The Value of Analysts and Observability with Nick Heudecker

Episode Summary

Nick Heudecker, who leads Market Strategy and Competitive Intelligence at Cribl, joins Corey who, as it turns out, has some similarities with Corey. Nick also spent some time in Maine, as a cryptologist for the Navy, and also spent the months of deep winter sitting at the computer. That set the stage for Nick to move into work as a industry analyst where he was able to bring forth their worth to the tech industry. Nick breaks down what exactly is an analyst firm, and why companies should care. Nick has some worthwhile insights into what an analyst can bring to the table for companies. Nick’s perspectives are certainly well founded and offer a lot on how to navigate that space successfully. Nick and Corey also go down the kaleidoscopic nature of observability, how Nick ended up at Cribl, and how Cribl is bringing forth some serious innovations in regards to observability. Tune in for Nick’s perspectives!

Episode Show Notes & Transcript

About Nick
Nick Heudecker leads market strategy and competitive intelligence at Cribl, the observability pipeline company. Prior to Cribl, Nick spent eight years as an industry analyst at Gartner, covering data and analytics. Before that, he led engineering and product teams at multiple startups, with a bias towards open source software and adoption, and served as a cryptologist in the US Navy. Join Corey and Nick as they discuss the differences between observability and monitoring, why organizations struggle to get value from observability data, why observability requires new data management approaches, how observability pipelines are creating opportunities for SRE and SecOps teams, the balance between budgets and insight, why goats are the world’s best mammal, and more.


Announcer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.

Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It’s an awesome approach. I’ve used something similar for years. Check them out. But wait, there’s more. They also have an enterprise option that you should be very much aware of You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It’s awesome. If you don’t do something like this, you’re likely to find out that you’ve gotten breached, the hard way. Take a look at this. It’s one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That’s and The first one is free. The second one is enterprise-y. Take a look. I’m a big fan of this. More from them in the coming weeks.

Corey: This episode is sponsored in part by our friends at Jellyfish. So, you’re sitting in front of your office chair, bleary eyed, parked in front of a powerpoint and—oh my sweet feathery Jesus its the night before the board meeting, because of course it is! As you slot that crappy screenshot of traffic light colored excel tables into your deck, or sift through endless spreadsheets looking for just the right data set, have you ever wondered, why is it that sales and marketing get all this shiny, awesome analytics and inside tools? Whereas, engineering basically gets left with the dregs. Well, the founders of Jellyfish certainly did. That’s why they created the Jellyfish Engineering Management Platform, but don’t you dare call it JEMP! Designed to make it simple to analyze your engineering organization, Jellyfish ingests signals from your tech stack. Including JIRA, Git, and collaborative tools. Yes, depressing to think of those things as your tech stack but this is 2021. They use that to create a model that accurately reflects just how the breakdown of engineering work aligns with your wider business objectives. In other words, it translates from code into spreadsheet. When you have to explain what you’re doing from an engineering perspective to people whose primary IDE is Microsoft Powerpoint, consider Jellyfish. Thats and tell them Corey sent you! Watch for the wince, thats my favorite part.

Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. This promoted episode is a bit fun because I’m joined by someone that I have a fair bit in common with. Sure, I moonlight sometimes as an analyst because I don’t really seem to know what that means, and he spent significant amounts of time as a VP analyst at Gartner. But more importantly than that, a lot of the reason that I am the way that I am is that I spent almost a decade growing up in Maine, and in Maine, there’s not a lot to do other than sit inside for the nine months of winter every year and develop personality problems.

You’ve already seen what that looks like with me. Please welcome Nick Heudecker, who presumably will disprove that, but maybe not. He is currently a senior director of market strategy and competitive intelligence at Cribl. Nick, thanks for joining me.

Nick: Thanks for having me. Excited to be here.

Corey: So, let’s start at the very beginning. I like playing with people’s titles, and you certainly have a lofty one. ‘competitive intelligence’ feels an awful lot like jeopardy. What am I missing?

