Digital Resilience By Design: Seamless Troubleshooting Across Splunk & Cisco

Tech stacks sure don’t look like they used to, just like how Digital Resilience is no longer just about uptime or shielding you from problems. It's about adapting in record time to sprawling, dynamically changing environments with more data, more AI, and more risk than ever before.

From safeguarding AI systems to assuring performance at the edge, organizations need to secure, observe, and act on data with precision and speed. But the challenge isn’t just volume — it’s complexity. Data lives everywhere, constantly shifting, and that’s why Cisco and Splunk are aligned behind a unified vision: Digital resilience is a data problem. And solving it means rethinking how data is collected, correlated, and acted upon across domains – security, observability, networking, and AI. Our innovations deliver new capabilities across the full Splunk portfolio.

Observability for AI

AI introduces new moving parts, and with them new sophistication and blind spots. But AI doesn’t have to add complexity – Splunk Observability’s new, purpose-built visibility into modern AI stacks help teams stay in control and focused on innovation, instead of yet-to-be-determined problems.

At Cisco Live in San Diego, we announced the following innovations:

• Monitoring for AI Infrastructure in Observability Cloud (Preview): Provides real-time component monitoring of AI-orchestrators, vector databases, app platforms, cloud model platforms, base language models and model computation infrastructure, so teams can manage performance and scale of their GenAI platforms.
  
• Trace-level Integration for AI-enabled Apps in Observability Cloud (Preview)​: LLM service monitoring provides deep visibility into all AI-application transactions, so you can understand which ones are healthy, the root causes of performance problems, and attain your service level objectives.
  
• AppDynamics LLM Monitoring (Preview): Monitor GPU infrastructure, LangChain orchestration, and vector database performance – and correlate with AppDynamics and Splunk APM for complete model-aware observability.

AI in Observability

While Observability for AI shows you how models perform, AI in Observability helps you operate smarter. From dynamic anomaly detection, to intelligent root cause analysis and natural language-driven troubleshooting, Splunk Observability has embedded AI throughout our incident response processes to help our customers turn telemetry into answers, and alerts into action.

At Cisco Live in San Diego, we announced the following innovations: 

• AppDynamics Anomaly Detection for Databases: Automatically surface database anomalies before they impact Business Transactions. ML-powered detection requires no manual configuration or manual thresholds to auto-detect and alert on Calls per minute (CPM), Number of connections, and Time spent in execution metrics. Tunable AI-driven alerting allows you to set model sensitivity to meet business needs and reduce noise. 
  
• AppDynamics Root Cause Analysis (RCA) for Infrastructure: Automatically identify and pinpoint the root cause of infrastructure degradation impacting app performance.  Empower every team, from platform engineers to junior SREs with recommendations to resolve problems faster.
  
• AppDynamics VA (On-Prem) – Automated Transaction Diagnostics: AI-powered analysis contextually examines hundreds of transaction snapshots to surface anomalies, and makes it easier to reduce MTTR across on-prem workloads.
  
• Splunk ITSI’s EventIQ: AI-driven alert correlation helps ITOps teams dynamically filter out noise, group related events, and highlight critical incidents that require immediate attention. With the ability to dynamically infer interesting fields, further configure event correlation conditions and plain-text explainability, it’s now easier and faster for teams to focus on what matters the most.

Don’t forget — experience your observability data in a new, less querysome way, with Splunk’s recently released AI Assistant in Observability Cloud: Powered by agentic AI technology, the AI Assistant in Observability Cloud is ready to help answer questions about your cloud application and infrastructure. Type in your prompts and the AI Assistant will analyze your logs, metrics, and trace data in seconds, surface key insights about potential root causes or performing gaps, and provide suggested actions to troubleshoot IT incidents. This AI Assistant is available in select realms in the US, Australia, and Europe.

Get more details here, and check out how you can use the AI Assistant to debug problems in Kubernetes more quickly.

Unified Observability Experience

Too often, teams juggle tools and dashboards when tracking down issues across hybrid workloads. What’s missing isn’t just data — it’s their approach at bridging old and new visibility, workflows, and processes. With the ever growing alignment between AppDynamics and Observability Cloud, teams can now experience seamless troubleshooting across three-tier and microservice environments alike.

At Cisco Live in San Diego, we announced the following innovations:

• Unified Observability Experience: Splunk Observability Cloud and Splunk AppDynamics provide a seamless troubleshooting experience, reducing complexity and streamlining root cause analysis for teams managing both modern and legacy workloads in three-tier & microservice environments.
• AppDynamics DEM Session Replay: Access a detailed, visual replay of real customer actions correlated with comprehensive performance metrics to reveal how user behavior impacts web & mobile applications, and contributes to issues. This feature empowers teams to troubleshoot hard-to-reproduce issues, optimize user journeys, and gain actionable insights into both user experience and security events.

