SPLUNK .CONF25, Boston: So, just how is the integration of Splunk going under Cisco, which acquired the data observability vendor in March of 2024 for $28 billion?
Well, if you were here at the annual Splunk .conf25 user conference recently you would have heard plenty of corporate messages about how the two companies are working closely together to pair their technologies and deliver more capabilities to their customers.
Those cooperative efforts were demonstrated often here at the event as Splunk unveiled the new
Cisco Data Fabric, which will allow enterprises to build custom AI models using their own proprietary machine data, as well as its agentic AI-powered
Splunk Observability, an AI-native approach to observability to help customers improve their data operations.
Also announced were two new agentic AI-powered security operations center (SOC) options,
Splunk Enterprise Security Essentials Edition and Splunk Enterprise Security Premier Edition, which aim to help customers unify their security workflows across threat detection, investigation, and response (TDIR), according to Splunk. Both versions are part of the latest Splunk Enterprise Security 8.2 release.
What Did Analysts Think of All This?
That’s what we wanted to know at Splunk .conf 25, so we sat down with several to get their insights on Splunk’s latest innovations and expanded capabilities for its business customers since
Cisco’s $28 billion acquisition of the company in March of 2024.
Matt Eastwood, an analyst and senior vice president of IDC’s enterprise infrastructure and data center group, said he had his own questions for Splunk as he arrived for the event.
“A big one was whether Splunk would remain distinct under Cisco or become subsumed into a broader platform play” since the acquisition, said Eastwood. “The message here [from Splunk executives] was reassuring: Splunk is incredibly strategic to Cisco, and the brand and community remain critical.”
For channel partners, including MSPs, this touted Cisco-Splunk integration “stood out as the most important storyline,” said Eastwood. Contributing to that is the launch at the event of the Cisco Data Fabric, he added.
“It gives partners a new architecture to unify machine data for AI, observability, and security,” he said. “For MSPs and resellers, this means more opportunities to help customers break down silos, tap into previously underused machine-generated data, and deliver AI-driven resilience.”
Eastwood also said he was impressed with Splunk’s announcement of its agentic AI SOC vision, which will use agentic AI to provide automated triage, detection, and remediation to boost the capabilities of security teams. “That has clear implications for managed security providers facing skills shortages,” he said. “For partners, that translates into helping customers operationalize AI safely while also using AI-powered tools to make IT and security operations more efficient.”
Together, “the combination of Cisco infrastructure and Splunk analytics positions the ecosystem to deliver cross-domain value – from faster detection to improved uptime and reduced risk,” said Eastwood.
Also impressive, he said, was the amount of emphasis that Cisco and Splunk are putting on open ecosystems, including a
federated search announcement with Snowflake. “That openness will matter for partners who need to stitch together multiple data sources across customers’ hybrid and multicloud environments,” said Eastwood.
Another analyst at the conference,
Zeus Kerravala, founder of ZK Research, told ChannelE2E that he was most impressed at the event by the Cisco Data Fabric news because it will “dramatically simplify and lower the cost of using Splunk” for enterprises. “Companies have data scattered everywhere and, with Splunk, that typically required customers to move the data to Splunk. But with the data fabric, the data stays in place and Splunk gets what it needs to operate.”
For channel partners, the new capabilities with Splunk and the data fabric will be a boon, said Kerravala.
“Partners benefit as they can build services around how customers should be managing their data,” he said. “My research shows that outside of security, data management is the biggest inhibitor in moving forward with AI. Partners have an excellent opportunity to advise customers on how to manage data optimizing the performance of Cisco Data Fabric.”
Kerravala said he also likes that Splunk announced that its Splunk Cloud Platform will be integrated with Cisco AI Canvas. This addition provides an AI agent to orchestrate the analysis workflow and a workspace for team collaboration, according to Splunk.
“The AI Canvas integration into Splunk is interesting,” he said. “It is not designed to replace Splunk’s operational dashboard but to augment it. Splunk will still be used as the primary tool for the engineer but when there is a need to collaborate across teams, that is when AI Canvas is called upon. With AI, customers can no longer think of the various IT organizations, such as security and networking being siloed, rather AI requires a complete understanding of the stack and that is the strength of AI Canvas.”
The new product additions from Splunk and Cisco “have the ability to remove much of the heavy lifting that plagues IT today,” said Kerravala. “Looking through log files, creating documentation, etc., now this all can be automated. And for MSPs, agentic operations can be a game-changer as it allows them to have eyes on their customer environments 24x7 while reducing the number of people required” to do the work.
Allie Mellen, a security, risk and DevOps analyst with Forrester Research told ChannelE2E at the conference that her biggest takeaway from the event for channel partners and their customers were the company’s latest Splunk Enterprise Security versions. Splunk Enterprise Security Essentials Edition combines Splunk Enterprise Security 8.2 and Splunk AI Assistant in Security as well as SIEM and Splunk AI Assistant into a single product to help manage agentic AI SOC operations for enterprises. The related Splunk Enterprise Security Premier version includes SIEM, Splunk AI Assistant, SOAR, UBA, and threat intelligence management.
“This will be very useful for customers that do not want to go all-in with SOAR and UBA, but still want the Splunk Enterprise Security experience,” said Mellen.
Mellen said she is also intrigued by Splunk’s announcement of Detection Studio, which is based on Splunk’s acquisition in January of SnapAttack, which provides threat detection and engineering technology (TD/E). Detection Studio “will give detection engineers better visibility and understanding of their detections, including version control” when it is available to Splunk customers in January 2026, she said. “This will be a great feature for security teams that want to take a more detection-as-code oriented approach.”
Things Analysts Still Want to See From Splunk
Despite the intriguing additions in products and services that were announced at .conf25, two analysts said there are still some questions they would like to have answered by Splunk.
IDC’s Eastwood said that channel partners will want more clarity on pricing and consumption models as Cisco and Splunk deepen their integrations.
“That will determine how easily MSPs can package and resell these new AI-driven capabilities,” he said. “Also, I would like to see Splunk expand its partner enablement around observability, which is an area where competitors like Datadog and Dynatrace are already strong with cloud-native buyers.
“For partners, the Cisco plus Splunk combination promises tools that make customers more secure, more efficient, and better prepared for AI,” he said. “But the real test will be how quickly partners can bring these capabilities to market in simple, profitable ways.”
Another IDC analyst,
Katie Norton, who covers DevSecOps and software supply chain security, said she would like to see Splunk elevate and enhance how application vulnerabilities are represented within its observability platform.
“Today, Splunk provides strong visibility into infrastructure and operations, but there is an opportunity to better connect that with signals about application-layer risks,” said Norton. “Organizations increasingly want to understand not just whether their systems are available and performant, but also whether those applications are exposed to security issues that could compromise reliability or trust. By surfacing vulnerability insights alongside operational metrics, Splunk could help security and engineering teams share a common view of application health that balances performance, resilience, and risk.”