Nabugu - stock.adobe.com
Under Cisco, Splunk AI roadmap tees up pricing overhaul
Splunk's plans to develop a federated AI data management platform for Cisco will include a new pricing program that lowers data ingestion costs.
BOSTON -- Splunk's AI ambitions will transform its pricing approach, potentially addressing longstanding customer gripes about data ingestion costs.
Splunk leaders disclosed these AI roadmap plans in interviews with Informa TechTarget this week, following the launch of the Cisco Data Fabric architecture, which will expand federated data management features and tie in Cisco tools such as AI Canvas. Many of the new features demonstrated during Splunk's annual user conference this week are slated for release over the next six months.
Plans to expand federated search and analytics on the new platform will, by design, lower customers' ingestion costs by keeping data in place instead of importing and indexing everything within Splunk's back end, according to Mangesh Pimpalkhare, senior vice president and general manager of Splunk Platform at Cisco. However, over the next three months, Splunk will also test a new pricing model that focuses on analytics rather than data.
"The idea of federation changes the economics [of the platform] for the customer," Pimpalkhare said in an interview. "But even the parts that are getting processed by Splunk, we are going to pilot a new pricing model that is multi-dimensional, separates out ingestion and analytics and starts dropping the unit price on data management to the bare minimum."
The new pricing pilot program will simplify product licensing, enabling customers to start with essential features and expand to additional data analysis over time. This is similar to the updates in Splunk Enterprise Security version 8.2 this week, which combined previously separate security orchestration and response (SOAR), threat intelligence management, user entity behavior analytics, and security information and event management tools into Essentials and Premier editions. In addition to UI integration between the previously separate tools, the new Splunk Enterprise Security Premier edition now includes licenses for SOAR that are no longer limited to named users within the company.
Under the new pilot program, Splunk will also provide cost management features that map spending to specific services and allow customers to allocate a more predictable level of overall spending to different parts of the platform as needed, Pimpalkhare said in the interview.
Splunk plan tackles pricing pet peeves
The new pricing changes are partly jockeying for position in the AI gold rush and a result of Splunk's increasing ties to Cisco's broader set of products. But these moves will also assuage complaints in recent years from Splunk customers about its pricing, according to Stephen Elliot, an analyst at IDC.
"Ingest costs have been the sticking point for Splunk customers," Elliot said. "There's also maturity in the market around the value of logs -- now it's about metrics, logs, traces and events. It's about consolidating information from both on-premises and cloud-native apps. And then we have the AI layer -- the agentic digital workforce -- emerging that's going to have to be managed."
Splunk previously introduced workload pricing as it rolled out the Splunk Cloud Platform, which offered customers a licensing option other than data ingestion as they chafed at practices left over from the vendor's early log management days that set rigid limits on data ingestion and could quickly lead to overage charges if exceeded. However, some gaps between Splunk Cloud and on-premises Splunk Enterprise cost management features persisted up to this week but will also change under Splunk Enterprise version 10, according to Pimpalkhare's conference keynote presentation Tuesday.
"All of you who operate in standalone on-prem environments have been asking, 'Why can't I filter, mask and route my data just like you can on the cloud?'" he said during the presentation. "Well, now you can. It's the same consistent experience on cloud and on-prem, and now you have a single console to look at the entire end-to-end data pipeline, from the forwarding agents to where it lands at the right destination based on your use case."
As Splunk and Cisco grow closer, its focus must shift toward increasing the usage of its products by multiple teams within large organizations as it competes with ServiceNow, IBM, SAP, Oracle and Microsoft to be a dominant enterprise AI platform, according to Elliot.
"Splunk has a large installed base for Enterprise Security and logging products, and a growing installed base for SOAR and observability," Elliot said. "Cisco can use its breadth and depth of portfolio to sell a lot of stuff, but it's one thing to sell -- it's another thing to actually get it adopted across an organization."
Cisco's plans to integrate its AI canvas into a federated Splunk data management platform could be key to promoting the platform's usage among multiple groups within large enterprises, Elliot said.
"It's very intriguing to say, 'We have one interface that every customer can go to as the first entry point. And then whatever problem they have, we can use the back end of our architecture to start to segment the data and direct the AI to help each persona in a personal fashion,'" Elliot said.
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.
