Splunk knows what it’s worth – .conf24 showed Cisco does too

Splunk logo pictured at the keynote theatre for Splunk .conf24 in Las Vegas, Nevada.
(Image credit: ITPro/Rory Bathgate)

As Splunk .conf24 draws to a close, partners and customers may be breathing quiet sighs of relief. 

While the event has touched on the expected topics of AI, observability, and security in good measure, it’s in its successful messaging around corporate continuity under Cisco that its real success lies.

Cisco announced its $28 billion acquisition of Splunk in September 2023 and the deal closed on 18 March 2024. In the months since, it has gradually revealed more of its vision for Splunk’s future.

Before the conference began there had been some speculation that this could be the last .conf, with some predicting Cisco would simply roll Splunk into its Cisco Live events. But having seen the continued energy of the crowds and leaders at the event firsthand, along with the pledges made by Cisco throughout, it seems safe to say that these rumors are incorrect.

It was also clear that Splunk would need to dedicate significant time to explaining the benefits of being a Cisco company at .conf24, tackling potential customer and partner concerns head-on.

No one knows this better than Cisco, it seems, given the company spent the entire event stating and restating that it’s not looking to rip up Splunk’s existing strategy.

Chuck Robbins, CEO at Cisco, told the audience in the first keynote that Cisco’s job is “not to screw up” what customers already have with Splunk. The loud applause and cheers that this remark elicited from the crowd speaks to the febrile nature of the event up to that point.

Despite reassurances at Cisco Live 2024 that Splunk was to remain an important player in its own right, customers and partners turned up to .conf24 needing clear acknowledgment of what will and won’t be changing under Cisco’s control.

“We believe in, we love, and we will embrace the Splunk community,” said Gary Steele, president of go-to-market at Cisco and GM at Splunk in the .conf24 opening keynote.

“That means the Splunk brand stays. That means this community that fosters innovation and coolness, that gets the most out of Splunk, we will continue to drive that and encourage it in every way we can.”

A mutually beneficial Splunk portfolio under Cisco

The phrase “Better together’ was used throughout .conf24, referring to the benefits that both Cisco and Splunk can leverage from the acquisition.

The pair have announced a raft of new product integrations across their portfolios, with benefits flowing in both directions. For example, the integration of Cisco Talos threat intelligence across Splunk security products including Splunk Attack Analyzer, Splunk Enterprise Security, and Splunk SOAR to enrich security investigations and make links between detected activity and known threats rooted in Talos’ extensive threat expertise.

On the other hand, Splunk’s pedigree in data analytics puts it in prime position to supplement and supercharge Cisco’s existing products and to act as a powerful backing force as the companies move ahead with AI.

Acknowledging Splunk’s tenth time being acknowledged as a Gartner Magic Quadrant leader for SIEM, Steele told the audience that its security and observability drive “only gets better with Cisco”.

“We'll get greater visibility, we'll get greater insights across the network, through the endpoint, across devices. And I feel like my excitement and enthusiasm is that I fundamentally believe we can drive better outcomes for you, that's what I think about every single day,” he said.

Both Splunk and Cisco have taken something of a cautious approach on AI, a shared trajectory and strategy that has helped keep the acquisition smooth. Splunk has been somewhat slow to adopt popular or generic generative AI assistants within its products, choosing to focus instead on improving its in-house model used for turning natural language prompts into data reports within Splunk.

The new AI Assistants for observability and security, alongside an improved AI assistant for producing Splunk’s Search Processing Language (SPL), are the fruits of this approach.

“I don't think you're going to see AI in itself as a thing, I think you're going to see everything powered by AI in the roadmap going forward with Cisco,” says James Hodge, GVP and chief strategic advisor EMEA at Splunk, in conversation with ITPro.

“There’s a lot more coming in the future by combining the best of Cisco and Splunk,” said Hao Yang, VP of AI at Splunk in the opening keynote. Noting that “data is the fuel for AI,” Yang stated that there’s an unprecedented opportunity for AI expansion in Cisco and Splunk working together.

