At Splunk’s .conf25, the energy and enthusiasm of the community were matched by a series of innovation and announcements from Cisco and Splunk leaders. The overarching theme was clear: we are entering an agentic AI era, where machine data, observability, and security converge to help organizations build digital resilience at scale.
Setting the Stage: A Community at the Center
Kamal Hathi, Cisco’s EVP and GM of Splunk, opened by emphasizing the importance, scale, and impact of the Splunk community, responsible for protecting national infrastructures, powering global commerce, and enabling critical services. The numbers are staggering: 2.6 exabytes of data ingested annually and 300 billion searches. This scale reinforces Splunk’s position as the backbone of digital operations.
Jeetu Patel, Cisco’s President and Chief Product Officer, framed the moment in history. He described the transition from the first era of AI, withchatbots and productivity tools, to the second era of AI, where autonomous agents perform tasks persistently and continuously. This shift, Patel argued, could increase global throughput capacity tenfold, but only if organizations can overcome three barriers:
- Infrastructure constraints: the need for scalable compute, power, and networking.
- Trust deficit: ensuring visibility, security, and reliability of AI systems.
- Data gap: moving beyond human-generated data to harness machine-generated data (metrics, logs, telemetry).
Cisco and Splunk’s strategy is aimed squarely at addressing these challenges.
Cisco is keeping the innovation train rolling at Splunk, discussing several recent announcements and introducing a number of new ones. They included:
1. Cisco Data Fabric: Cisco discussed an innovative architectural approach designed to unlock the value of machine data for AI that enables federated analytics across multiple data stores (Splunk, AWS S3, Snowflake, Azure, Cisco telemetry), eliminating the need to move all data into a central repository. By “bringing Splunk to the data” instead of ingesting everything, organizations reduce cost, gain flexibility, and can correlate insights across business and machine data in real time. This is foundational for AI-driven operations at scale.
2. Machine Data GPT: This includes both a times series foundation model that will be open sourced on Hugging Face later this year and a purpose-built machine data lake for AI training on enterprise machine data. that aim to teach AI to speak machine data. Together, these allow enterprises to create domain-specific “Machine GPTs” that can detect anomalies, predict failures, and anticipate future issues by combining machine-generated telemetry with structured and unstructured data.
3. AgenticOps with AI Canvas: Cisco extended its AgenticOps vision by announcing that AI Canvas would be embedded into Splunk. This integration will let operators and AI agents collaborate in real time to investigate and resolve incidents, including via multiplayer troubleshooting and automated incident reporting. This technology has the potential to redefine IT and security operations, compressing investigation and remediation time while making advanced analysis accessible through natural language rather than complex query languages. There is a waiting list of companies looking to evaluate this technology when its available next month.
4. Free Ingestion of Cisco Firewall Logs: Cisco announced to the Splunk audience that ingestion of firewall logs into Splunk is now free. (Note this was previously announced at Cisco Live US). Firewall data accounts for up to half of a typical SOC’s log volume. Eliminating ingestion cost reduces barriers for security teams and reinforces Cisco’s intent to integrate its infrastructure deeply with Splunk analytics.
5. Agentic Observability: Splunk introduced agentic observability, an AI-driven approach to monitoring and remediation. AI agents proactively detect anomalies, troubleshoot across full-stack telemetry, and even remediate before users notice an issue. It also introduces AI agent monitoring to track agent behavior and ensure trust. As enterprises adopt AI-generated code and deploy AI agents themselves, observability must evolve to span not just apps and infrastructure, but AI models and agents. This positions Splunk as essential to ensuring AI systems remain reliable and secure.
6. Enterprise Security 8.2 and Agentic SOC: On the security side, Splunk announced Enterprise Security 8.2 with Essentials and Premier editions, integrating SIEM and SOAR more tightly. New capabilities include a new AI triage agent to automatically investigate alerts and a Detection Studio (powered by SnapAttack) to help security teams manage detections and coverage. Security operations are overwhelmed by alarm storms and skills shortages. Embedding AI directly into the SOC should help to simplify analyst workflows, speed investigations, and improve resilience against AI-driven attacks.
Cool Customer Demo: Ford Motor Company
A highlight of the keynotes was a demo of Ford’s environment, which is leveraging Cisco and Splunk to unify telemetry across 65 manufacturing plants and 500,000 connected vehicles. By analyzing machine data at scale, Ford can detect welding defects, predict machine failures, and ensure production continuity, ultimately improving customer experience.
Our ANGLE
The announcements at .conf25 reinforce Cisco’s ambition to be the critical infrastructure provider for the AI era. By combining Cisco’s networking and security telemetry with Splunk’s machine data platform, the company is positioning itself as the trusted partner for organizations seeking resilience in a world increasingly run by AI agents. The good news is that this integration does not appear to be impacting the Splunk culture and community, in fact, Kamal highlighted there is renewed energy and excitement as Splunk as new capabilities from the integration are brought to market.
Three themes stand out:
- Resilience as a Data Problem: Digital resilience now hinges on correlating machine data at unprecedented scale and speed. Cisco and Splunk are offering architectures and models purpose-built for this.
- Agentic AI Comes to Operations: With AgenticOps and AI Canvas, the vision of self-driving IT and security operations is becoming concrete.
- Open, Federated Data Strategy: By enabling federation across cloud platforms and data lakes, Cisco and Splunk are addressing the cost and complexity barriers that have plagued large-scale observability and security deployments.
Looking forward to seeing the continued innovation at Cisco and Splunk and the value it brings to its customer, especially with the adoption of AgenticOps. Hope you enjoyed the show, see you next year in Denver for .conf26!
