This content is part of the Conference Coverage: Cisco Live 2024 conference coverage and analysis

Cisco makes Splunk the center of observability

Cisco is integrating Splunk, AppDynamics and ThousandEyes to create a critical differentiator in the observability market. Networking integration will come later.

LAS VEGAS -- For years, Cisco has had disparate infrastructure software without a clear integration plan. The recent $28 billion acquisition of Splunk has changed that.

At the Cisco Live conference this week, the company demonstrated its determination to make Splunk's data analytics engine the unifier of Cisco's observability portfolio by integrating AppDynamics, an application performance management product.

Coming soon to Splunk is Cisco's ThousandEyes SaaS product that maps and monitors infrastructure across the internet, cloud and data center. Cisco also plans to feed data from its network hardware and software into Splunk. Cisco hasn't provided details or a timeline for either integration.

Cisco expects the combination of Splunk, AppDynamics and ThousandEyes to become a critical differentiator in the observability market. To move faster toward that goal, the company has already moved all of the AppDynamics development teams into Splunk, said Cisco President and ex-Splunk CEO Gary Steele.

"There's no one else in the industry that has this," Steele said during an executive Q&A with reporters and analysts. "These ingredients are unique and unique to Cisco."

Cisco started executing its Splunk-as-a-data hub strategy soon after completing the acquisition in March. The first integration was between Cisco's Talos threat intelligence and Splunk's security tools. Critical telemetry fed into Splunk from IT operations includes logs, metrics and traces.

The AppDynamics integration is through Splunk's Log Observer Connect and IT Service Intelligence (ITSI). The former allows IT staff to query logs gathered in Splunk. The latter utilizes AI and machine learning to analyze data and predict incidents that could disrupt application services.

Cisco plans to make the Splunk-AppDynamics combination available in the third quarter, along with single sign-on for the two products. The company expects to make ITSI support available June 14.

Tom Casey, Cisco
Tom Casey, general manager of Splunk, provides details on Cisco's integration plans for Splunk during a Cisco Live keynote.

ThousandEyes in Splunk

The upcoming ThousandEyes integration should simplify what's possible with Splunk today by making the process of combining the two less manual.

For example, a manufacturing company with more than 500 locations globally used ThousandEyes' APIs to send system logs and event messages to Splunk for analysis, said Joe Vaccaro, vice president and general manager of ThousandEyes, in an interview.

The company built the dashboard to display a map of every location and color-coded them as either red, yellow or green to indicate a problem, a possible problem or no problem, respectively. IT staff could then drill down to look for trouble within applications or network devices.

Cisco's integration plans for Splunk have piqued the interest of the Las Vegas Valley Water District (LVVWD). The utility is a customer of Cisco's operational technology (OT) business.

LVVWD's IT department is watching Cisco's rollout of its Splunk strategy closely, said Brad Callihan, OT systems and compliance manager.

"We're analyzing where Splunk is at and what the integration to the Cisco platform does for us as an organization," Callihan said. The utility uses Microsoft Azure Sentinel, a security information and event management system.

Approximately half of Cisco's revenue last year came from its networking products, so many of its customers will be interested in the company's use of Splunk. Today, many network engineers use vendor-agnostic management tools, including Broadcom, LiveAction, Paessler, PathSolutions, Riverbed and SolarWinds, said Shamus McGillicuddy, an analyst at Enterprise Management Associates.

"People with multi-vendor networks, which is pretty much everybody, don't really think of [Cisco] as managing their entire network," McGillicuddy said.

How far Cisco will go into managing multi-vendor environments and whether Splunk can play a role remains to be seen.

Full-Stack Observability
Tom Casey, general manager of Splunk, defines full-stack observability during a Cisco Live keynote.

Cisco AI Assistant

Part of Cisco's product integration strategy includes an AI Assistant it plans to launch this year. Rather than build separate assistants for each product, Cisco plans to have one and will build in specific capabilities for networking, security and observability.

Cisco hasn't provided many details, but Bob Laliberte, principal analyst at theCUBE Research, said Splunk could play a key role.

"The whole premise of AI is to take data and convert it into intelligence or knowledge," Laliberte said. "Splunk is that one data management piece they can feed everything into."

Antone Gonsalves is an editor at large for TechTarget Editorial, reporting on industry trends critical to enterprise tech buyers. He has worked in tech journalism for 25 years and is based in San Francisco. Have a news tip? Please drop him an email.

Dig Deeper on Network management and monitoring

Unified Communications
Mobile Computing
Data Center