It has been nearly a yr and a half since Cisco Systems Inc. acquired Splunk Inc. On the time, traders have been glad as a result of it was a great monetary transfer. Cisco spent $28 billion and would get again about $4 billion a yr in income that was accretive to revenue margins. Splunk income is primarily subscription-based, which might speed up Cisco’s march towards this mannequin.
Nevertheless, the endgame for Cisco and Splunk was not simply in regards to the financials. On the time of the deal, I talked with Cisco management and the purpose was to take the Splunk property and use them to speed up Cisco’s transformation to a platform firm that would present significant differentiation within the synthetic intelligence period.
Traditionally Cisco has had good merchandise however there was little or no integration between them, so the worth of “Cisco” was restricted to model and buy order consolidation. Within the AI period, infrastructure must be performant and resilient, which is without doubt one of the major worth propositions of the Cisco platform.
On the identical time, Cisco knowledge is getting used to bolster the Splunk platform. Traditionally, Splunk has centered its knowledge ingest round safety and observability, however the inclusion of community telemetry will add a brand new dimension to Splunk’s merchandise.
I went to Splunk’s user event, .conf this previous week to see how a lot progress Cisco had made in bringing the 2 firms collectively and was genuinely stunned on the payload of merchandise introduced that have been co-developed between Cisco and Splunk.
Listed here are among the extra significant bulletins that highlighted Cisco and Splunk and their “higher collectively” story:
Cisco Knowledge Material
Maybe the largest announcement at .conf25 was the launch of the Cisco Data Fabric, a brand new structure constructed on Splunk Enterprise and Cloud Platform. This can transfer organizations nearer to minimizing the gaps in infrastructure, knowledge and belief by making machine knowledge simpler and less expensive to handle. Machine knowledge is continually generated by techniques, networks, units and apps, however it’s too messy and fragmented to make use of. Throughout his keynote, Chief Product Officer Jeetu Patel (pictured) shared a datapoint that over 55% of information generated will likely be machine knowledge.
Although there are various general-purpose knowledge materials, Cisco constructed this particularly to be a machine knowledge resolution with a concentrate on operational resilience use instances. Cisco Knowledge Material is constructed round 4 foremost areas. The primary is knowledge on the edge, the place data is captured and processed near the place it’s created. The second is knowledge within the cloud, which connects workloads and analytics throughout public cloud platforms. The third is knowledge in hybrid environments, which bridges on-premises and multicloud techniques, to allow them to be managed as one. Lastly, machine knowledge administration brings collectively logs, telemetry and different operational knowledge in a extra organized strategy to help AI apps.
Past unifying knowledge, the brand new structure introduces clever edge administration, which filters and shapes knowledge earlier than it strikes. This characteristic additionally consists of federated seek for organizations that need question throughout techniques akin to Amazon S3, Snowflake and Microsoft Azure. Sooner or later, Cisco plans so as to add a time-series basis mannequin to enhance anomaly detection, forecasting and root-cause evaluation. Cisco Knowledge Material core capabilities are already accessible, with extra options rolling out by 2026.
Additionally, Cisco AI Canvas will combine with Splunk Cloud Platform to offer a collaborative, AI-driven workspace for safety and data expertise operations groups. Scheduled for availability in 2026 as a part of the brand new Cisco Knowledge Material, this integration will allow customers to leverage AI brokers and a unified interface to orchestrate analytical workflows and speed up incident decision. Appearing as a “digital warfare room,” the canvas will enable groups to co-investigate points in actual time by aggregating and correlating knowledge from Splunk with different sources.
What I like most about AI Canvas is that it’s designed to permit engineers to proceed to work within the instruments they like, akin to Meraki and Splunk, however then shift to AI Canvas when multidomain workflows are required. Finally all Cisco administration roads will result in AI Canvas, however Cisco is taking a nondisruptive operational path.
AI instruments for safety operations
Safety has been and continues to be a serious point of interest for Splunk and Cisco. Throughout his portion of the keynote, Mike Horn, senior vice chairman and common supervisor of Splunk safety merchandise, highlighted an AI-powered triage agent in growth that automates the routine steps safety groups usually observe when investigating an alert. Horn additionally identified Cisco’s latest SnapAttack acquisition, which strengthens the corporate’s detection administration.
“We’ve obtained an agent that’s in growth proper now the place we’re beginning to get some early buyer suggestions,” mentioned Horn. “It’s actually about automating the investigation course of. How can I take a buyer set of ordinary investigation procedures, carry out that robotically on their behalf, and apply AI reasoning throughout that course of?”
These developments got here into sharper focus at .conf25, with Cisco’s formal announcement of Splunk Enterprise Safety Necessities Version and Premier Version. The 2 new choices, inside Splunk Enterprise Safety 8.2, put agentic AI on the core of safety operations. Premier is a complete package deal that mixes Enterprise Safety with Safety Orchestration, Automation, and Response, or SOAR, with Person and Entity Habits Analytics, or UEBA, and Splunk’s AI Assistant. Necessities is a lighter package deal that features Enterprise Safety with the AI Assistant.