Correlated Network Visibility with IT Service & Business Health

Performance issues rarely live in isolation. A user-facing slowdown could just as easily stem from a congested network path as it could from a sluggish backend service. Today’s environments demand insight into how infrastructure and IT services connect, and need visibility in a way that doesn’t just show degradation, but why it matters to the business, and how to fix it. With deeper integrations across Cisco ThousandEyes, Catalyst Center, and Meraki — correlated inside ITSI — Splunk is making it even easier and faster to identify root cause of network related service degradation. 

At Cisco Live in San Diego, we announced the following innovations:

• Splunk ITSI Content Pack for ThousandEyes: The new ThousandEyes integration brings together events, alerts and metrics data from ThousandEyes into ITSI. This helps identify problematic network and app synthetic tests, accelerate troubleshooting and understand services contributing to the business’ health.
• Splunk ITSI Content Pack for Enterprise Networks: Expand observability across your hybrid network environments with deep visibility into campus and branch networks via Catalyst Center managed device and interface health, and Meraki-managed infrastructure (including switches, gateways, and access points) – all correlated with IT service metrics to identify the most business-critical network issues, pinpoint root cause and restore services quickly.
• Splunk Observability Cloud integration with ThousandEyes: Network and application engineering teams now gain unified visibility across Splunk Observability Cloud and ThousandEyes, to quickly understand if issues are stemming from poor app or network performance, reducing finger-pointing and improving collaboration to solve issues faster.

Reimagine Security Operations

As security challenges become more complex, organizations need integrated solutions that enhance visibility, accelerate detection, and streamline response. Advancements between Cisco and Splunk strengthen interoperability across key security workflows. By unifying and enriching data across platforms, these enhancements help security teams respond faster, reduce manual effort, and extract greater value from their security operations. This expanded functionality includes:

• Surface Insights from Cisco Secure Firewall data in Splunk (coming soon): Customers using Cisco Secure Firewall will be able to unlock deeper insights within Splunk by integrating firewall log data. This enables advanced detections, streamlines investigation workflows, and helps security teams maximize the value of their Cisco and Splunk investments.
  
• Expanded Threat Detection, Investigation and Response (TDIR) Coverage with Enhanced Detection Integrations for Cisco Firepower Threat Defense (FTD): The Cisco Security Cloud App for Splunk now delivers deeper support for Cisco FTD, enabling enriched correlation and detection content aligned to TDIR workflows. Combined with telemetry from Cisco AI Defense, Cisco XDR, Cisco Multicloud Defense, Cisco Talos, and other sources, Splunk accelerates detection use cases across hybrid environments.
  
• Streamlined TDIR with Security Orchestration, Automation and Response (SOAR) integrations for Cisco Secure Firewall: Expanded SOAR integrations now include Cisco Secure Firewall-specific actions to support containment and response within TDIR workflows. This is in addition to the currently available Cisco Talos Threat Intel integration. Playbooks can automatically isolate hosts, block outbound connections, and apply policy controls, reducing manual effort and accelerating resolution.
  
• Connected Application Risk Signals from Splunk AppDynamics: By forwarding Secure Application events into Splunk, security teams gain visibility into application-layer vulnerabilities and threats, helping to contextualize findings within broader business risk.
  
• Expand the SOC Workflow Experience with Splunk Enterprise Security 8.1: Simplify SecOps with an integrated workflow experience to fuel operational efficiency. This powerful Splunk Enterprise Security 8.1 release provides expanded availability on FedRAMP and Azure, SOAR pairing improvements, and workflow enhancements for greater flexibility and scale to power the SOC of the future.
  
• Transform Security Automation with Splunk SOAR 6.4: Splunk SOAR's latest updates in the 6.4 release enhance guided automation, playbook design, code efficiency with custom scripts, and app interaction, revolutionizing your security operations speed and efficiency.

Looking Ahead: Digital Resilience By Design

Your data is only as powerful as your ability to manage and activate it. With the announcement of Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0, organizations gain enhanced security with FIPS 140-3 compliance, modern encryption protocols, and updates to critical components like Python and OpenSSL, reducing operational overhead and safeguarding sensitive data. For customers who need stronger cyber-preparedness to reduce the potential attack surface, prevent unauthorized data access, and protect sensitive data, Splunk 10 is the hallmark of digital resilience.

Together, Cisco and Splunk are delivering resilience by design – from the data fabric to the edge, from LLM security to infrastructure insights. With AI powering every layer of the stack—and the tools to secure and observe it all – we’re helping organizations stay ahead of disruption, complexity, and risk.

Our innovations represent more than individual product updates, they reflect the growing convergence across Cisco and Splunk. Where data moves seamlessly across domains, AI is embedded into every workflow, and security, observability, and networking converge into a unified troubleshooting experience for faster, smarter digital resilience.