Nick: Well, I’m basically an internal analyst at the company. So, I spend a lot of time looking at the broader market, seeing what trends are happening out there; looking at what kind of thought leadership content that I can create to help people discover Cribl, get interested in the products and services that we offer. So, I’m mostly—you mentioned my time in Maine. I was a cryptologist in the Navy and I spent almost all of my time focused on what the bad guys do. And in this job, I focus on what our potential competitors do in the market. So, I’m very externally focused. Does that help? Does that explain it?

Corey: No, it absolutely does. I mean, you folks have been sponsoring our nonsense for which we thank you, but the biggest problem that I have with telling the story of Cribl was that originally—initially it was, from my perspective, “What is this hokey nonsense?” And then I learned and got an answer and then finish the sentence with, “And where can I buy it?” Because it seems that the big competitive threat that you have is something crappy that some rando sysadmin has cobbled together. And I say that as the rando sysadmin, who has cobbled a lot of things like that together. And it’s awful. I wasn’t aware you folks had direct competitors.

Nick: Today we don’t. There’s a couple that it might be emerging a little bit, but in general, no, it’s mostly us, and that’s what I analyze every day. Are there other emerging companies in the space? Are there open-source projects? But you’re right, most of the things that we compete against are DIY today. Absolutely.

Corey: In your previous role, which you were at for a very long time in tech terms—which in a lot of other cases is, “Okay, that doesn’t seem that long,” but seven and a half years is a respectable stint at a company. And you were at Gartner doing a number of analyst-like activities. Let’s start at the beginning because I assure you, I’m asking this purely for the audience and not because I don’t know the answer myself, but what exactly is the purpose of an analyst firm, of which Gartner is the most broadly known and, follow up, why do companies care what Gartner thinks?

Nick: Yeah. It’s a good question, one that I answer a lot. So, what is the purpose of an analyst firm? The purpose of an analyst firm is to get impartial information about something, whether that is supply chain technology, big data tech, human resource management technologies. And it’s often difficult if you’re an end-user and you’re interested in say, acquiring a new piece of technology, what really works well, what doesn’t.

And so the analyst firm because in the course of a given year, I would talk to nearly a thousand companies and both end-users and vendors as well as investors about what they’re doing, what challenges they’re having, and I would distill that down into 30-minute conversations with everyone else. And so we provided impartial information in aggregate to people who just wanted to help. And that’s the purpose of an analyst firm. Your second question, why do people care? Well, I didn’t get paid by vendors.

I got paid by the company that I worked for, and so I got to be Tron; I fought for the users. And because I talk to so many different companies in different geographies, in different industries, and I share that information with my colleagues, they shared with me, we had a very robust understanding of what’s actually happening in any technology market. And that’s uncommon kind of insight to really have in any kind of industry. So, that’s the purpose and that’s why people care.

Corey: It’s easy from the engineering perspective that I used to inhabit to make fun of it. It’s oh, it’s purely justification when you’re making a big decision, so if it goes sideways—because find me a technology project that doesn’t eventually go sideways—I want to be able to make sure that I’m not the one that catches heat for it because Gartner said it was good. They have an amazing credibility story going on there, and I used to have that very dismissive perspective. But the more I started talking to folks who are Gartner customers themselves and some of the analyst-style things that I do with a variety of different companies, it’s turned into, “No, no. They’re after insight.”

Because it turns out, from my perspective at least, the more that you are focused on building a product that solves a problem, you sort of lose touch with the broader market because the only people you’re really talking to are either in your space or have already acknowledged and been right there and become your customer and have been jaded to see things from your point of view. Getting a more objective viewpoint from an impartial third party does have value.

Nick: Absolutely. And I want you to succeed, I want you to be successful, I want to carry on a relationship with all the clients that I would speak with, and so one of the fun things I would always ask is, “Why are you asking me this question now?” Sometimes it would come in, they’d be very innocuous;, “Compare these databases,” or, “Compare these cloud services.” “Well, why are you asking?” And that’s when you get to, kind of like, the psychology of it.

“Oh, we just hired a new CIO and he or she hates vendor X, so we have to get rid of it.” “Well, all right. Let’s figure out how we solve this problem for you.” And so it wasn’t always just technology comparisons. Technology is easy, you write a check and you hope for the best.

