Analyst(s): Fernando Montenegro, Mitch Ashley
Publication Date: September 26, 2025

What is Covered in this Article:

• Summary of main announcements from Splunk .conf25, including the introduction of the Cisco Data Fabric.
• Analysis of Splunk’s role as the foundational data plane for Cisco’s unified platform and security strategy.
• The strategic importance of machine data and the “AgenticOps” vision for the future of security and IT operations.
• Customer perspectives on AI adoption and the competitive positioning of the integrated Cisco and Splunk portfolio.
• Key questions and future considerations for the company’s integration roadmap and market execution.

The Event – Major Themes & Vendor Moves: Almost two years to the date that Cisco announced it was acquiring Splunk—the transaction would close approximately six months later, in March 2024—the company just wrapped up the second edition of Splunk’s famed .conf user event under the Cisco umbrella. The event in Boston is the centerpiece of the strong community of practitioners that Splunk has built over the years.

As is wont in 2025, the event was dominated by AI and its wide-ranging impact across technology. The strategic narrative at .conf25 framed Cisco as becoming the provider of “critical infrastructure for the AI era,” with Splunk serving as the foundational data and analytics layer for that infrastructure.

This vision was grounded in the event’s central announcement: the Cisco Data Fabric, powered by Splunk. Described as an evolution of the core Splunk platform, the Data Fabric is an architecture designed to manage the “ludicrous scale” of data generated by AI and modern environments. This will be achieved by an approach that increasingly supports federation of search, including with key partners such as Snowflake, AWS, and others to come, including Microsoft Azure.

Cisco’s positioning also calls out the untapped potential of training AI on machine-generated data. The core assertion from the keynote stage was that while the first wave of generative AI was trained on public, human-generated data, the next significant leap in enterprise value will come from training AI models on proprietary machine data: logs, metrics, events, and traces that organizations already produce in vast quantities. This positions Splunk’s historical strength in handling this data type as its primary differentiator in a crowded AI market. To highlight this, Splunk announced a new Machine Data Lake for AI training and a Time Series Foundation Model, which it plans to open-source.

The term “agentic” was also widely present and used throughout the event to describe a future where AI agents assist with and automate complex operational tasks in both security and observability.

Key product updates reinforced the “agentic” theme. In security, Splunk launched Enterprise Security 8.2, now available in “Essentials” and a new “Premier” edition that includes UEBA and SOAR capabilities. It also previewed an AI-powered “Triage Agent” for automating investigations and a new “Detection Studio” for advanced threat detection management. For observability, the company introduced new AI troubleshooting agents, Digital Experience Analytics (DEA) for user journey visibility, and deeper integration of AppDynamics features into the Observability Cloud.

There were numerous other announcements across the Splunk portfolio:

• Underscoring the “agentic” theme, Splunk showed how the AI Canvas that Cisco announced in June can be integrated into Splunk and offer workflow enhancements and seamless integration with Splunk Search.
• Splunk announced that its well-known Machine Learning Toolkit is now the Splunk AI Toolkit, and supports Splunk-hosted LLMs.
• For on-prem customers, a notable announcement was the availability of Edge Processor for Splunk 10, enabling data filtering and routing at the source to reduce ingestion load.
• Lastly, Cisco announced the free ingestion of its firewall logs into Splunk, a decision aimed at reducing security data costs and encouraging deeper integration within the combined ecosystem.

Splunk .conf25: Forging a Data Foundation for Cisco’s AgenticOps Vision

Analyst Take: Splunk’s .conf25 event can’t be analyzed in isolation. It must be seen in the context of Cisco’s ongoing corporate strategy to simplify its structure and execute a unified platform strategy under President and CPO Jeetu Patel. Under that lens, Cisco has clearly positioned Splunk as the central data and analytics foundation for the entire Cisco ecosystem and is starting to execute on the roadmap to implement this. Refreshingly, the customer plea to “not screw up Splunk” appears to have been internalized in this corporate transformation, including the preservation of the distinctive practitioner community.

The event positioned Splunk within Cisco’s vision for an “AgenticOps” era, where AI simplifies IT. This revealed a dual AI strategy: while Cisco develops its own models on its proprietary telemetry to improve its products, the Splunk Data Fabric is a key component designed to empower customers to build their own AI models on their own business and machine data.

The potential for deep integration is clearly evident in security. The announcements at .conf focused on a data-centric security operations strategy, with new capabilities for detection and investigation in Enterprise Security 8.2 and the upcoming AI Triage Agent. This strategy complements Cisco’s broader network-centric security offerings, suggesting a future where Splunk provides more sophisticated analytics and AI-driven automation, using its data access to detect threats that trigger automated enforcement actions across Cisco’s network fabric.

