Cisco + Splunk

Research Note: Cisco’s AI-Powered Transformation of the Splunk Portfolio at .conf 2025

At its recent Splunk .conf25 in Boston, Cisco unveiled a comprehensive suite of AI-powered enhancements across its recently acquired Splunk portfolio, showing significant progress in integrating the two companies’ technologies.

The announcements centered on three core themes: agentic AI automation, unified data architectures, and enhanced observability capabilities.

Key launches included the Cisco Data Fabric architecture, AI-powered security operations capabilities, and advanced observability tools designed for AI-era workloads.

The event showed Cisco’s most substantive effort to date in positioning Splunk as the connective tissue for its broader infrastructure portfolio, while introducing AI agents that automate routine operational tasks across security, observability, and data management functions.

Let’s look at what Cisco announced.

Cisco Data Fabric

Cisco introduced its Cisco Data Fabric as a unified architecture built on Splunk Enterprise and Cloud Platform, specifically targeting machine data management challenges. The architecture addresses four primary domains: edge data processing, cloud workload connectivity, hybrid environment bridging, and unified machine data management.

Core technical capabilities include intelligent edge data filtering and shaping before transmission, federated search across Amazon S3, Snowflake, and Microsoft Azure platforms, and cross-domain real-time analysis without requiring data movement.

Cisco plans to introduce a time series foundation model in November 2025, hosted on Hugging Face, which will enable advanced anomaly detection and forecasting capabilities.The architecture incorporates the Splunk AI Toolkit (formerly Machine Learning Toolkit) and introduces Splunk Machine Data Lake as a persistent, AI-ready foundation for both model training and enterprise analytics.

The Cisco AI Canvas integration, scheduled for 2026, will provide a collaborative workspace that Cisco describes as a “virtual war room” for cross-functional teams.

Enhanced Security Operations Platform

Cisco has restructured its Splunk Enterprise Security offering into two editions: the Essentials Edition combines Enterprise Security 8.2 with AI Assistant, while the Premier Edition adds Splunk SOAR, UEBA, and additional AI capabilities.

The company introduced several AI-powered agents scheduled for 2026 release, including a Triage Agent for alert prioritization, a Malware Reversal Agent for code analysis, and AI Playbook Authoring for natural language workflow creation.

Integration with Cisco’s broader security portfolio includes Isovalent eBPF runtime security for granular workload visibility and federated firewall data analysis through Security Analytics and Logging (SAL).

Cisco claims these integrations will reduce investigation time from hours to minutes, though specific performance metrics were not provided.

AI-Era Observability Enhancements

Cisco’s update to its observability portfolio includes AI Troubleshooting Agents across Splunk Observability Cloud and AppDynamics, along with Event iQ for automated alert correlation in IT Service Intelligence.

New capabilities include AI Agent Monitoring for LLM performance tracking, AI Infrastructure Monitoring for resource consumption oversight, and Business Insights correlation for application performance impact assessment.

Cisco also announced deeper integration between Splunk AppDynamics, Observability Cloud, and ThousandEyes, including a new OpenTelemetry-based AppDynamics agent that enables data collection for either platform.

The company introduced Session Replay capabilities for both browser and mobile environments, and Real User Monitoring integration with ThousandEyes for network performance correlation.

Competitive Outlook & Advice to IT Buyers

Cisco’s emphasis on agentic AI across its announcements positions it against both traditional observability vendors like Dynatrace and Datadog, as well as emerging AI operations platforms.

Meanwhile, the integration of security, observability, and data management under a unified AI-powered framework creates potential competitive advantage for Cisco, particularly among customers seeking consolidated vendor relationships.

But can Cisco really provide best-of-breed capabilities across categories (like observability), or is its value more the result of a unified set of offerings from a single vendor?

Let’s take a deeper look at that complex question…

This section is only available to NAND Research clients and IT Advisory Members. Please reach out to [email protected] to learn more.

Analysis

Eighteen months after Cisco’s $28 billion acquisition of Splunk, announcements from Splunk .conf offer substantial evidence of meaningful technical integration between the two companies’ portfolios.

Cisco’s comprehensive approach spanning security, observability, and data management creates potential for meaningful differentiation in an increasingly crowded market. It does so while addressing a historical weakness in the company’s platform strategy, where individual products operated largely independently despite common branding.

The emphasis on agentic AI automation across all product categories aligns with the broader industry philosophy that traditional manual operational approaches cannot scale to meet the complexity and volume demands of AI-era infrastructure.

The success of this strategy, however, will ultimately depend on the practical effectiveness of these AI capabilities in production environments and Cisco’s ability to execute on an ambitious multi-year roadmap.

The integration of Splunk into Cisco’s broader portfolio is progressing well, with clear evidence of technical convergence rather than simple product bundling.

Cisco’s vision for the Splunk acquisition is beginning to crystallize into tangible market advantages. The company has successfully preserved Splunk’s innovative culture while leveraging its extensive network infrastructure expertise to create genuinely differentiated capabilities.

By combining Splunk’s data analytics leadership with Cisco’s deep enterprise relationships and comprehensive technology portfolio, Cisco establishes a unified operational intelligence platform that addresses the full spectrum of enterprise AI challenges.

The convergence of networking, security, and data analytics expertise will allow Cisco to capture value in the expanding AI infrastructure market, where enterprises increasingly seek integrated solutions from trusted vendors capable of supporting mission-critical workloads at enterprise scale.

Related Research

Picture of Steve McDowell

Steve McDowell

Steve McDowell is Principal Analyst and founder of NAND Research. Steve covers all things enterprise infrastructure, with a particular emphasis on data and storage .

Disclosure: The author is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Leave a Reply

Your email address will not be published. Required fields are marked *