Watch Now: 10 Must-See Splunk Sessions from Cisco Live 2026 Las Vegas

Platform Dan Holloran

Key takeaways

  1. Cisco Live 2026 sessions highlighted how Splunk and Cisco are helping teams strengthen security, observability, and IT operations with AI and unified data.
  2. Experts shared practical strategies and customer examples for reducing complexity, improving resilience, and using AI with trusted human oversight.
  3. All featured Splunk sessions from Cisco Live 2026 are now available on demand, with the next in person event taking place in Melbourne this November.

Cisco Live 2026 in Las Vegas was packed with announcements, demos, and real-world examples for boosting security, observability, networks, and IT operations for the agentic enterprise. These sessions delivered a clear picture of where Splunk and Cisco are headed, and why it matters for building robust, observable systems, and defending against frontier AI that could threaten your organization if you’re not prepared.

These sessions are now available on-demand. Plus, if you’re interested in the next in-person experience, join us for Cisco Live in Melbourne from November 9-12, 2026. Here are the top 10 on-demand Splunk sessions you can’t miss from Cisco Live 2026 Las Vegas:

Keynote Deep Dive: Building Digital Resilience for the Agentic Era

KDDOBS-1000 | (Cory Minton, Global Field CTO, Cisco)

For the big picture view of where Splunk is going and why, start here.

Cory Minton opened with a direct challenge to conventional thinking: the real problem facing enterprise operations teams is not a shortage of data but a shortage of trusted, unified context. With downtime costing Fortune 2000 companies an estimated $600 billion annually, and agentic AI reshaping how both attackers and defenders operate, the pressure to modernize has never been higher.

This session laid out the Splunk Platform strategy across three pillars: data and AI unification, operational convergence at machine speed, and end-to-end visibility for AI agents. Key topics included:

Cory previewed the path toward an agentic SOC with purpose-built agents for detection, triage, malware reversing, and response automation.

Nimesh Bernard, Head of Observability at Fannie Mae joined Cory on stage to explain how consolidating telemetry data on OpenTelemetry and Splunk helped their team move toward self-healing operations.

Resilience Will Define the Next Phase of AI Operations

CENOBS-1199 | James Hodge (VP of Global Specialists for Splunk, Cisco)

This center stage session is a strong watch for any technical leader thinking about where to invest next.

James Hodge opened with a story that hit close to home for any enterprise technologist: a hospital outage that exposed how completely digital workflows have replaced analog fallbacks — and what happens when those workflows fail. His point was sharp and practical. Resilience isn’t a narrow IT recovery problem. It’s a business-critical design discipline.

James framed the stakes clearly. Resilience failures are being influenced by the compounding challenges of petabyte-scale data growth, 1.3 billion agents expected in operation by 2028, and sustained machine-driven infrastructure load. His advice is to invest in foundational visibility first, unify telemetry across logs, metrics, events, and traces, define governance runbooks for when humans need to challenge machine outputs, and design infrastructure for continuous AI workloads rather than occasional bursts. The session also made the case for systems that are "born observable" and "born secure".

How Cisco IT Cut Observability TCO by 86% and Turned 2 A.M. War Rooms Into Faster Resolution

CENOBS-1500 | Ines Thornburg (Splunk Customer Experience, Cisco) and Anusha Nataraj (Service Delivery Management, Cisco)

The key lesson from this session: unify your data before you try to scale AI. Context is what makes intelligence actionable.

This session was one of the most compelling proof points of the entire event. Cisco IT manages over 1,500 applications, 100,000+ endpoints, and 15,000+ changes per month. This team shared the story of how they consolidated fragmented observability tooling onto Splunk Cloud, Splunk Observability Cloud, and IT Service Intelligence (ITSI), and what happened as a result.

The before-state was painfully familiar. Logs in Splunk and Elastic, metrics across Prometheus and Grafana, custom event management tools, and no correlated view. Example: A single database outage that should have taken minutes to diagnose stretched into hours and too many bridge calls. By consolidating onto Splunk, Cisco IT decommissioned over 400 on-premises servers, reduced observability TCO by more than 86%, and freed engineering teams from reactive maintenance to focus on AI-driven innovation. Major bonus: the team’s job satisfaction skyrocketed too.

