Semiconductor businesses.
| mschuster91 wrote:
| > Oh, wow, they even acquired Intel smartphone modem business
| at 2019 and other Semiconductor businesses.
|
| Was the easiest way to put some fire under Qualcomm's arse,
| RF modems, batteries and displays are the only things Apple
| doesn't have under their direct control - but for batteries
| and displays they at least have a selection of competing
| suppliers. With modems, they're stuck at whatever crap
| Qualcomm delivers.
| selectodude wrote:
| For better or worse, Qualcomm has not been delivering crap.
| strunz wrote:
| DarkSky seems to be a big exception to this
| dangus wrote:
| I disagree. Apple Weather has become an amazing app since
| the DarkSky acquisition. I especially like the hourly
| charts.
| 1270018080 wrote:
| On the off chance Apple's weather app isn't having an
| outage.
| strunz wrote:
| Apple Weather may be better, but DarkSky is gone and it
| has not included all the features it used to have, such
| as hourly rain probability for any day.
| dangus wrote:
| From my perspective as an Apple Weather user, it went
| from basic and barebones to feature-packed almost
| overnight.
|
| The cost also went down. DarkSky was $4. I wasn't ever
| willing to pay for a weather app.
|
| I see hourly rain predictability for today, and for
| future days there are hourly precipitation charts in
| inches. I can't imagine that precipitation beyond the
| current day on an hourly basis has any chance of being
| accurate.
|
| I think alternative weather apps like DarkSky were
| incentivized to provide extra information that justifies
| their existence regardless of accuracy/precision.
|
| E.g., if I make my own weather app and my selling point
| is that I give you a forecast for every 10 minutes or
| that my forecast goes out 5 years, I don't have to have
| any shred of accuracy because it's just a forecast. I was
| able to sell you my app because you're impressed by the
| fact that I give you more granular predictions.
| pr10 wrote:
| [dead]
| prepend wrote:
| > The cost also went down. DarkSky was $4. I wasn't ever
| willing to pay for a weather app.
|
| I was the same way. Then I broke down and paid the $5.
| Best app purchase I ever made. One time fee and used it
| for years. I wish there were more apps like this.
| internet101010 wrote:
| Oddly enough this is the one reason why I don't use Apple
| Weather. I live in Texas - if you don't have covered
| parking you will inevitably get hail damage. The 1-2 days
| per week I go into the office I have to check Accuweather
| beforehand.
|
| Precipitation probability is the most important thing in
| a weather app to me.
| travoc wrote:
| Apple Weather developers in the Bay don't really know or
| care about your Southern hail or wind storms. R.I.P. Dark
| Sky. Sorry.
| rz2k wrote:
| You can set up alerts with windy.com to be notified about
| a location have a forecast combination of wind and rain
| that may work well for forecasting hail.
| uptown wrote:
| I wish Apple's hourly visuals for when it's going to rain
| didn't require a microscope to see.
| prepend wrote:
| Apple Weather is better, but not as good as DarkSky. And
| DarkSky is gone.
|
| It's one of the few apps I bought and it's frustrating
| that Apple bought them, picked a few features, killed the
| rest, and shut everything down.
|
| I'm not even complaining about killing the api, that
| makes sense since Apple doesn't care about this.
|
| But Apple Weather's maps don't work as well, the
| precipitation views aren't as detailed, the user supplied
| precipitation reports are gone. It just does different
| things.
|
| But, yes, Apple Weather is now a better app because the
| acquisition.
| davidu wrote:
| Meraki and OpenDNS both became better post acquisition, and in
| both cases I'd say it was because Cisco let them continue to
| maintain a lot of control, the leaders stayed around, and the
| majority of the engineering teams did, too. Cisco has a long
| list of successful acquisitions. The release says Gary will
| report to Chuck directly, which is a strong sign Chuck will
| make sure Splunk succeeds. (nb, I was CEO of OpenDNS)
| bugsense wrote:
| So they will compete against AppDynamics for the same
| customers... Fun times.
| sbuk wrote:
| AppDynamics isn't SIEM. If anything, this looks like an
| opportunity to upsell to AppDynamics customers.