The Cisco Data Fabric is meant to enable this integrated vision. It is a direct response to customer challenges of data gravity and the high cost of central data ingestion. The architecture’s reliance on federation allows the platform to analyze and correlate different data types without costly duplication. This strategy is encouraged by commercial moves, such as the free ingestion of Cisco firewall logs, designed to lower barriers to adopting the integrated ecosystem.

Still, customer conversations at the event provided a reality check for this ambitious “agentic” vision. Practitioners expressed a “cautiously optimistic” view of AI agents, emphasizing that the journey from assistive tools to autonomous operations hinges on building trust. As one customer noted, a single failure from an AI can erode confidence for years, highlighting that adoption will require vendors to deliver exceptional accuracy and explainability. Other customers highlighted a gap between the new features on the platform and the reality that production deployments will require non-trivial upgrades to take advantage of them.

Cisco initially positioned Splunk as a security acquisition, aligning it closely with its own security portfolio. At .conf25, that narrow framing gave way to a broader perspective. Cisco described Splunk as a companion to its security lineup and a foundation for observability across the enterprise, bringing together data, telemetry, and analytics that serve network operations, IT operations, AIOps, and SecOps.

This widened view presents Splunk as a cross-functional observability platform rather than a single-purpose security tool. Cisco now highlights its role in correlating signals across infrastructure and applications, enabling operations teams to detect issues and automate responses in a unified way. The shift underscores a strategy to make Splunk a central part of Cisco’s overall data and operations portfolio, linking insights with security, networking, performance, resilience, and intelligence, with opportunities for observing customer experiences.

Ultimately, .conf25 clarified Splunk’s role as essential to the core of Cisco’s data strategy. Success will now depend on delivering the deep integrations promised. The growing overlap between security and IT use cases presents a significant opportunity, positioning the unified platform as a catalyst to potentially break down organizational silos. The long-term test will be connecting Splunk’s analytics to Cisco’s extensive enforcement portfolio.

What to Watch:

The strategic direction outlined at .conf25 was ambitious, but now come the challenges of execution and market reception. Integrating Splunk into the broader Cisco platform is likely a multi-year journey, and the company’s ability to deliver on its vision against a rapidly consolidating market will be critical. Several key questions remain:

• With several key offerings like the Snowflake integration alpha and the AI Triage Agent slated for release in the coming months, how effectively will the company meet its delivery timelines and demonstrate tangible value to early adopters?
• As AI use cases become more strategic, how will the Cisco Data Fabric, particularly through its federation with platforms like Snowflake, evolve to ingest and correlate business-level data, moving Splunk’s value proposition beyond core IT and security into broader business analytics?
• As competitors like Microsoft, Palo Alto Networks, and CrowdStrike continue to consolidate their own data and security platforms, how deeply and quickly will Splunk’s analytics be integrated with Cisco’s enforcement portfolio (e.g., Hypershield, AI Defense, and others) to create a compelling security platform?
• Cisco’s Data Fabric will likely prompt Splunk to reconsider its pricing model of data ingestion and long-term retention, shifting towards more federated or cross-product pricing. Potential changes could significantly disrupt customer budgets and workflows if the transition is not carefully planned and executed.

Splunk’s announcements from .conf can be found in the news section of its website.

Declaration of Generative AI and AI-assisted Technologies in the Writing Process: While preparing this work, the author used Google Gemini to summarize source material and assist with general editing. After using this service, the author reviewed and edited the content as needed. The author takes full responsibility for the publication’s content.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other insights from Futurum:

Cisco Builds Its Platform on the Tailwinds of Agentic AI and Secure Networking

Cisco Q4 FY 2025 Delivers Solid Growth With AI and Networking Tailwinds

Futurum Agentic AI Open Standards Report: 1H-2025

Image Credit: splunk

Author Information

Fernando Montenegro

Fernando Montenegro serves as the Vice President & Practice Lead for Cybersecurity & Resilience at The Futurum Group. In this role, he leads the development and execution of the Cybersecurity research agenda, working closely with the team to drive the practice's growth. His research focuses on addressing critical topics in modern cybersecurity. These include the multifaceted role of AI in cybersecurity, strategies for managing an ever-expanding attack surface, and the evolution of cybersecurity architectures toward more platform-oriented solutions.

Before joining The Futurum Group, Fernando held senior industry analyst roles at Omdia, S&P Global, and 451 Research. His career also includes diverse roles in customer support, security, IT operations, professional services, and sales engineering. He has worked with pioneering Internet Service Providers, established security vendors, and startups across North and South America.

Fernando holds a Bachelor’s degree in Computer Science from Universidade Federal do Rio Grande do Sul in Brazil and various industry certifications. Although he is originally from Brazil, he has been based in Toronto, Canada, for many years.

Mitch Ashley

Mitch Ashley is VP and Practice Lead of Software Lifecycle Engineering for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.

Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on futurumgroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.