Two years after Cisco announced its acquisition of Splunk, the question of what would become of the latter still lingered. At .conf25 in Boston last week, executives from both companies provided clearer answers, outlining how Splunk will remain central to Cisco’s strategy, with new initiatives in agentic AI, expanded data partnerships, and efforts aimed at using machine data at scale.
“We want to invest in the Splunk brand and make sure that we actually flourish that brand,” shared Jeetu Patel, President and Chief Product Officer, Cisco.
APAC push
In the Asia-Pacific market, Patel said Cisco’s acquisition of Splunk has allowed teams to work together in regions where the company previously had less presence.
“What you’re starting to see is more platform sales. We’re seeing large deals where customers went to competitors, those competitors failed them, and they returned to us. That’s beginning to happen more often. With the partner ecosystem in APJC, this year we expect a significant push to get partners up to speed on Splunk,” he said.
Cisco is also planning major investments in India, citing the country’s economic growth.
“Over the past seven to eight years, there has been a fundamental shift in that country. Within a couple of years, its GDP is expected to make it the world’s third-largest economy. India is one of our top growth markets, and that will continue as opportunities for Splunk expand there,” Patel said.
He added that Cisco already has a large footprint in India, while Splunk did not, making the combination of the two particularly relevant in that market.
Enhancing machine data
With AI enabling cybercriminals to launch attacks faster, more easily, and at scale, organisations need to respond at machine speed rather than human speed. This, according to Patel, was one of the drivers behind Cisco’s decision to join forces with Splunk.
“You have to assume the attacker has already infiltrated your system. The real goal is to prevent lateral movement. For example, if someone wants to steal credit card data, they don’t go straight to the source. They might start with a phishing email, lie dormant for a while, then move from one system to another until they reach their target,” he explained.
To address this challenge, Cisco introduced the Cisco Data Fabric, an architecture built on the Splunk platform to process machine data with AI. It focuses on lowering the cost and complexity of managing data at scale and on applying it to tasks such as training custom models, running agentic workflows, and combining machine and business data for analysis.
“Over the last couple of years, the industry has done a pretty good job of training AI models with human-generated data, whether it’s text, images, or video. Where it hasn’t kept pace is in training models on machine-generated data: metrics, events, logs, traces, and other telemetry,” Patel observed.
The Cisco Data Fabric includes the Time Series Foundation Model, designed for pattern analysis and temporal reasoning on time series data. It can be applied to anomaly detection, forecasting, and automated root cause analysis across the architecture. The model will be listed on Hugging Face in November.
“Time series models, especially at the foundation level, aren’t very common. We started with an open-source model tuned more for sensors than for application or network data. That became the basis. We then applied the volume of data needed for this type of training and tuned the models using sensor and physical data, as well as application, network, and security logs,” said Kamal Hathi, SVP and GM of Splunk.
Hathi said the Time Series Foundation Model is intended to help organisations make use of proprietary data for AI.
The Data Fabric will also include the Cisco AI Canvas, which lets an AI agent coordinate analysis workflows and provides a shared workspace for teams. It’s meant to support groups in identifying issues, working together in real time, and responding more quickly.
Also announced at .conf25 was Splunk Federated Search for Snowflake, a Splunk Platform integration that lets organisations connect, query, and combine operational and business data across Splunk and Snowflake environments. For Splunk Cloud AWS commercial customers, Federated Search for Snowflake will become generally available worldwide in July 2026.
“You’ll be able to query Snowflake’s business data directly from within your Splunk interface, and then combine it with Splunk data. It means you can bring your information together without moving it into a single repository,” Patel said.
Agentic AI for security
Cisco also turned to security operations centres, introducing agentic AI features aimed at addressing issues such as alert fatigue, limited staff, and constant firefighting. Among these is the integration of Isovalent Runtime Security (eBPF) into Splunk, which provides workload-level visibility to help detect potential breaches and infrastructure anomalies.
Another update, Federated Cisco Firewall Data, links Splunk Cloud Platform’s Federated Search for Amazon S3 with Security Analytics and Logging (SAL). This allows analysts to run security queries on firewall logs stored in SAL directly from Splunk Cloud Platform without first ingesting the data.
Cisco also introduced two AI agents for security. The Triage Agent reviews, prioritises, and explains alerts, even in rare or low-volume cases. The Malware Reversal Agent analyses malicious scripts line by line, extracts indicators of compromise, highlights evasion techniques, and groups recurring behaviours.
Agentic AI for observability
Also during .conf25, Cisco highlighted new agentic AI features in Splunk Observability. The updates bring together data from different environments and use AI agents across the full incident response lifecycle, with monitoring of both performance and quality.
One addition is AI Troubleshooting Agents, available in Splunk Observability Cloud and Splunk AppDynamics. They review incidents and surface potential root causes.
There is also a focus on observability for AI itself. The AI Agent Monitoring capability tracks the quality, security, and cost of LLMs and AI agents to check whether models are working as intended and at acceptable cost.
“Whenever there’s an incident, the first question is usually, ‘Is it a denial-of-service attack? Did someone hack the network?’ In almost every case, 99.99% of the time, it turns out to be something else such as a misconfigured database or a cache overrun. Occasionally it’s a security issue. The difficulty is that the data sits in different tools and silos. What we’re doing is providing a correlated data platform that spans observability, networks, Cisco ThousandEyes, and both external and internal security, so teams can see the full picture,” Hathi explained.
Investing in innovation
Patel said one reason the combination of Cisco and Splunk has worked is that many leaders in the two companies already knew each other and had worked together in the past.
“When do these acquisitions fail? They fail for a few reasons. They fail when there’s a cultural mismatch. They fail when there isn’t product synergy. They fail when there’s product overlap. We didn’t face any of those,” he remarked.
Patel also gave a preview of how the products will evolve.
“As the products are integrated, you’ll see a common design system, a common platform, and a common way for them to exchange data. There will be a shared data platform across the company. All of those elements will be fully integrated. We will keep the Splunk brand, because it has strong equity in the market and there’s no reason to change that,” Patel said.