“As part of Cisco, we’ll have more data relevant to security and observability than any other company and we’re confident that together we will be able to deliver amazing outcomes with AI to make you more digitally resilient.”

Once again, all of these announcements were grounded with repeated claims that Cisco is not looking to change any of Splunk’s AI roadmaps.

Tom Casey, SVP and GM of products and technology at Splunk told ITPro that Splunk’s approach to AI has been “domain-centric AI”, rooted in three core principles that set it apart from the competition:

  • Domain-specific
  • Human in the loop
  • Open and extensible.

“While we’re integrating with Cisco and that fits really well, so you can chat from that chat experience right into the workloads … we remain open and extensible, so that continues to work and you can bring your own AI models for the industry as well.”

In its continued commitment to these principles, partners and customers can find more cause for reassurance. Cisco is pushing ahead with its AI focus, with ample access to data grounded in its detection platform ThousandEyes, and it seems both it and Splunk are in lockstep on the importance of an open approach to AI in the long term.

Encouraging and educating Splunk partners

The relationship between Splunk and its partners is a clear indicator for how successfully it is navigating the acquisition. When ITPro attended Splunk’s Global Partner Summit keynote at .conf24, it was clear that the mood in the room was one of excitement rather than concern.

Even one of the larger ballrooms within the Venetian Conference Center was no match for the attendees, with latecomers forced to stand to the side for lack of seats.

Alexandra Turbitt, GVP for alliance & channels, EMEA, tells ITPro that achieving this goodwill has been a mixture of listening carefully to partner concerns and taking advantage of the good deal of crossover already present in Cisco and Splunk’s ecosystems.

“For many of our partners they are now Cisco and Splunk partners,” Turbitt tells ITPro, noting that around 75% of Splunk’s partners fall in this overlapping category. In feedback sessions, she adds, Splunk partners have praised Splunk’s observability go-to-market, expressing that they no longer feel the need for vendors outside Cisco and Splunk to meet their observability needs.


For the remaining 25%, Splunk is encouraging them to get stuck in with Cisco and introducing Cisco team members into their contact with Splunk to ease this process. Turbitt says that there’s also “huge interest” among Cisco partners who aren’t yet acquainted with Splunk to get certified on its solutions and join the Splunk ‘Partnerverse’

There’s no doubt that Splunk is being incredibly careful with how it’s communicating the acquisition to partners, having doubled down on the message of there being no dramatic changes planned under Cisco.

With the disclaimers and logistics out of the way, Splunk put great emphasis on how its products can work together to achieve overall digital resilience. As partner strategies go, this is excellent. Having focused so much on its observability and security achievements in both keynotes, Splunk has ensured that the idea of resilience is front of mind for customers and that partners are equipped with tools tailor-made to solve this problem.

Turbitt tells ITPro that she particularly likes Splunk’s Hidden Cost of Downtime report for the same reason. The report reveals that the top 2,000 firms worldwide lose $400 billion per year due to downtime incidents and Turbitt says it provides all the relevant context to explain why Splunk’s observability, security, and AI solutions are so badly needed.

“I got really good feedback on the report in terms of numbers like this really help with conversations on a CFO level, for example, to simplify what the technology impact is on their business.”

“So they were very appreciative for helping to really get the value in front of their C-suite.”

Earlier in the year, Splunk wasn’t certain that the deal would clear before .conf24. In another world, this would have resulted in an event with the Cisco acquisition looming over it unspoken rather than up in bright lights on the keynote stage.

We don’t live in that world and anyone with a stake in Splunk should be glad that’s the case. In arguing why it deserves to keep its identity under Cisco – and repeatedly giving a platform to Cisco executives who explained how much they value Splunk as a complete package – Splunk has walked away from .conf24 having very clearly explained what being a “Cisco company” means for its future.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.