But when you’re dealing with large teams and maybe a globally distributed company, it really comes down to culture, and personality, and all the harder factors. And so it was always—those were always the most fun and certainly the most challenging conversations to have.

Corey: One challenge that I find in this space is—in my narrow niche of the world where I focus on AWS bills, where things are extraordinarily yes or no, black or white, binary choices—that I talked to companies, like during the pandemic, and they were super happy that, “Oh, yeah. Our infrastructure has auto-scaling and it works super well.” And I look at the bill and the spend graph over time is so flat you could basically play a game of pool on top of it. And I don’t believe that I’m talking to people who are lying to me. I truly don’t believe that people make that decision, but what they believe versus what is evidenced in reality are not necessarily congruent. How do you disambiguate from the stories that people want to tell about themselves? And what they’re actually doing?

Nick: You have to unpack it. I think you have to ask a series of questions to figure out what their motivation is. Who else is on the call, as well? I would sometimes drop into a phone call and there would be a dozen people on the line. Those inquiry calls would go the worst because everyone wants to stake a claim, everyone wants to be heard, no one’s going to be honest with you or with anyone else on the call.

So, you typically need to have a pretty personal conversation about what does this person want to accomplish, what does the company want to accomplish, and what are the factors that are pushing against what those things are? It’s like a novel, right? You have a character, the character wants to achieve something, and there are multiple obstacles in that person’s way. And so by act five, ideally everything wraps up and it’s perfect. And so my job is to get the character out of the tree that is on fire and onto the beach where the person can relax.

So, you have to unpack a lot of different questions and answers to figure out, well, are they telling me what their boss wants to hear or are they really looking for help? Sometimes you’re successful, sometimes you’re not. Not everyone does want to be open and honest. In other cases, you would have a team show up to a call with maybe a junior engineer and they really just want you to tell them that the junior engineer’s architecture is not a good idea. And so you do a lot of couples therapy as well. I don’t know if this is really answering the question for you, but there are no easy answers. And people are defensive, they have biases, companies overall are risk-averse. I think you know this.

Corey: Oh, yeah.

Nick: And so it can be difficult to get to the bottom of what their real motivation is.

Corey: My approach has always been that if you want serious data, you go talk to Gartner. If you want [anec-data 00:09:48] and some understanding, well, maybe we can have that conversation, but they’re empowering different decisions at different levels, and that’s fine. To be clear, I do not consider Gartner to be a competitor to what I do in any respect. It turns out that I am not very good at drawing charts in varying shades of blue and positioning things just so with repeatable methodology, and they’re not particularly good at having cartoon animals as their mascot that they put into ridiculous situations. We each have our portion of the universe, and that’s working out reasonably well.

Nick: Well, and there’s also something to unpack there as well because I would say that people look at Gartner and they think they have a lot of data. To a certain degree they do, but a lot of it is not quantifiable data. If you look at a firm like IDC, they specialize in—like, they are a data house; that is what they do. And so their view of the world and how they advise their clients is different. So, even within analyst firms, there is differentiation in what approach they take, how consultative they might be with their clients, one versus another. So, there certainly are differences that you could find the more exposure you get into the industry.

Corey: For a while, I’ve been making a recurring joke that Route 53—Amazon’s managed DNS service—is in fact a database. And then at some point, I saw a post on Reddit where someone said, “Yeah, I see the joke and it’s great, but why should I actually not do this?” At which point I had to jump in and say, “Okay, look. Jokes are all well and good, but as soon as people start taking me seriously, it’s very much time to come clean.” Because I think that’s the only ethical and responsible thing to do in this ecosystem.

Similarly, there was another great joke once upon a time. It was an April Fool’s Day prank, and Google put out a paper about this thing they called MapReduce. Hilarious prank that Yahoo fell for hook, line, and sinker, and wound up building Hadoop out of it and we’re still paying the price for that, years later. You have a bit of a reputation from your time at Gartner as being—and I quote—“The man who killed Hadoop.” What happened there? What’s the story? And I appreciate your finally making clear to the rest of us that it was, in fact, a joke. What happened there?