| bugsense wrote:
| AppD offers some SIEM. Splunk does much more than SIEM.
| Splunk Observability Cloud has nothing to do with Splunk
| Enterprise, it's a fully fledged AppD competitor.
| aiwv wrote:
| Like you said, Meraki got better because the core team,
| including engineering and sales as well as the founders,
| stuck around for about two years. Things did go significantly
| downhill once the founders left but by that point the company
| was already so successful that the exodus of great people
| that followed their departure probably didn't even impact
| their bottom line that much. I will say that I personally
| found working for a Cisco subsidiary pretty terrible relative
| to working for a startup but, hey, the checks cleared.
| honkycat wrote:
| What does this mean for people who are currently working for
| Splunk?
|
| Are acquisitions often followed by layoffs?
|
| In my head, layoffs tend to happen BEFORE acquisitions.
| foota wrote:
| Weird acquisition.
| Mandem12 wrote:
| [flagged]
| sidcool wrote:
| Cisco and Splunk have no overlapping business models, do they?
| What's the strategy behind it?
| count wrote:
| Cisco is pushing hard in the security space.
| barryrandall wrote:
| Given the announcement's emphasis on AI, I assume this is
| partly about being able to train models on customer data.
| manicennui wrote:
| I'm guessing you know nothing about Cisco other than the fact
| that they make routers and switches.
| sidcool wrote:
| That's true.
| marcus0x62 wrote:
| To channel my inner John Chambers, this is a _market
| adjacency_. I.e., a way to expand into a market that
| complements something they already do. Their security product
| suite and data analytics tools would all naturally feed into
| Splunk. Cisco has, at various times, had products in the SIEM
| space[0], and it isn 't unusual[1] for them to build or acquire
| a few tools in the same category before finding something that
| is a good product-market fit with some longevity.
|
| 0 - See MARS,
| https://en.wikipedia.org/wiki/Cisco_Security_Monitoring%2C_A...
|
| 1 - A few examples: before WebEx, Cisco had MeetingPlace which
| was partially internally developed and partially built with
| external hardware and software products. Before Firepower
| Threat Defense (Snort acquisition,) there was the internally
| built ASA product line, which developed from the acquired PIX
| line. In load balancers, they had ACE (internally developed,)
| replacing CSS/CSM (based off of their Arrowpoint acquisition.)
| For NAC, they had NAC framework (internally developed, never
| really took off,) NAC appliance (acquired,) and now ISE
| (internally developed.) There are many, many, other examples
| here.
| zeruch wrote:
| My honest question here is "is this Cisco going into its true
| Oracle-grade dinosaur phase"?
| AlbertCory wrote:
| There's a term for these big, expensive, hard-to-get-rid-of
| software packages:
|
| "RansomWare"
|
| My leading example is SAP. Actually, most of the big ERP packages
| are ransomware.
| pizzaknife wrote:
| could you enumerate them, please?
| CSMastermind wrote:
| Oracle - don't use an Oracle database unless you hate money,
| yourself, or your company.
|
| SAP - getting off of their ERP systems is an absolute
| nightmare and they know/exploit that fact.
|
| Salesforce - CRM systems, in general, can lead to lock-in due
| to the sheer amount of data and customization they host. In
| recent years Salesforce has started to leverage this fact to
| grow revenue without adding value.
|
| Unity - they're getting aggressive in trying to extract more
| money from their existing customers and I'm not referring to
| the recent license changes. Nightmare company that you should
| avoid working with on enterprise software at all costs.
|
| Blackboard - within the education section their LMS is
| challenging to migrate off of and they will bend you over
| backwards because they know it.
|
| ServiceNow - they've seemingly given up on making a better
| product and have invested all their efforts in extracting
| more money out of their current customers.
|
| PagerDuty - whose sales rep who told me straight up that they
| didn't need to negotiate with us because it would be too
| difficult to switch away from their product.
|
| For specific product lines IBM, Cisco, and VMware also do
| this but I don't think it would be fair to characterize that
| as their overriding business strategy like the above.
| AlbertCory wrote:
| Thanks.
|
| Personally I hate those "give me more free info" responses.