The SOC Must Adapt to the Frontier AI Era

CENSEC-1203 | David Dalling (Director of Business Development, Cisco)

This one is a must-watch for any security leader evaluating how to modernize their SOC without losing control of the process.

David Dalling opened with the startling reality that’s reframing every security conversation: in 2018, the average exploit timing was 2.3 years. In 2025, it was 23 days. With frontier AI models, that window is now less than 20 hours.

The fundamentals of cybersecurity have not changed, but the operating model must to enable response at machine speed.

Dalling's session explained why the agentic SOC is critical now to address threat actors wielding AI. In the agentic SOC, AI agents handle high-volume, bounded, low-risk tasks like triage, malware reversing, playbook authoring, and detection content generation. Humans retain authority over consequential, high risk, and potentially irreversible decisions.

Every agent action must be observable, auditable, and reversible to be trustworthy. The session closed with a practical 90-day activation roadmap.

Rethinking Data Strategy for the Era of Data Explosion

PSOOBS-1006 | Mike Sondag (GVP of Splunk Platform Specialists, Cisco)

Watch this session for a clear picture of how to scale Splunk cost-efficiently while evolving AI-readiness.

If your team is wrestling with data growth, storage costs, or the question of how to make operational data AI-ready, this session delivers a practical architectural answer. The presentation walked through Splunk's tiered data strategy and showed why treating all data the same way at ingestion is both expensive and limiting.

The core shift is simple but significant: not all data needs to live in the Splunk index. High-value, real-time detection data belongs there. Lower-access compliance and archive data can land in the Machine Data Lake at a lower cost, remain catalogued and governed, and can be promoted into higher-performance tiers only when an investigation demands it. Federated search extends Splunk's reach further, letting analysts query data in Amazon S3, Snowflake, Azure, and Databricks without forcing a migration. A new unified data catalog ties it all together, giving analysts and AI systems a shared view of what data exists, where it lives, and how to use it.

AI Needs Better Data, Not More Tools

PSOOBS-1004 | Seth Brickman (VP of Global Product – Splunk Platform, Cisco)

For teams serious about building trusted, scalable AI operations, this session is essential viewing.

Seth Brickman's session tackled one of the most practical barriers to enterprise AI adoption: the data problem. AI systems and agents are only as effective as the data they consume, and most enterprise data is still fragmented across security, IT, networking, and operations environments.

The session introduced the Cisco Data Fabric, powered by the Splunk Platform as the architecture that solves this through a unified intelligence layer. He explained key capabilities including AI-guided data onboarding, automatic field extraction and data schematization, schema drift detection with one-click remediation, and self-healing data pipelines.

How Agentic AI Helps SOC Teams Do More with Splunk

PSOOBS-1005 | Bruce Snell (Director of Technical Marketing, Cisco)

The practical takeaway from this session: AI is not replacing your analysts; it’s giving them back the time to do the work that requires human judgment.

Bruce Snell's session addressed the unsustainable reality many SOC teams are living: more threats, more complexity, more tools — and not enough experienced analysts to keep pace. It’s not a talent problem, it’s an operating model problem.

Bruce explained how the unified Splunk Enterprise Security platform, combined with SOAR, UEBA, Detection Studio, Exposure Analytics, Cisco Talos threat intelligence, and Cisco AI Defense enables you to scale SOC operations far faster than scaling headcount. The session demonstrated agentic capabilities in action: an AI Assistant that summarizes findings, explains suspicious binaries, and generates standardized investigation reports; a Triage Agent; and an Automation Builder Agent.

AI Is Changing the Observability Problem

PSOOBS-1007 | Annette Sheppard (Director of Product Marketing – Observability, Cisco)

If your team is deploying AI-powered applications or agentic workflows, this session gives you the monitoring framework to do it responsibly. Annette Sheppard's session demonstrated that AI is not just changing what teams build, it’s fundamentally changing what teams need to monitor.