Nick: Well, one of the pieces of research that Gartner puts out every year is this thing called a Hype Cycle. And we’ve all seen it, it looks like a roller coaster in profile; big mountain goes up really high and then comes down steeply, drops into a valley, and then—

Corey: ‘the trough of disillusionment,’ as I recall.

Nick: Yes, my favorite. And then plateaus out. And one of the profiles on that curve was Hadoop distributions. And after years of taking inquiry calls, and writing documents, and speaking with everybody about what they were doing, we realized that this really isn’t taking off like everyone thinks it is. Cluster sizes weren’t getting bigger, people were having a lot of challenges with the complexity, people couldn’t find skills to run it themselves if they wanted to.

And then the cloud providers came in and said, “Well, we’ll make a lot of this really simple for you, and we’ll get rid of HDFS,” which is—was a good idea, but it didn’t really scale well. I think that the challenge of having to acquire computers with compute storage and memory again, and again, and again, and again, just was not sustainable for the majority of enterprises. And so we flagged it as this will be obsolete before plateau. And at that point, we got a lot of hate mail, but it just seemed like the right decision to make, right? Once again, we’re Tron; we fight for the users.

And that seemed like the right advice and direction to provide to the end-users. And so didn’t make a lot of friends, but I think I was long-term right about what happened in the Hadoop space. Certainly, some fragments of it are left over and we’re still seeing—you know, Spark is going strong, there’s a lot of Hive still around, but Hadoop as this amalgamation of open-source projects, I think is effectively dead.

Corey: I sure hope you’re right. I think it has a long tail like most things that are there. Legacy is the condescending engineering term for ‘it makes money.’ You were at Gartner for almost eight years and then you left to go work at Cribl. What triggered that? What was it that made you decide, “This is great. I’ve been here a long time. I’ve obviously made it work for me. I’m going to go work at a startup that apparently, even though it recently raised a $200 million funding round”—congratulations on that, by the way—“It still apparently can’t afford to buy a vowel in its name.” That’s C-R-I-B-L because, of course, it is. Maybe another consonant, while you’re shopping. But okay, great. It’s oddly spelled, it is hard to explain in some cases, to folks who are not already feeling pain in that space. What was it that made you decide to sit up and, “All right, this is where I want to be?”

Nick: Well, I met the co-founders when I was an analyst. They were working at Splunk and oddly enough—this is going to be an interesting transition compared to the previous thing we talked about—they were working on Hunk, which was, let’s use HDFS to store Splunk data. Made a lot of sense, right? It could be much more cost-effective than high-cost infrastructure for Splunk. And so they told me about this; I was interested.

And so I met the co-founders and then I reconnected with them after they left and formed Cribl. And I thought the story was really cool because where they’re sitting is between sources and destinations of observability data. And they were solving a problem that all of my customers had, but they couldn’t resolve. They would try and build it themselves. They would look at—Kafka was a popular choice, but that had some challenges for observability data—works fantastically well for application data.

And they were just—had a very pragmatic view of the world that they were inhabiting and the problem that they were looking to solve. And it looked kind of like a no-brainer of a problem to solve. But when you double-click on it, when you really look down and say, “All right, what are the challenges with doing this?” They’re really insurmountable for a lot of organizations. So, even though they may try and take a DIY approach, they often run into trouble after just a few weeks because of all the protocols you have to support, all the different data formats, and all the destinations, and role-based access control, and everything else that goes along with it.

And so I really liked the team. I thought the product inhabited a unique space in the market—we’ve already talked about the lack of competitors in the space—and I just felt like the company was on a rocket ship—or is a rocket ship—that basically had unbounded success potential. And so when the opportunity arose to join the team and do a lot of the things I like doing as an analyst—examining the market, talking to people looking at competitive aspects—I jumped at it.

Corey: It’s nice when you see those opportunities that show up in front of you, and the stars sort of align. It’s like, this is not just something that I’m excited about and enthused about, but hey, they can use me. I can add something to where they’re going and help them get there better, faster, sooner, et cetera, et cetera.