| Do your own homework.
| leoc wrote:
| It's a strong effort, but not as cerebral as the classics,
| "Twitter Acquires Magic Pony"
| https://news.ycombinator.com/item?id=11937756 and "Salesforce
| Signs Definitive Agreement to Acquire Slack"
| https://www.youtube.com/watch?v=Qt9MP70ODNw .
| joncrane wrote:
| Perhaps it's a bit premature. There's no price point in the
| announcement so there may be some details that drag out...
| hrunt wrote:
| Apparently, this will be an all-cash deal worth $28
| billion[0].
|
| [0] https://www.cnbc.com/2023/09/21/cisco-acquiring-splunk-
| for-1...
| dang wrote:
| Related ongoing threads:
|
| _Insider trade on Splunk acquisition?_ -
| https://news.ycombinator.com/item?id=37599587
|
| _Show HN: My Single-File Python Script I Used to Replace Splunk
| in My Startup_ - https://news.ycombinator.com/item?id=37600019
| sleepybrett wrote:
| So when your oracle devices start spitting out EVEN MORE LOGS you
| can pay them coming and going.
| mikhailfranco wrote:
| _Enshittification,_ then they die.
|
| https://www.wired.com/story/tiktok-platforms-cory-doctorow/
| bbno4 wrote:
| This is so cool, Cisco has long been an innovator in networking
| and now with Splunk too they'll make a killer combination!
| debarshri wrote:
| Building splunk has become very democratised in today's day and
| age.
|
| Back in the day, logging, metrics, event collection etc. was a
| hard problem that they solved. Esp. when there weren't any simple
| distributed storage operators.
|
| They have been a cockroach in the orgs, surviving every downturn.
| As a dev, you might hate it, CISO and CIOs love it. Orgs, often
| mandate it. The way they dominated the market is via creating CEF
| formats, integrations. It is more than a logging solution right
| now. It is an XDR, threat analysis platform etc.
|
| This acquisition is going to be interesting with app
| dynamics+splunk and others, it feels like there is a larger play
| here for Cisco.
|
| I don't think the value that splunk have is transitive to ES or
| grafana. It is, its own thing.
| tootie wrote:
| When I first saw Splunk in like 2010 it was mind-blowing. Back
| then, standard practice was to tile 8 ssh terminal windows and
| log -f everything I needed. I'm sure it looked cool, but it was
| damn near impossible to find what I was looking for.
| pmcf wrote:
| Everyone complains about how expensive Splunk is but the amount
| of compute and storage consumed by processing logs is ridiculous.
|
| I feel like we should be talking about the sad state of logging
| where we think it's perfectly ok to dump millions of 10k stack
| trace dumps and think that should be cheap.
| supportengineer wrote:
| Does anyone ever look at this type of problem - Shipping,
| ingesting, retaining, searching gigabytes of log files - and stop
| and think - _what if there was another way_?
|
| In other words, what if there were no log files?
|
| Intended as a thought experiment.
| eigenvalue wrote:
| I hated Splunk so much that I spent a couple days a few months
| ago writing a single 1200 line python script that does absolutely
| everything I need in terms of automatic log collection,
| ingestion, and analysis from a fleet of cloud instances. It pulls
| in all the log lines, enriches them with useful metadata like the
| IP address of the instance, the machine name, the log source, the
| datetime, etc. and stores it all in SQlite, which it then exposes
| to a very convenient web interface using Datasette.
|
| I put it in a cronjob and it's infinitely better (at least for my
| purposes) than Splunk, which is just a total nightmare to use,
| and can be customized super easily and quickly. My coworkers all
| prefer it to Splunk as well. And oh yeah, it's totally free
| instead of costing my company thousands of dollars a year! If I
| owned CSCO stock I would sell it-- this deal shows incredibly bad
| judgment.
| runjake wrote:
| Why wouldn't you just use Graylog Free Edition?
|
| While it doesn't compete with Splunk, IMHO, it's much easier
| and much better than what 1,200 lines of Python could conjure
| up. Dashboarding and all. I love it and use it in a very large
| enterprise environment.
