AI Agents Meet Machine Data: What .conf25 Means for Ops
At Splunk .conf25, leaders put a clear stake in the ground: AI agent-assisted operations are here, and machine data plus observability are the control plane. Cisco President and Chief Product Officer Jeetu Patel called Splunk "the machine data fabric for the AI era," tying together Cisco's new Data Fabric, an upcoming time-series foundation model, and an AI Canvas workspace. The goal is simple: speed up response across domains while keeping trust and human oversight intact. The message to Ops teams landed: keep AI under tight governance, bring Splunk to where data already lives, and use agents to cut toil without giving up control.
From chatbots to intelligent agents
The next wave of AI isn't chat-it's agents that execute multi-step workflows across ITOps, SecOps, and NetOps. Cisco and Splunk are closing gaps in infrastructure, trust, and data by pairing networking and data-center backbone with AI observability and a platform that reads machine data natively. A key move: federating data across stores like Amazon S3 to Snowflake (alpha targeted for February 2026), so teams can join business context with Splunk telemetry without huge migrations. In a live demo, AI Canvas drove an end-to-end insider threat investigation and produced a full report-an example of agentic operations that compress time-to-answer.
Elevate signals over noise
Real-time views and risk-based analytics are changing outcomes. The U.K. Royal Air Force piped network data into Splunk and rolled out IT Service Intelligence, replacing static daily reports with a live dashboard. Results: a five-fold boost in mean time to detection, seven systems consolidated into one, and fewer tickets and calls as issues were fixed proactively. Insider threat sessions reinforced the value of catching weak signals early; Splunk Enterprise Security flagged subtle behavioral drift, and UBA methods even helped prevent a potential self-harm incident. Learn more about IT Service Intelligence.
State, local, and education wins
Ops leaders brought receipts. New Jersey's Labor Department stood up a Splunk-based fraud dashboard that automated mainframe checks and used risk-based alerting-saving "tens, probably hundreds of thousands" per day at launch and nearing $8B to date. Universities like LSU and NJIT integrated students into 24/7 SOCs, cutting costs and building a skilled pipeline with real incident experience. Alaska Airlines showed how to justify observability by linking outages directly to lost revenue and safety exposure-an approach any mission-centric agency can adapt.
What to do next
- Federate, don't migrate: Start with the highest-value questions. Join business context with telemetry via distributed queries, and prep for Snowflake federation testing in early 2026.
- Treat AI as a first-class service: Instrument agent observability-quality, drift, and token economics-into SLOs, runbooks, and incident response.
- Run on risk stories: Pair live service health with UBA-driven indicators so leaders spot small anomalies before they become major incidents.
- Build the talent pipeline: Use student-professional staffing models for SOC coverage to control budgets and speed hiring.
Guardrails, proximity, and signal-to-action
The playbook is clear: set strong AI guardrails, bring search and analytics to the data, and translate noise into decisions. Agencies that do this cut detection time, prove business value, and strengthen resilience-without removing humans from the loop. For governance guidance, see the NIST AI Risk Management Framework. If you're building Ops-ready skills for these workflows, explore role-based AI upskilling here: Complete AI Training: Courses by Job.
Your membership also unlocks:
