Cisco Announces Intent to Acquire Splunk

Last week, Cisco announced its intention to acquire Splunk for $157 per share in cash, representing approximately $28 billion in equity value. Upon the close of the acquisition, Splunk President and CEO Gary Steele will join Cisco’s Executive Leadership Team, reporting to Chair and CEO Chuck Robbins.

News: Cisco Acquires Splunk

Cisco is set to acquire data-analysis software company Splunk for $28 billion in cash, marking Cisco’s largest-ever deal and reflecting a trend of technology giants seeking growth through acquisitions, particularly in sectors like artificial intelligence.

Under the terms of the deal, Cisco will deliver a hefty premium to Splunk shareholders, paying $157 per share. Considering that the 52-week low for Splunk was $65 a share and has hovered below $100 much this year, that’s a big bump for Splunk stockholders and suggests there might have been some competition for the logging giant.

Context: Who is Splunk?

Splunk offers software and solutions to help organizations search, monitor, analyze, and visualize data from various sources in real time. Splunk is widely used for log management, security information and event management (SIEM), and machine data analytics.

The core of Splunk’s offering is its ability to collect, index, and correlate data from various sources, making it a valuable tool for gaining insights into operational, security, and business data. It is often used to monitor and troubleshoot IT infrastructure, security events, and business performance metrics.

Graphic illustrating Splunk's platform.
Splunk Platform

A diverse range of industries and organizations utilize Splunk’s software to gain actionable intelligence from their data. The company has a strong presence in cybersecurity, IT operations, application monitoring, and business analytics.

Over the years, Splunk has expanded its product offerings and services to address various data-related challenges and has become a significant player in observability, security, and data analytics. At its recent annual conference in July, the company doubled down on delivering AI-enabled solutions across its portfolio.

Analysis: Competitive Impact

Cisco’s acquisition of Splunk strongly indicates how healthy the observability and observability-related cybersecurity markets are – Splunk plays in both spaces. Each of these markets is also very competitive, which makes navigating the deal tricky for Cisco. 


Observability is a healthy market filled with aggressive competitors, including Dynatrace, Datadog, and ScienceLogic, all of which are poised to take advantage of the uncertainty that the Cisco acquisition will bring into the space. I’ve spoken with executives at several of Splunk’s competitors since the announcement last week, and it’s clear that everyone in the AIOps and observability sectors is closely monitoring this situation for any signs of delays or conflicts.

It’s inevitable that Cisco and Splunk will be distracted as they rationalize their overlapping product portfolios and sales channels. The long-term viability of Cisco and Splunk’s observability offerings will be questioned by IT buyers, making their respective log management and AppDynamics businesses vulnerable.

While Cisco hopes this will be a short-term distraction, the realities, and complexities involved in integrating an organization the size of Splunk may cause customer uncertainty to linger for quite a while. This will likely stall or redirect millions of dollars’ worth of purchasing decisions while the organizations work out how to collaborate effectively, affecting portfolios, leadership teams, and customer bases.

Dynatrace, of all its competitors, may emerge as a big winner from the deal, as the company is best positioned to seamlessly deliver the enterprise-class observability solutions demanded by Splunk (and Cisco) customers. Continuing an impressive run of innovation, Dynatrace this year has aggressively focused on implementing AI-enabled capabilities that make it unrivaled in the space. This was recognized by analyst firm Gartner Group in its latest Magic Quadrant for Observability.

Security Information and Event Management (SIEM) Market

While the acquisition presents a significant win for Cisco’s security business, many security practitioners I’ve spoken to have expressed some apprehension. Many of these concerns stem from past experiences of Cisco acquisitions that suffered from underinvestment and a lack of focus, potentially impacting the quality of the SIEM (Security Information and Event Management) services relied upon by security leaders.

The acquisition paves the way for Cisco to shape a distinct narrative for Identity Threat Detection and Response (ITDR), especially considering its earlier purchase of ITDR startup Oort. The amalgamation of Splunk, Oort, and Duo enables Cisco to present a unique ITDR story and emphasizes identity security, a previously less pronounced dimension in Cisco’s offerings.

The acquisition of Splunk marks a significant turning point in the SIEM market. It raises concerns among Splunk users who may need more clarification about Cisco’s security role and its potential effects on innovation within Splunk. These uncertainties will likely lead Splunk customers to explore alternatives, with a singular potential boon for Microsoft Sentinel, the largest competitor to Splunk in the SIEM market.

This transformation also creates opportunities for XDR vendors like CrowdStrike and Palo Alto Networks, which have SIEM replacement strategies and could lure customers away from traditional SIEM deployments.

Final Analysis

Despite the inevitable disruption in the market as Cisco absorbs Splunk and rationalizes their joint portfolios, the acquisition is a strong one for the technology giant. The acquisition of Splunk positions Cisco to elevate its status in the competitive landscape overnight.

The most immediate impact will be in the cybersecurity space, where Cisco stands to gain a pivotal advantage by acquiring the leading security analytics platform in the current market, along with its loyal customer base.

The acquisition will add Splunk’s robust data platform to Cisco’s security portfolio, enabling organizations to transition from threat detection and response to threat prediction and prevention. The merger will address data and security challenges and leverage Generative AI to provide visibility into data and exploit AI opportunities.

Cisco also gains an observability platform that could fit nicely into its portfolio. The future could be clearer here, as Cisco has a strong portfolio of full-stack observability that competes with Splunk’s offerings across many dimensions. Cisco’s messaging of the acquisition leans heavily into the security aspects of the deal, which only serves to fuel the uncertainty.

Rationalizing each company’s offerings into a coherent portfolio will be among Cisco’s more formidable challenges, one that will open the door to competitive losses while that’s ongoing. I’m hopeful that Cisco will quickly navigate this issue, but the risk is real. 

The bottom line is that acquiring Splunk is a great long-term play for Cisco. The deal directly supports Cisco’s ongoing business transformation, refocusing the company on software and subscriptions. The acquisition of Splunk will only accelerate Cisco’s efforts here. It’s a good acquisition for Cisco, but its ability to navigate customer uncertainty will be paramount.

Disclosure: The author is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.