| [deleted]
| moneywoes wrote:
| have you released this anywhere
| eigenvalue wrote:
| Yes, just now: https://news.ycombinator.com/item?id=37600019
| magixx wrote:
| It's weird seeing no mention of Graylog anywhere here which is
| slightly different but I've found much easier to use in smaller
| setups. Unfortunately I have no idea what enterprise cost ends
| up looking like.
| eigenvalue wrote:
| Since someone asked, I cleaned up my script and released it:
|
| https://news.ycombinator.com/item?id=37600019
| anonzzzies wrote:
| Great, finally someone who actually does that. So many
| examples here with people whining about their Dropbox thingy
| in 4 lines of Perl but never releasing anything for us to
| check out. Well done!
| asynchronous wrote:
| That "thousands of dollars per year" number seems quite a bit
| low for a Splunk license. Even for a small amount of data it's
| more like thousands per month.
| spoonjim wrote:
| I'm sure the Cisco CEO is quaking in his boots thinking about
| this cronjob
| geodel wrote:
| Well today you are doing 100KB log processing, who knows,
| tomorrow you may end up doing 500KB log processing. It will
| be _All Hands On_ on late night Friday to eliminate this
| existential threat.
| tw04 wrote:
| For how many data sources? The whole reason everyone goes to
| Splunk is that it scales, and scales incredibly well.
|
| Large enterprises can generate hundreds of terabytes to
| petabytes every day. Splunk has all sorts of issues, but to
| pretend as if you can replace them in any large shop with a
| 1200 line python script and SQLite is just being disingenuous.
| This acquisition falls right into Cisco's sweet spot, they
| aren't chasing shops that can dump all their security and
| infrastructure logging into a SQLite database and not have it
| tip over in an hour.
| baz00 wrote:
| Splunk does not scale to large data sources. It fucks out at
| a few TB and then you have to spend hours on the phone trying
| to work out which combination of licenses and sales reps you
| need to get going again.
|
| By which time you can just suck the damn log file and grep it
| on the box.
| teach wrote:
| I'm gonna respectfully disagree that it fails "at a few
| TB". We send them 100s of terabytes a day.
| anonzzzies wrote:
| But, and this is not meant as criticism or insult as I
| have no idea how Splunk works, it is just based on other
| comments; do you know what license your company has with
| them? It appears that if you are paying them millions, it
| scales fine, otherwise, it does not?
| tekla wrote:
| > I have no idea how Splunk works Cool
|
| > It appears that if you are paying them millions, it
| scales fine
|
| yes, if you pay someone for product and services, you get
| them. If you don't, you don't
| baz00 wrote:
| It's difficult to control data ingress so you end up in
| debt and on repayment plans. Which are expensive.
| anonzzzies wrote:
| That makes sense, so looking at what people ingress, they
| pay afterwards or just really huge plans upfront? Or a
| mix?
| baz00 wrote:
| Well usually you have to overpurchase up front and they
| sell you a 3 year lock in to make it affordable capital
| cost. Then when you eek over it temporarily, the sales
| guy calls you up within 10 nanoseconds to bill you for
| more.
|
| I was getting 2-4 calls a week.
|
| It was so fucking annoying and expensive ($1.2M spend
| each cycle) we shitcanned the entire platform.
|
| First thing they hear of this is when our ingress rate
| drops to zero and they phone us up to ask what is
| happening. Then we don't go to the numerous catch up and
| renewal meetings and calls. Then we stop answering the
| phone.
| eigenvalue wrote:
| Had a similar experience with them, they are truly the
| worst. We wasted a bunch of time trying to figure out how
| the ingestion volume could be so high and then realized
| that 99% of it was from the ridiculous default settings
| of their universal collector agent which was dumping
| detailed system stats every few seconds-- all to drive up
| usage so they can harass you about spending more money on
| their awful product. I did the renewal call with them
| just to basically tell them how outrageous their company
| is.
| anonzzzies wrote:
| Yeah, because that is what I meant. A lot of services are
| useable without paying through the nose, this one
| apparently not, but thanks for the excellent input.