Nick: When you’re an analyst, you look at dozens of companies a month and I’d never seen an opportunity that looked like that. Everything kind of looked the same. There’s a bunch of data integration companies, there’s a bunch of companies with Spark and things like that, but this company was unique; the product was unique, and no one was really recognizing the opportunity. So, it was just a great set of things that all happen at the same time.

Corey: It’s always fun to see stars align like that. So—

Nick: Yeah.

Corey: —help me understand in a way that can be articulated to folks who don’t have 15 years of grumpy sysadmin experience under their belts, what does Cribl do?

Nick: So, Cribl does a couple of things. Our flagship product is called LogStream, and the easiest way to describe that is as an abstraction between sources and destinations of data. And that doesn’t sound very interesting, but if you, from your sysadmin background, you’re always dealing with events, logs, now there’s traces, metrics are also hanging around—

Corey: Oh, and of course, the time is never synchronized with anything either, so it’s sort of a giant whodunit, mystery, where half the eyewitnesses lie.

Nick: Well, there’s that. There’s a lot of data silos. If you got an agent deployed on a system, it’s only going to talk to one destination platform. And you repeat this, maybe a dozen times per server, and you might have 100,000 or 200,000 servers, with all of these different agents running on it, each one locked into one destination. So, you might want to be able to mix and match that data; you can’t. You’re locked in.

One of the things LogStream does is it lets you do that exact mixing and matching. Another thing that this product does, that LogStream does, is it gives you ability to manage that data. And then what I mean by that is, you may want to reduce how much stuff you’re sending into a given platform because maybe that platform charges you by your daily ingest rates or some other kind of event-based charges. And so not all that data is valuable, so why pay to store it if it’s not going to be valuable? Just dump it or reduce the amount of volume that you’ve got in that payload, like a Windows XML log.

And so that’s another aspect that it allows you to do, better management of that stuff. You can redact sensitive fields, you can enrich the data with maybe, say, GeoIPs so you know what kind of data privacy laws you fall under and so on. And so, the story has always been, land the data in your destination platform first, then do all those things. Well, of course, because that’s how they charge you; they charge you based on daily ingest. And so now the story is, make those decisions upfront in one place without having to spread this logic all over, and then send the data where you want it to go.

So, that’s really, that’s the core product today, LogStream. We call ourselves an observability pipeline for observability data. The other thing we’ve got going on is this project called AppScope, and I think this is pretty cool. AppScope is a black box instrumentation tool that basically resides between the application runtime and the kernel and any shared libraries. And so it provides—without you having to go back and instrument code—it instruments the application for you based on every call that it makes and then can send that data through something like LogStream or to another destination.

So, you don’t have to go back and say, “Well, I’m going to try and find the source code for this 30-year old c++ application.” I can simply run AppScope against the process, and find out exactly what that application is doing for me, and then relay that information to some other destination.

Corey: This episode is sponsored in part by Liquibase. If you’re anything like me, you’ve screwed up the database part of a deployment so severely that you’ve been banned from touching every anything that remotely sounds like SQL, at at least three different companies. We’ve mostly got code deployments solved for, but when it comes to databases we basically rely on desperate hope, with a roll back plan of keeping our resumes up to date. It doesn’t have to be that way. Meet Liquibase. It is both an open source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails to ensure you’ll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at Offer does not apply to Route 53.

Corey: I have to ask because I love what you’re doing, don’t get me wrong. The counterargument that always comes up in this type of 
conversation is, “Who in their right mind looks at the state of the industry today and says, ‘You know what we need? That’s right; another observability tool.’” what differentiates what you folks are building from a lot of the existing names in the space? And to be clear, a lot of the existing names in the space are treating observability simply as hipster monitoring. I’m not entirely sure they’re wrong, but that’s a different fight for a different time.

Nick: Yeah. I’m happy to come back and talk about that aspect of it, too. What’s different about what we’re doing is we don’t care where the data goes. We don’t have a dog in that fight. We want you to have better control over where it goes and what kind of shape it’s in when it gets there.

