Unifying Your Data with Federated Search

In today’s hybrid and multi-cloud landscape, the ability to derive insights without the friction of data movement is no longer a luxury, it is a competitive necessity. Today, we are proud to announce the General Availability of Federated Search, with new capabilities. As a core component of the Cisco Data Fabric powered by the Splunk Platform, this release marks a significant milestone in our mission to help you operationalize data across your entire environment, allowing you to query exactly where it lives and turn distributed signals into actionable, AI-ready intelligence.

The Data Distribution Dilemma

For too long, security and IT teams have faced a data distribution dilemma where operational risks of fragmented visibility are just another day in the office. Federated Search in this latest release takes on the heavy lifting by removing the complexity of managing distributed data, enabling you to:

• Keep data where it lives for sovereignty or compliance.

• Investigate across distributed environments without friction.

• Reduce unnecessary ingestion costs by avoiding data duplication.

• Accelerate AI and analytics access across existing data lakes.

Making Your Job Easier

Federated Search acts as the glue for your data ecosystem, providing a unified experience that handles the technical heavy lifting for you:

• Seamless Routing & Management: We’ve removed the need to ingest everything into a single index. With our intelligent routing capabilities, you can land high-value, latency-sensitive data in Splunk for real-time monitoring, while directing less critical or archival data to cost-effective S3 storage, all via a single data lake connection. You get the right data in the right place, automatically.

• Wide Variety of Data Stores: Splunk’s next-gen Federated Search accesses not just Amazon AWS S3 (Generally Available), but also Azure Blob, Azure Data Lake gen2, and Azure Databricks in Controlled Availability (CA).

• Immediate Searchability with Schema Inference: You no longer have to invest hours on manual schema mapping. Federated Search features schema inference with a Splunk-managed catalog, which automatically detects data schema to make it immediately searchable. This means you can query raw data in your lakes as if it were already ingested, providing immediate insights without the data prep headache.

• BYO Catalog for Mature Environments: Enterprise organizations often have established governance and cataloging tools. With our Bring Your Own Catalog (BYO) catalog support, you can integrate Federated Search directly into your existing data governance framework via Apache REST. This allows mature teams to maintain their established standards while gaining the power of Splunk’s search and analytics.

• A Unified Experience: Whether your data resides in Splunk or an external data lake, you use the same familiar Splunk interface and SPL2 query language for your pipelines and searches. No context switching, no learning new tools, just one pane of glass for your entire digital footprint.

Real-World Impact: The Autodesk Experience

The power of this approach is best illustrated by industry leaders like Autodesk, who faced the exact challenges many of you are dealing with today.

Autodesk’s mission of "Make Anything" requires 24/7 uptime. However, as their log data volume grew exponentially, they hit a wall. Their observability team was struggling with a fragmented environment where they had to log into multiple different tools just to troubleshoot a single service. This siloed approach created blind spots, increased MTTR (Mean Time to Resolution), and made it nearly impossible to balance performance with IT budgets.

By moving to a federated approach, Autodesk transformed their operations:

• Centralized Visibility: They consolidated their logging infrastructure into one unified tool, allowing engineers to troubleshoot upstream and downstream services from a single interface.

• Optimized Costs: By distinguishing between high-value logs (sent to Splunk for real-time analysis) and archival/debug logs (stored in Amazon S3), they achieved a 28% reduction in overall ingest costs.

• Faster Resolution: With automated summary indexing and a unified view, they significantly reduced their troubleshooting time, supporting their push to keep MTTR under 30 minutes.

The Future of Data Analytics: The Cisco Data Fabric powered by the Splunk Platform

Federated Search is a foundational pillar of the Cisco Data Fabric powered by the Splunk Platform. The Cisco Data Fabric serves as the overarching architecture that powers your data strategy from the edge to autonomous action.

We are committed to helping you turn your distributed data into a strategic asset, ensuring that whether your data is at the edge or in the cloud, it is always ready to power the next generation of AI-driven innovation.

Explore the new capabilities of Federated Search and see how we are redefining the boundaries of what is possible with your data, available starting with the 10.4 release of Splunk Cloud on AWS. Express interest in the Controlled Availability for Federated Search for Azure data stores here.