Splunk at Cisco Live: Building the Intelligence Layer for Trusted Agentic Operations

Today at Cisco Live, we’re advancing the intelligence layer enterprises need to run agentic AI at scale they can trust. These capabilities address the complexities of the agentic era by eliminating data silos, responding at machine speed with AI-first security and observability, and closing the trust gap in autonomous operations.

With expanded Federated Search coverage, teams can search and correlate distributed data sources from one interface, land machine data affordably, and promote only the data that matters, driving down costs and accelerating investigations creating up to 10x efficiency in cost and performance. Agent Builder in Splunk AI Toolkit democratizes agent creation with a no-code interface, so any team can build and deploy fully autonomous agents at scale. AI SRE in Splunk Observability Cloud delivers automatic root cause analysis and guided remediation for application and infrastructure performance. Also new, Splunk Agent Observability helps close the AI trust gap by giving enterprises visibility into whether their agents are behaving as intended across the entire development lifecycle.

Cross-Domain Insights at Massive Scale

Cisco Data Fabric powered by the Splunk Platform is the architecture that unifies Federated Search, Machine Data Lake, and integrated data capabilities into a single framework for managing data at scale. This unified data layer eliminates fragmented tools, data pipelines, and redundant storage. Teams now conduct cross-domain analysis, provide contextualized insights, and act when it matters, helping organizations control cost, preserve operational context, and drive high-impact outcomes.

• Federated Search expansions accelerate end-to-end investigations with a unified SPL2 language, enabling teams to search from a single console across S3, Azure Data Lake Gen2, Azure Blob, Azure Databricks, Snowflake, Delta Lake, and Iceberg. Cost and performance improvements of up to 10x are achieved, and storage costs are meaningfully reduced.
• Machine Data Lake offers turnkey, low-cost storage for retaining machine data at scale—ensuring data is context-rich, discoverable, actionable, and ready for AI-led reasoning. By intelligently filtering the data that matters most, it provides the cost-effective visibility and reliable foundation necessary to power modern security, observability, and AI operations.
• Agent Builder in Splunk AI Toolkit simplifies custom agent creation through a no-code interface, enabling teams across security and observability to build and deploy AI agents tailored to their specific operational workflows. Choose your model, connect your tools through MCP, deploy, and review agent activity. These agents are built and deployed natively in Splunk, supporting more secure, governed execution across the entire stack.

Additionally, Splunk Platform, Splunk ITSI and Splunk Observability Cloud are accessible in Cisco Cloud Control, giving teams a unified workflow across their full Cisco and Splunk ecosystems. For customers, this means significantly less tool sprawl, fewer dashboards to manage, and less context switching between environments. Teams and agents can investigate, act, and collaborate from a single, connected experience.

Responding at Machine Speed

Today’s cyber threats are moving faster than ever, and understanding their origin is imperative. Research from The Hidden Costs of Downtime reveals that 36% of security leaders misclassify a downtime incident as an IT issue, giving attackers a head start. The same research states that 98% of all tech executives confirm end-to-end visibility is critical for reducing incidents, highlighting the instrumental role observability plays in reducing downtime.

To proactively predict and remediate threats through shared data, Splunk is expanding intelligent context across security and observability so teams can detect problems earlier, accelerate response, and remediate before customers feel the impact.

For security operations, new agentic solutions and platform updates give teams faster, more automated coverage across the threat lifecycle:

• Agentic SOC capabilities span the full threat detection, investigation, and response lifecycle, helping security teams improve alert coverage, accelerate containment, and reduce manual effort.
• Splunk Enterprise Security Premier now includes Automated Threat Analysis with automated attack chain execution and FedRAMP Moderate certification.
• Splunk Enterprise Security Essentials adds Entity Insights and Entity Analytics to Exposure Analytics, providing enhanced visibility and actionable insights across discovered asset and user entities helping security teams expose risk before it escalates.
• Splunk Enterprise Security for AWS Security Hub Extended turns AWS Security findings into native Enterprise Security findings, helping security teams surface high-priority incidents in near real time, reduce manual parsing and alert noise, and lower mean time to detect.