And so I’ll give an example. One of our customers wanted to deploy a new SIEM—Security Information Event Management—tool. But they didn’t want to have to deploy a couple hundred-thousand new agents to go along with it. They already had the data coming in from another agent, they just couldn’t get the data to it. So, they use LogStream to send that data to their new desired platform.

Worked great. They were able to go from zero to a brand new platform in just a couple days, versus fighting with rolling out agents and having to update them. Did they conflict with existing agents? How much performance did it impact on the servers, and so on? So, we don’t care about the destination. We like everybody. We’re agnostic when it comes to where that data goes. And—

Corey: Oh, it’s not about the destination. It’s about the journey. Everyone’s been saying it, but you’ve turned it into a product.

Nick: It’s very spiritual. So, we [laugh] send, we send your observability data on a spiritual [laugh] journey to its destination, and we can do quite a bit with it on the way.

Corey: So, you said you offered to go back as well and visit the, “Oh, it’s monitoring, but we’re going to call it observability because otherwise we get yelled out on Twitter by Charity Majors.” How do you view that?

Nick: Monitoring is the things you already know. Right? You know what questions you want to ask, you get an alert if something goes out of bounds or something goes from green to red. Think about monitoring as a data warehouse. You shape your data, you get it all in just the right condition so you can ask the same question over and over again, over different time domains.

That’s how I think about monitoring. It’s prepackaged, you know exactly what you want to do with it. Observability is more like a data lake. I have no idea what I’m going to do with this stuff. I think there’s going to be some signals in here that I can use, and I’m going to go explore that data.

So, if monitoring is your known knowns, observability is your unknown unknowns. So, an ideal observability solution gives you an opportunity to discover what those are. Once you discover them. Great. Now, you can talk about how to get them into your monitoring system. So, for me, it’s kind of a process of discovery.

Corey: Which makes an awful lot of sense. The problem I’ve always had with the monitoring approach is it falls into this terrible pattern of enumerate the badness. In other words, “Imagine all the ways that this system can fail,” and then build an alerting that lets you know when any of those things happen. And what happens next is inevitable to anyone who’s ever dealt with the tricksy devils known as computers, and what happens, of course, is that they find new ways to fail and you generally get to add to the list of things to check for, usually at two o’clock in the morning.

Nick: On a Sunday.

Corey: Oh, absolutely. It almost doesn’t matter when. The real problem is when these things happen, it’s, “What day, actually, is it?” And you have to check the calendar to figure out because your third time that week being woken up in the dead of night. It’s like an infant but less than endearing.

So, that has been the old school approach, and there’s unfortunately still an awful lot of, we’ll just call it nonsense, in the industry that still does exactly the same thing, except now they call it observability because—hearkening back to earlier in our conversation—there’s a certain point in the Gartner Hype Cycle that we are all existing within. What’s the deal with that?

Nick: Well, I think that there are a lot of entrenched interests in the monitoring space. And so I think you always see this when a new term comes around. Vendors will say, “All right, well, there’s a lot of confusion about this. Let me back-fit my product into this term so that I can continue to look like I’m on the leading edge and I’m not going to put any of my revenues in jeopardy.” I know, that’s a cynical view, but I’ve seen it over and over again.

And I think that’s unfortunate because there’s a real opportunity to have a better understanding of your systems, to better understand what’s happening in all the containers you’re deploying and not tearing down the way that you should, to better understand what’s happening in distributed systems. And it’s going to be a real missed opportunity if that is what happens. If we just call this ‘Monitoring 2.0’ it’s going to leave a lot of unrealized potential in the market.

