From Alert Fatigue to Operational Clarity: Turning Cisco Data Fabric Vision, powered by Splunk, into Agentic Operations Reality

I recently spoke at Cisco Live to introduce Cisco Data Fabric powered by the Splunk Platform and shared how Splunk and Cisco are turning the vision behind agentic operations into product delivery. Here I share the key points of my presentation.

Enterprise operations teams are entering a new phase of work. Security, IT, observability, and network teams have spent years being asked to do more with more telemetry, more alerts, more tools, more incidents, and more risk. The result is too much time spent searching, stitching, validating, and reconstructing context manually.

AI can change that equation, but not in a simplistic way that is often described.

Rather than replacing operators with autonomous agents, the goal is to give every operator a trusted team of agents working behind the scenes: reviewing telemetry, correlating signals, enriching findings, checking dependencies, and narrowing thousands of events into the handful that truly need human judgment.

That is the shift toward agentic operations, and it is the product direction behind the Cisco Data Fabric vision. In this operating model, analysts do not start the morning by opening ten dashboards and rebuilding the story from scratch. They start in a workspace where AI has prepared the evidence: what changed, which data was used, what action is recommended, and where human judgment is required.

Agentic operations are not automation for its own sake. It is about helping humans get to clarity faster.

From “Is This Noise?” to “How Much Does This Matter?”

The most important outcome is that an ambiguous signal becomes a clearly scoped incident with evidence, context, and a safer path to action.

A suspicious domain lookup becomes a recurring pattern. A recurring pattern becomes a host-level investigation with business and service context. The team is no longer stuck asking, “Is this signal or noise?” They ask: “How much does this matter? Who does it affect? What should we do now?”

For security leaders, this means faster triage and more consistent investigations. For ITOps, observability, and network teams, it means less time manually correlating signals and faster understanding of service impact. For executives, it means improving resilience and efficiency without adding operational complexity.

Why the Shift Is Happening Now

Several forces are converging to drive the urgency for this change

Operational data has expanded beyond what human-scale workflows can reasonably handle. Logs, metrics, traces, flows, events, configurations, vulnerabilities, service maps, and business metadata are growing across every environment.

The conditions teams respond to are moving faster. Threat actors are using automation and AI. Outages can propagate across cloud, application, network, identity, and security domains in minutes. The bottleneck comes from an understanding of enough context to act with confidence quickly.

Lastly, the workforce model is changing. The future will be human-agent collaboration: people setting goals, making critical decisions, and owning accountability, while agents perform repetitive investigation, enrichment, correlation, and first-pass analysis at scale.

The Hard Truth: AI Value Depends on the Data Foundation Underneath It

Many AI pilots look impressive in controlled environments. Far fewer change day-to-day operations in production. Enterprise AI fails by placing a general-purpose model on fragmented, poorly governed data and hoping for the best. It succeeds when the data foundation is ready for AI and delivered as part of the operational workflow.

Teams putting agents into production tend to get three things right.

1. Make the right data accessible at the right time without forcing every dataset into one place. Agents and analysts need to reach across real-time data, historical data, federated sources, third-party systems, and external stores without unnecessary movement, duplication, or cost.
2. Make the data understandable. Raw telemetry is not enough. An agent needs entities, relationships, schemas, metadata, and business relevance. It needs to know that a host supports an application, that the application supports a business service, and that the service affects customers, revenue, or critical operations.
3. Build trust from day one. Production AI requires access control, auditability, lineage, policy boundaries, guardrails, and human approval paths. Without those, organizations may get an interesting prototype, but not a trusted operating model.

In short: successful teams create access, meaning, and trust. They make their data accessible, contextual, and governable for AI.

From the Cisco Data Fabric Vision to Agentic Operations

When I introduced the Cisco Data Fabric vision, the intent was not to describe another data platform in the abstract. Cisco Data Fabric, powered by the Splunk Platform, is the system of operational records and data intelligence layer underneath this agentic future.

At the data layer, data management helps unify access across Splunk indexes, Machine Data Lake, and federated sources. The right data is rarely in one place. It may be hot, historical, external, or federated across cloud, network, security, and observability systems. Analysts and agents should not have to care where data lives before asking the right question.

At the context layer, capabilities such as data catalog, knowledge graph, and business context make data understandable. This is how teams move from “I found a log” to “I found a service, tied to a host, tied to a region, tied to customer impact.”

At the action layer, AI capabilities turn data and context into operational workflows. Purpose-built models matter because operational data is not ordinary text; it is logs, traces, metrics, flows, anomalies, sequences, and time series. Agent Builder gives teams a practical way to create agentic workflows without becoming AI engineers.

MCP Server extends those workflows across systems through a governed interface, because real incidents rarely stay inside one tool. AI Canvas in Cisco Cloud Control provides the collaborative surface where humans and agents inspect telemetry, review evidence, understand blast radius, and decide what to do next.

Across all of it, trust and openness are critical. Governance must be built in. The architecture must work across the systems customers already have, rather than forcing teams into another closed island. That is how the CDF vision becomes product delivery.

Start With Readiness, Then Delivery

For executives, the takeaway is clear: do not start your AI strategy by asking, “What agent should we build?” Start by asking whether your data foundation is ready to support agents in production, then choose one high-value workflow where data, context, action, and governance are clear.

Can your teams access the right data across domains without creating unsustainable cost and complexity? Can your systems provide enough context for AI to reason over entities, dependencies, services, and business impact? Can analysts and agents move from detection to response? Can you govern AI workflows with the same rigor you apply to critical systems?

Agentic operations are not a someday vision. It is the next operating model for digital resilience, and Cisco Data Fabric is how we are turning that model into product reality. The winners will not be the organizations that experiment with most agents. They will be the organizations that prepare data, context, workflows, and governance so humans and agents can operate together with speed, trust, and accountability.