For ITOps and engineering teams, new agentic capabilities will help teams reduce MTTR (mean-time-to-resolve) by accelerating detection, troubleshooting, and remediation, with less manual effort:

• AI SRE in Splunk Observability Cloud automatically identifies the probable root cause of an incident, builds a remediation plan, and walks teams through a step-by-step resolution path, significantly reducing MTTR.
• Splunk ITSI’s integration with AI Canvas breaks down silos so network and IT operations teams can accelerate troubleshooting and remediation. When an incident occurs, Splunk ITSI users can launch directly into AI Canvas - a collaborative workspace that unifies Splunk and Cisco telemetry.

These innovations are already resonating across public sector IT, where unified security and observability can transform how agencies manage risk.

Solving the AI Trust Gap

The rise of the agentic workforce is helping to automate and reimagine key business workflows. However, agentic AI also introduces new risks of inaccurate, low-quality agent behavior, resulting in flawed outputs. Organizations are also wrestling with how to control AI costs.

Today's organizations need the ability to ensure agents and models are behaving as intended, with guardrails to block harmful outputs and observability that provides governance and controls token costs. With Galileo’s AI observability and evaluation engineering platform integrated within Splunk Observability, we’re helping enterprises to solve the AI trust gap.

• Splunk Agent Observability, a new on-premises offering powered by Galileo, that evaluates, observes, and helps secure AI agents across their entire development lifecycle – minimizing inaccuracies, blocking harmful outputs, and controlling costs. Leveraging Luna-2, Galileo's small language models (SLMs) purpose-built for AI evaluation, Splunk Agent Observability enables low-latency, cost-effective evaluations that eliminate the need for sampling. This makes it economically possible for engineering teams to observe 100% of their agents without breaking budgets.

Looking Forward

Enterprises are still in the early innings of the agentic AI era. The strongest organizations are those investing now in the intelligence layer that helps them move fast without losing visibility or control. Research shows that organizations are focusing their AI budgets on high-impact areas, with 85% of technology leaders prioritizing AI-driven security automation and 65% investing in AI-powered observability to gain deeper, real-time insights into their digital ecosystems.

Splunk’s vision for the future is clear: to be the layer that turns machine data into trusted action, at any scale, across any environment.

Available Now:

• Federated Search for S3 and S3-based Iceberg and S3-based Delta Lake, enhancements to Splunk Enterprise Security Premier and Splunk Enterprise Security Essentials, and Splunk Enterprise Security for AWS Security Hub Extended are available now.
• Federated Search for Azure Data Lake Gen2, Azure Blob, Azure Databricks, and Delta Lake and Iceberg (both when ABS-based) are in controlled availability now.

Planned for This Summer and Fall:

• FedRAMP Moderate Certification will be generally available in Splunk Enterprise Security Premier in summer.
• Splunk Agent Observability in Splunk Observability, AI SRE in Splunk Observability Cloud, Machine Data Lake, and Agent Builder in Splunk AI Toolkit will be generally available in summer to fall.
• Federated Search for Snowflake, Azure Databricks, Azure Blob, Azure Data Lake Gen2, and Delta Lake and Iceberg (across all supported object stores) will be generally available in summer to fall.
• Splunk Platform, Splunk ITSI, and Splunk Observability Cloud will be available in Cisco Cloud Control through controlled availability in summer to fall.
• The Splunk ITSI integration with AI Canvas will be available in controlled availability in fall to winter.

^{This blog post may contain forward-looking statements regarding future events, plans or the expected financial performance of our company, including our expectations regarding our products, technology, strategy, customers, markets, acquisitions and investments. These statements reflect management’s current expectations, estimates and assumptions based on the information currently available to us. These forward-looking statements are not guarantees of future performance and involve significant risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from results, performance or achievements expressed or implied by the forward-looking statements contained in this blog post.}

^{For additional information about factors that could cause actual results to differ materially from those described in the forward-looking statements made in this presentation, please refer to our periodic reports and other filings with the SEC, including the risk factors identified in our most recent quarterly reports on Form 10-Q and annual reports on Form 10-K, copies of which may be obtained by visiting the Cisco Investor Relations website at investor.cisco.com or the SEC's website at www.sec.gov. The forward-looking statements made in this blog post are made as of the time and date of this blog post. If reviewed after the initial presentation, even if made available by us, on our website or otherwise, it may not contain current or accurate information. We disclaim any obligation to update or revise any forward-looking statement based on new information, future events or otherwise, except as required by applicable law.}

^{In addition, any information about our roadmap outlines or our general product direction is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in alpha or beta or in preview (used interchangeably), or to include any such feature or functionality in a future release.}