Corey: The big problem that I’ve seen in a lot of different areas is—I’ll be direct—consolidation where you have a company that starts to do a thing—and that’s great—and then they start doing other things that are tied to it. And in turn, they start, I guess, gathering everything in the ecosystem. If you break down observability into various constituent parts, I—know, I know, the pillars thing is going to upset people; ignore that for now—and if you have an offering that’s weak in a particular area, okay, instead of building it organically into the product, or saying, “Yeah, that’s not what we do,” there’s an instinct to acquire a company or build that functionality out. And it turns out that we’re building what feels the lot to me like the SaaS equivalent of multifunction printers: they can print, they can scan, they can fax, and none of those three very well, so it winds up with something that dissatisfies everyone, rather than a best-of-breed solution that has a very clear and narrow starting and stopping point. How do you view that?

Nick: Well, what you’ve described is a compromise, right? A compromise is everyone can work and no one’s happy. And I think that’s the advantage of where LogStream comes in. The reality is best-of-breed. Most enterprises today have 30 or more different monitoring tools—call them observability tools if you want to—and you will never pry those tools from the dead hands of those sysadmins, DevOps engineers, SREs, et cetera.

They all integrate those tools into how they work and their processes. So, we’re living in a best-of-breed world. It’s like that in data and analytics—my former beat—and it’s like that in monitoring and observability. People really gravitate towards the tools they like, they gravitate towards the tools their friends are using. And so you need a way to be able to mix and match that stuff.

And just because I want to stay [laugh] on message, that’s really where the LogStream story kind of blends in because we do that; we allow you to mix and match all those different pieces.

Corey: Joke’s on you. I use Nagios and I have no friends. I’m not convinced those two things are entirely unrelated, but here we are. So here’s, I guess, the big burning question that a lot of folks—certainly not me, but other undefined folks, ‘lots of people are saying’—so you built something interesting that actually works. I want to be clear on this.

I have spoken to customers of yours. They swear by it instead of swearing at it, which happens with other companies. Awesome. You have traction, you’re moving forward, things are going great. Here’s $200 million is the next part of that story, and on some level, my immediate reaction—which does need updating, let’s be clear here—is like, all right.

I’m trying to build a product. I can see how I could spend a few million bucks. “Well, what can you do with I don’t know, 100 times that?” My easy answer is, “Something monstrous.” I don’t believe that is the case here. What is the growth plan? What are you doing that makes having that kind of a war chest a useful and valuable thing to have?

Nick: Well, if you speak with the co-founders—and they’ve been open about this—we view ourselves as a generational company. We’re not just building one product. We’ve been thinking about, how do we deliver on observability as this idea of discovery? What does that take? And it doesn’t mean that we’re going to be less agnostic to other destinations, we still think there’s an incredible amount of value there and that’s not going away, but we think there’s maybe an interim step that we build out, potentially this idea of an observability data lake where you can explore these environments.

Certainly, there’s other types of options in the space today. Most of them are SQL-based, which is interesting because the audience that uses monitoring and observability tools couldn’t care less about SQL right? They want search, they want regex, and so you’ve got to have the right tool for that audience. And so we’re thinking about what that looks like going forward. We’re doubling down on people.

Surprisingly, this is a very—like anything else in software, it is people-intensive. And so certainly those are other aspects that we’re exploring with the recent investment, but definitely, multiproduct company is our future and continued expansion.

Corey: Expansion is always a fun one. It’s the idea of, great, are you looking at going deeper into the areas you’re already active within, or is it more of a, “Ah, so we’ve solved the, effectively, log routing problem. That’s great. Let’s solve other problems, too.” Or is it more of a, I guess, a doubling down and focusing on what’s working? And again, that probably sounds judgmental in a way I don’t intend it to at all. I just have a hard time contextualizing that level of scale coming from a small company perspective the way that I do.

Nick: Yeah. Our plan is to focus more intently on the areas that we’re in. We have a huge basis of experience there. We don’t want to be all things to all people; that dilutes the message down to nothing, so we want to be very specific in the audiences we talk to, the problems we’re trying to solve, and how we try to solve them.

Corey: The problem I’ve always found with a lot of the acquisition, growth thrashing of—let me call it what I think it is: companies in decline trying to strain relevancy, it feels almost like a, “We don’t see a growth strategy. So, we’re going to try and acquire everything that hold still long enough, at some level, trying to add more revenue to the pile, but also thrashing in the sense of, okay. They’re going to teach us how to do things in creative, awesome ways,” but it never works out that way. When you have a 50,000 person company acquiring a 200 person company, invariably the bigger culture is going to dominate. And I don’t understand why that mistake seems to continually happen again, and again, and again.

