Search
Back to: All AI News AI News News Operations News

Cisco-Splunk at Splunk .conf25: Data Fabric, Agentic AI, and What Analysts Want Next

Cisco + Splunk move from slides to shipping at .conf25: Data Fabric, agentic AI for observability, and ES 8.2 SOC (Essentials/Premier). Plus AI Canvas and Snowflake federation.

Categorized in: AI News Operations
Published on: Sep 20, 2025
Become an AI Expert today
Cisco-Splunk at Splunk .conf25: Data Fabric, Agentic AI, and What Analysts Want Next

SPLUNK .conf25: What Cisco + Splunk Means for Operations

Cisco closed its $28B acquisition of Splunk in March 2024. At Splunk .conf25 in Boston, the companies showed how the integration is moving from slideware to shipping features.

Highlights: the new Cisco Data Fabric for in-place data access and custom AI models on proprietary machine data, an agentic AI-native approach to Splunk Observability, and two agentic AI-powered SOC options in Splunk Enterprise Security 8.2: Essentials and Premier.

What's New and Why It Matters

Cisco Data Fabric: Unifies machine data for AI, observability, and security without forcing data movement. Ops teams get to keep data where it lives and let Splunk query what it needs, which can reduce cost and complexity.

Agentic AI Observability: An AI-native approach meant to speed issue detection and reduce toil across telemetry, triage, and remediation. The goal: tighter MTTR with fewer manual hops.

SOC upgrades (ES 8.2): Two editions. Essentials combines Splunk Enterprise Security 8.2 with Splunk AI Assistant to help run agentic SOC workflows. Premier layers in SIEM, AI Assistant, SOAR, UBA, and threat intel management for teams ready for deeper automation.

Collaboration via Cisco AI Canvas: Splunk Cloud Platform integrates with Cisco AI Canvas. It adds an AI agent to orchestrate analysis workflows and a shared workspace. It augments, not replaces, Splunk's operational dashboards.

Open ecosystem: Federated search with Snowflake underscores an emphasis on pulling insights across hybrid and multicloud estates without centralizing everything first.

Analyst Takeaways Ops Should Care About

Matt Eastwood (IDC): Splunk remains strategic and distinct under Cisco, which matters for roadmap confidence. Data Fabric gives partners and ops teams a way to unify machine data for AI, observability, and security. Agentic AI in the SOC targets triage, detection, and remediation-useful where skills are tight. Openness (e.g., Snowflake federation) is a key enabler for hybrid environments.

Zeus Kerravala (ZK Research): Data Fabric can simplify and lower the cost of using Splunk by keeping data in place. Partners can build services around data management, a top blocker for AI initiatives. AI Canvas complements Splunk for cross-team incidents. Agentic ops can provide 24x7 coverage while reducing manual effort like log digging and documentation.

Allie Mellen (Forrester): ES Essentials suits teams not ready for full SOAR/UBA but wanting the ES experience plus AI assistance. ES Premier adds SOAR, UBA, and threat intel for mature teams. Detection Studio (from SnapAttack) is slated for Jan 2026, bringing detection-as-code practices like version control and deeper visibility for detection engineers.

Katie Norton (IDC): There's a gap to connect observability with application-layer vulnerability signals. Surfacing exposure alongside performance would help Ops and Security share a single view of reliability and risk.

What This Means for Operations Leaders

  • Data strategy: Decide where federation beats centralization. Inventory data locations, residency constraints, and query patterns. Use Data Fabric to reduce movement and optimize cost.
  • SOC workflow modernization: Pick ES Essentials vs Premier based on automation appetite. Define agentic runbooks, escalation paths, and rollback plans.
  • AI in observability: Set guardrails. Clarify where AI can act vs suggest, align with SLOs and error budgets, and monitor drift.
  • Cross-domain incidents: Pair Splunk dashboards with AI Canvas for security, networking, and app teams to work the same incident in one flow.
  • Open data posture: Plan federated search with Snowflake and other sources. Tighten governance, masking, and lineage before scaling.
  • Partner motions (for MSPs): Package data fabric enablement, detection engineering-as-code, and AI policy/governance as services.

Implementation Checklist

  • Pilot Cisco Data Fabric on a high-value service. Track ingest savings, query latency, and impact on SLOs.
  • Map your top 20 detections and runbooks to agentic actions. Define approvals, guardrails, and clear rollback.
  • Update RBAC and auditing for AI-driven actions. Add version control for detections to prepare for Detection Studio.
  • Enable ES 8.2 features and Splunk AI Assistant and train teams. If you need structured upskilling by role, see AI courses by job.
  • Stand up a federated search POC with Snowflake. Resolve data residency and compliance early.
  • Build a cost model. Press vendors for pricing and consumption details across Data Fabric, ES editions, and AI Canvas integration.

Open Questions to Push Vendors On

  • Pricing and consumption: Data Fabric, ES Essentials/Premier, and the AI Canvas integration. What changes for MSP resale?
  • Detection Studio scope and CI/CD integration. How will versioning, testing, and promotion work across environments?
  • Application-layer vulnerability signals in observability. What's the timeline to combine performance and risk natively?
  • Controls for agentic operations: cross-tenant governance for MSPs, auditability, and fail-safe mechanisms.

Useful Links


AI Rewrites IT Operations Careers: Faster Growth, Hybrid Roles, New Paths to Leadership

AI Rewrites IT Operations Careers: Faster Growth, Hybrid Roles, New Paths to Leadership
AI News Operations
Sep 19, 2025