| westpfelia wrote:
| Uhhhh you splunk scales no matter the size. for just pure
| ingest. Now if you got duped into the SVC model I can see
| what you mean. But for pure Gigs/Day ingest if you know
| what youre doing it can scale infinitely.
| nostrebored wrote:
| I've worked at companies with objectively large amounts of
| data. Splunk scaled to meet their workloads. At no
| enterprise doing this is someone able to just isolate a
| single log file and grep through it at scale.
| Aeolun wrote:
| Presumably you can have a cluster of grepping machines. I
| wonder how it scales compared to the millions you pay for
| Splunk.
| baq wrote:
| is your business' core competency building a distributed
| grep or actually selling useful stuff?
| radiator wrote:
| Well, according to what people write in this thread, a
| distributed grep or some other way to organize a decent
| central logging system might be a necessary part of the
| core competency. Because if they buy splunk instead, they
| might go bankrupt.
| baq wrote:
| You don't have to be splunk to make money out of
| distributed grep but it turns out to not be that easy...
| as proven by the fact that there are quite a few
| competitors
| eigenvalue wrote:
| It's around 6 data sources on ~25 machines, but it could be
| easily scaled to way more than that with a bit of work. And I
| mean less work than it takes to do even trivially simple
| things using the horrible Splunk API. There are many
| thousands of small companies using Splunk and getting totally
| ripped off for a very mediocre product with a rapacious and
| annoyingly aggressive salesforce.
| tw04 wrote:
| I think we're talking about very different levels of scale.
| Enterprises are generally feeding tens to hundreds of
| thousands of datapoints into Splunk depending on their size
| between servers, networking gear, endpoint devices, etc.
| callalex wrote:
| Wait what this is such an important detail. Log aggregators
| like Splunk start being something to consider when you get
| to about 25 THOUSAND machines, not 25 machines. I hope that
| for you, humility will come with experience.
| coalbin wrote:
| That is a tiny setup all things considered. You aren't
| operating at a scale you'd need to consider a monitoring
| platform for.
| steveBK123 wrote:
| You'd be surprised how many companies with infra that
| small have CTOs get consultant buzzword pilled into
| buying every SaaS under the sun nonetheless...
| ilyt wrote:
| But you definitely want to, even if it simple ELK stack
| mlhpdx wrote:
| How many servers does Stack overflow run on? It's not a
| good measure of data volume or criticality.
|
| I think "expensive" here is basically relative to
| revenue/margin. Where margins are high, spending on
| Splunk (etc.) isn't meaningful. Where margins are thin,
| it hurts.
|
| Basically, the arguments here seem to reflect the markets
| and business model folks are working under. Some pay,
| some can't and some won't - all valid.
| thereddaikon wrote:
| Splunk isn't perfect. Managing it is more work than it
| should be for example. But I've got hundreds of systems I'm
| pulling logs from and that's not counting infra and
| applications as well. And my deployment isn't even a large
| one by their standards. Your use case just isn't the scale
| where splunk makes sense.
| ta1243 wrote:
| I have an order of magnitude more machines than you and
| would never in a million years consider splunk
|
| Right tool for the right job. Splunk is for mega-scale
| setups
| ignoramous wrote:
| > _it could be easily scaled to way more than that with a
| bit of work._
|
| I guess you'd appreciate the words _easily_ and _bit_ are
| doing a lot of heavy lifting there.
| hk__2 wrote:
| > I guess you'd appreciate the words easily and bit are
| doing a lot of heavy lifting there.
|
| This goes with the previous comment:
|
| > And oh yeah, it's totally free instead of costing my
| company thousands of dollars a year
|
| Unless you work for free, then something you make and
| maintain is not "totally free".
| westpfelia wrote:
| Liiiiissssteeeennnnn
|
| I havent developed it yet. But my Splunk killer solutions
| actually scales so big we can use it to walk to the
| center of the universe. And its only 1 line of Rust and a
| bash script that runs when ever the Unix clock has 420 in
| the number string.
| davinci123 wrote:
| ya as someone else already noted - Splunk is not for you
| nemo44x wrote:
| There's quite a few log ingestion programs that can do all that
| for you. Did you have some type of specialized log that one of
| the various logging tools couldn't handle for some reason? It
| sounds like you recreated the ELK stack lol.