And people think I’m effectively alluding to—or whenever the spoken word version of subtweeting is—a particular company or a particular acquisition. I’m absolutely not, there are probably 50 different companies listening right now who thinks, “Oh, God. He’s talking about us.” It’s the common repeating trend. What is that?

Nick: It’s hard to say. In some cases, these acquisitions might just be talent. “We need to know how to do X. They know how to do X. Let’s do it.” They may have very unique niche technology or software that another company thinks they can more broadly apply.

Also, some of these big companies, these may not be board-level or CEO-level decisions. A business unit might decide, “Oh, I like what that company is doing. I’m going to go acquire it.” And so it looks like MegaCorp bought TinyCorp, but it’s really, this tiny business unit within MegaCorp bought tiny company. The reality is often different from what it looks like on the outside.

So, that’s one way. Another is, you know, if they’re going to teach us to be more effective with tech or something like that, you’re never going to beat culture. You’re never going to be the existing culture. If it’s 50,000, against 200, obviously we know who wins there. And so I don’t 
know if that’s realistic.

I don’t know if the big companies are genuine when they say that, but it could just be the messaging that they use to make people happy and hopefully retain as many of those new employees for as long as they can. Does that make sense?

Corey: No, it makes perfect sense. It’s the right answer. It does articulate what is happening there, and I think I keep falling prey to the same failure. And it’s hard. It’s pernicious, but companies are not monolithic entities.

There’s no one person at all of these companies each who is making these giant unilateral decisions. It’s always some product manager or some particular person who has a vision and a strategy in the department. It is not something that the company board is agreeing on every little decision that gets made. They’re distributed entities in many respects.

Nick: Absolutely. And that’s only getting more pervasive as companies get larger [laugh] through acquisition. So, you’re going to see more and more of that, and so it’s going to look like we’re going to put one label on it, one brand. Often, I think internally, that’s the exact opposite of what actually happened, how that decision got made.

Corey: Nick, I want to thank you for taking so much time to speak with me about what you’re up to over there, how your path has shaped, how you view the world, and also what Cribl does these days. If people want to learn more about what you’re up to, how you think about the world, 
or even possibly going to work at Cribl which, having spoken to a number of people over there, I would endorse it. How do they find you?

Nick: Best place to find us is by joining our community:, and Cribl is spelled C-R-I-B-L. You can certainly reach out there, we’ve got about 2300 people in our community Slack, so it’s a great group. You can also reach out to me on Twitter, I’m @nheudecker, N-H-E-U-D-E-C-K-E-R. Tell me what you thought of the episode; love to hear it. And then beyond that, you can also sign up for our free cloud tier at It’s a pretty generous one terabyte a day processing, so you can start to send data in and send it wherever you’d like to be.

Corey: To be clear, this free as in beer, not free as an AWS free tier?

Nick: This is free as in beer.

Corey: Excellent. Excellent.

Nick: I think I’m getting that right. I think it’s free as in beer. And the other thing you can try is our hosted solution on AWS, fully managed cloud at, we offer a free one terabyte per day processing, so you can start to send data into that environment and send it wherever you’d like to go, in whatever shape that data needs to be in when it gets there.

Corey: And we will, of course, put links to that in the [show notes 00:35:21]. Thank you so much for your time today. I really appreciate it.

Nick: No, thank you for having me. This was a lot of fun.

Corey: Nick Heudecker, senior director, market strategy and competitive intelligence at Cribl. I’m Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment explaining that the only real reason a startup should raise a $200 million funding round is to pay that month’s AWS bill.

Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit to get started.

Announcer: This has been a HumblePod production. Stay humble.
Newsletter Footer

Get the Newsletter

Reach over 30,000 discerning engineers, managers, enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor an Episode

Get your message in front of people who care enough to keep current about the cloud phenomenon and its business impacts.