Traditional observability tools are built around metrics, events, logs, and traces from deterministic systems. But AI applications are non-deterministic, which means the same prompt may not produce the same output twice, so root cause analysis is harder. The infrastructure stack now includes vector databases, LLMs, model-serving platforms, and GPU-intensive compute layers that all require visibility. Splunk's answer is full-stack AI observability — from agents and applications down to GPUs wherever they run.

The most significant announcement was Splunk Agent Observability, powered by Galileo (recently acquired by Cisco), which delivers pre-built evaluations for toxicity, bias, and hate speech during development, full production tracing of agent conversations and tool usage, and runtime guardrails — all using a small language model that reduces evaluation cost compared to running a large model for the same purpose.

Building a Leading Observability Practice

PSOOBS-1003 | Annette Sheppard (Director of Product Marketing – Observability, Cisco)

This session is a valuable watch for platform engineering leaders, SRE managers, and anyone standing up an observability program at scale.

Not every observability challenge is a technology problem. This session from Annette Sheppard focused on the strategic and operational work required to build an observability practice that actually sticks — one that connects technical telemetry to business outcomes, earns adoption across teams, and improves over time.

The session outlined a five-step roadmap: prepare and align before acting, build a cross-functional team with clear ownership, assess the current environment and establish baselines, execute through a Center of Excellence, and optimize iteratively rather than treating this as a one-time transformation.

A consistent thread throughout: observability maturity is a business transformation initiative, not a tooling upgrade. Teams that treat it that way consistently get better outcomes.

Agentic Operations Need More Than AI, They Need the Right Foundation

PSOOBS-1000 | Hanlin Fang (VP of Product Management for Splunk, Cisco)

For any team thinking seriously about where trusted data and AI fit in their operations roadmap, this session is one to watch — and then watch again.

For any team thinking seriously about where trusted data and AI fit in their operations roadmap, this session is one to watch — and then watch again.

Hanlin Fang opened with a concrete scenario: four AI agents analyzing 847 GB of security data, surfacing 37 findings including three high-priority issues, and helping a senior SOC analyst escalate a confirmed DNS tunneling attack with lateral movement and an active C2 channel — in under 15 minutes — with a full audit trail and human approval at every consequential step.

Hanlin described a shift in how analysts work. We’re moving from manually navigating dashboards and tools to conducting a team of agents that continuously analyze telemetry, correlate signals, and present evidence-backed findings ready for human review. The architecture behind it is the Cisco Data Fabric, powered by the Splunk Platform, built across four layers: data, context, action, and governance.

Cisco Live Sessions Are On-Demand for Free

Cisco Live 2026 in Las Vegas made one thing clear. The Cisco Data Fabric powered by the Splunk platform is unifying security, observability, and IT operations teams while driving more meaningful outcomes for the agentic enterprise. From Machine Data Lake and Federated Search to Splunk Agent Observability and the agentic SOC, the direction is consistent: unified data, trusted AI, and human oversight where it matters most.

Every session above is available on-demand and free after signing in. Head to the Cisco Live on-demand session catalog to watch or rewatch any of these sessions anytime.

To experience the next wave of announcements and demos in-person, register now for Cisco Live Melbourne (November 9 – 12, 2026), the next stop on the global Cisco Live calendar. This is where the Cisco and Splunk community comes together to keep learning, connecting, and innovating.

Ready to explore what Splunk can do for your security, observability, or IT operations team? Try out our Splunk interactive tours to learn more today!

Related Articles

Storing encrypted credentials
Security
3 Minute Read

Storing encrypted credentials

Defending at Machine Speed: Guiding LLMs with Security Context
Security
7 Minute Read

Defending at Machine Speed: Guiding LLMs with Security Context

Enhance LLM performance for cybersecurity tasks with few-shot learning, RAG, & fine-tuning guide models for accurate PowerShell classification.
XWorm's Shape-Shifting Arsenal: Loader and Stager Variants in the Wild
Security
13 Minute Read

XWorm's Shape-Shifting Arsenal: Loader and Stager Variants in the Wild

Explore XWorm's shape-shifting tactics, evolution, and persistence, and how Splunk helps detect this RAT.