| phyzome wrote:
| I used SumoLogic at my last job, which feels basically the same
| as Splunk. (Maybe not as fast? No idea on price.) There were
| times when it was easier to sync 45 GB of logs from S3 down to
| my laptop and run grep over them than it was to figure out the
| right arcane syntax and wait for the results. :-)
| bluedays wrote:
| Sounds like a startup
| mongol wrote:
| It sounds like the difference between a car and a freight
| train.
| manicennui wrote:
| This comment is incredibly naive. Cisco isn't making
| acquisition decisions based on your happiness. Splunk's revenue
| is increasing every year and their losses decrease. It is an
| incredibly popular tool that complements their products and
| services well.
| ilyt wrote:
| Expect entering splunk API key in next generation of their
| OSes for seamless monitoring
| manicennui wrote:
| I don't know about their router/switch OSes in particular,
| but a lot of their products already have Splunk integration
| and they seem to have a couple of products built on top of
| Splunk.
| shandor wrote:
| Sounds awesome for your use case!
|
| ...but this sounds so much like the legendary Dropbox release
| thread's "just use FTP, SVN, etc" that it made me smile :)
| eigenvalue wrote:
| I hear you, but the difference is that Dropbox is actually
| good and reasonably priced. Splunk is horrible to use and
| costs 1,000x what it should, and they are super aggressive
| about harassing you about usage caps and threatening you
| constantly with huge price hikes. Dropbox has barely raised
| price over the years (until pretty recently at least) and has
| been rock solid and amazing.
| Scarbutt wrote:
| Well no, dropbox is aimed at non-technical oriented users.
| Sure, they have "enterprise" features for admins now but
| that's not how it started and in the end the product is
| vastly consumed by non technical users.
| leoc wrote:
| _My_ complaint is that this acquisition is going to add another
| 1-4 paragraphs of examinable marketing copy to the Cisco CCNP
| ENCOR textbook. I 'll have to somehow remember not to confuse
| Splunk with Cisco Firepower NGIPS, which uses Snort. This is
| what happens when an industry starts to name its products after
| the sound effects from _Peppa Pig_.
| TheRealDunkirk wrote:
| It sounds like you reinvented the concept of a loghost with a
| database.
| prabhatsharma wrote:
| Why build in this age when too many open source solutions
| backed by opentelemetry standard are available. Use
| fluentbit/vector/otel-collector to capture data and send to
| some open source solution.
| eigenvalue wrote:
| Because I find all that stuff to be even more mental overhead
| to learn and work with, and super annoying to deploy and
| manage. It would literally take me longer to get one of those
| kinds of tools to work on my data the way I want it than it
| took me to make my own tool that does exactly what I want,
| exactly the way I want it, where it's incredibly trivial for
| me to add new kinds of logs or anything else.
|
| When you have a hugely complex, made by committee,
| enterprise-grade generic system/protocol like opentelemetry
| that does anything and everything, at any scale, it's always
| going to have huge amount of excess complexity when you are
| trying to do a specific simple thing well and quickly. It
| would be harder to figure out the config files for that stuff
| than it was to just make my own system.
| tekla wrote:
| This mostly sounds like a badly managed Splunk. If a 1200 line
| Python script is all you need to replace a Splunk instance, you
| weren't doing anything all that interesting or well in the
| first place.
|
| > useful metadata like the IP address of the instance, the
| machine name, the log source, the datetime,
|
| This should be tagged on every single log line already, and not
| something that you should be doing post-ingestion
| eigenvalue wrote:
| The logs included things like the systemd logs and stuff that
| I don't have control over. You need to be able to enrich with
| arbitrary metadata for it to be generally useful.
|
| My point is more that a large portion of Splunk customers
| could do the same thing I did and be way better off.
| Obviously not their huge enterprise customers spending
| millions a year.
| dingdong33 wrote:
| This is most stupid comment I've ever read from here.
| ShrigmaMale wrote:
| look at vector.dev and clickhouse. fast, has a language for
| extension, v easy to set up.