Cisco additionally launched a broader set of AI security measures that may roll out over time. One characteristic is a malware reversal agent that may break down malicious code. One other is an AI playbook authoring characteristic that interprets pure language into automated workflows. These developments are a part of its Cisco’s imaginative and prescient for an agentic safety operations middle that may deal with routine duties, so groups can concentrate on higher-level selections.
“Our safety choices unify detection, investigation, and response right into a single, intuitive workspace, eliminating instrument fragmentation and considerably boosting effectivity.” mentioned Horn. “Constructed-in AI will help lower alert noise and scale back investigation time from hours to minutes.”
Cisco can also be bringing in deeper integrations from its wider safety portfolio. One instance is help for Isovalent’s prolonged Berkeley Packet Filter or eBPF runtime safety. Isovalent, which is now a part of Cisco, has a Linux kernel expertise for operating customized packages. Now, Splunk customers can have a deeper understanding of what workloads are doing inside Linux environments, to allow them to pinpoint malicious exercise because it occurs.
Observability within the AI period
Observability has been a core a part of Splunk’s technique for years, however now, it’s being repositioned within the AI period. Upcoming Splunk observability updates will embrace hybrid software monitoring, which supplies organizations visibility into each on-premises and cloud providers. Splunk can also be introducing consumer journey analytics to indicate how efficiency points have an effect on finish customers.
On a grander scale, Cisco and Splunk are deepening their observability portfolio with agentic AI. New troubleshooting brokers are launching in Splunk Observability Cloud and AppDynamics. They may use agentic AI to research incidents and establish potential root causes. Splunk can also be including new methods to watch AI techniques themselves, together with the efficiency, price and safety of huge language fashions, AI brokers and the infrastructure that helps them.
To tie all of it collectively, Cisco is unifying Splunk Observability Cloud, Splunk AppDynamics and Cisco ThousandEyes to offer groups a extra full view of purposes and networks. This consists of deeper insights into enterprise processes, richer digital expertise analytics, help for each hybrid and cloud-native apps, and extra. As an example, a brand new AppDynamics agent primarily based on OpenTelemetry will enable clients to ship knowledge to both AppDynamics or Splunk Observability Cloud, relying on their platform of selection.
With these options — a few of which can be found now and others rolling out over the following yr — Splunk is positioning observability as greater than a troubleshooting instrument. The purpose is to assist organizations “put AI purposes and brokers to work,” whereas having full visibility and management, in accordance with Patrick Lin, senior vice chairman and common supervisor of Splunk Observability.
Lin emphasised the significance of Splunk Observability Cloud and AppDynamics on a prebriefing. “When you concentrate on the core constructs that individuals take care of in AppDynamics… actually, it’s the idea of enterprise transactions,” he mentioned. “That’s the idea that we’ve introduced into the Observability Cloud expertise. Then we rounded out the opposite issues that it’s essential to perceive software efficiency.”
Previous to Splunk, Cisco’s observability story was constructed round product silos, most notably Thousand Eyes and AppDynamics. Splunk is the connective tissue that was lacking to deliver all Cisco observability knowledge collectively after which discover the insights in it to make the information actionable.
Remaining ideas
Given the hefty price ticket Cisco paid for Splunk, it’s good to see the speedy integration that brings worth to each set of shoppers. One side of the combination I imagine is vital is that Cisco has let Splunk proceed to be “Splunky.”
I chatted with lots of the clients on the occasion and lots of have been nervous that Cisco would, as one engineer described, “company up” Splunk, however that hasn’t been the case. The Splunk group is what offers the corporate its sturdy place and Cisco has completed a pleasant job of including to the group as an alternative of making an attempt to vary it.
We obtained a heavy dose of the mix of Cisco and Splunk at Cisco Dwell, and now at .conf and I’m anticipating the identical on the Cisco Accomplice Summit, the corporate’s annual reseller occasion, in November.
Zeus Kerravala is a principal analyst at ZK Analysis, a division of Kerravala Consulting. He wrote this text for SiliconANGLE.
Picture: Splunk/livestream
Assist our mission to maintain content material open and free by participating with theCUBE group. Be part of theCUBE’s Alumni Belief Community, the place expertise leaders join, share intelligence and create alternatives.
- 15M+ viewers of theCUBE movies, powering conversations throughout AI, cloud, cybersecurity and extra
- 11.4k+ theCUBE alumni — Join with greater than 11,400 tech and enterprise leaders shaping the long run by a novel trusted-based community.
About SiliconANGLE Media
Based by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has constructed a dynamic ecosystem of industry-leading digital media manufacturers that attain 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking floor in viewers interplay, leveraging theCUBEai.com neural community to assist expertise firms make data-driven selections and keep on the forefront of {industry} conversations.