| evantbyrne wrote:
| I used Vector in the Beaker Studio prototype back when it was
| designed to deploy directly to Ubuntu virtual machines. That
| was a couple years ago at this point, and it worked
| wonderfully!
| surfingdino wrote:
| Congrats to the leadership team; thoughts and prayers to the
| engineering team.
| betaby wrote:
| Tens of billions? I hope sales justify those numbers ... or we
| are still in a bubble.
| debacle wrote:
| How does Cisco generally do with acquisitions? Splunk is a pretty
| nice tool and I'd hate to see this tank it.
| weakfish wrote:
| Meraki has been great acquisition.
|
| Disclaimer: I work at Cisco (Webex)
| grecy wrote:
| Somebody had a 45,650% gain in one overnight trade on $SPLK
| calls. Amazing luck. [1]
|
| Someone opened 127 calls for $22,000, and closed them today after
| the buy-out announcement.
|
| A cool way to turn $22,000 into $10,043,000
|
| [1]
| https://www.reddit.com/r/wallstreetbets/comments/16oi9an/som...
| bufferoverflow wrote:
| 99.99% that's insider trading.
| trallnag wrote:
| Will there be consequences?
| unmole wrote:
| Buying short dated far out of the money options is a
| guaranteed way to get caught. If this actually was insider
| trading, there are probably a bunch of SEC officials
| suffering from high-five induced palm injuries.
| orliesaurus wrote:
| always are
| grecy wrote:
| I assume it will be a ~$100k fine?
| 5cott0 wrote:
| apropos of nothing splunk is the most user hostile UI I have ever
| had the extreme displeasure of being forced to use
| riddley wrote:
| I guess you've never used SignalFX?
| saberience wrote:
| Didn't splunk acquire signalfx?
| Thev00d00 wrote:
| $28 billion - $157 a share
|
| Splunk shares were trading at $119.59, so ~31% premium.
|
| Cisco lost 4% in premarket trading.
| johnyzee wrote:
| All cash, too. Splunk was like, Cisco equity? Nah.
| rozenmd wrote:
| An average acquisition then:
|
| acquirer pays a premium to nudge the acquiree's board to
| approve
|
| acquirer's shareholders that disagree with the deal sell, in
| anticipation of value destruction
| airstrike wrote:
| not so much "nudge the target's board to approve" as "allow
| the target board to approve"
|
| a board that approves a 0% premium (barring unusual
| exceptions) will be sued to oblivion
| swozey wrote:
| $28 BILLION? Splunk???? my god
| airstrike wrote:
| Cisco cash is flowing out to Splunk shareholders so it makes
| sense that its equity value is X% lower after announcement
| selectodude wrote:
| There are ~4bn Cisco shares outstanding. CSCO is down $2. So
| the market thinks that Cisco is overpaying by $8bn, or a 33
| percent premium. Seems pretty bang on to me. Score one for
| the efficient market hypothesis.
| illiac786 wrote:
| "the market thinks" is an expression that makes me cringe.
| The market does not think, it's the result of multiple
| actions, which many many people pretend they can explain or
| even predict when really they cannot.
|
| "the market thinks" gives the stock trade market an aura of
| reason and intelligence which it absolutely does not
| deserve for many historical reasons. Trading as it exists
| today is unhinged capitalism, it's a cancer on our
| societies as it widens the gap between rich and poor. It
| should be taxed, something like an Automated Payment
| Transaction tax, to make high frequency or even medium
| frequency trading simply unrentable.
|
| I'm not against the concept of stocks in general, but the
| way it operates now is simply sick, I don't see how to
| phrase this differently.
| whoiscroberts wrote:
| Where are my Elasticians?
| ateng wrote:
| I was going to ask the same! What killer feature does Splunk
| has that could justify its hefty price tag, that Elastic
| couldn't do?
| glonq wrote:
| I loved the hell out of splunk until they priced themselves out
| of the stratosphere.
|
| I know a splunk employee (splunker?); hopefully she somehow gets
| rich(er) as part of this deal.
___________________________________________________________________
(page generated 2023-09-21 23:00 UTC)