Splunk .conf25: Cisco expands AI portfolio with Data Fabric, Snowflake tie-up, and new security tools

Cisco rolled out Data Fabric and Snowflake integrations to help enterprises unify machine data for AI and faster decisions at Splunk.conf25.

Enterprises are facing a flood of machine data as they adopt AI across their operations. Cisco, through its Splunk business, has rolled out a set of products at Splunk .conf25 aimed at helping organizations turn that information into useful insights, improve observability, and respond faster to threats.

In an opening keynote at customer and partner event in Boston, Cisco President and Chief Product Officer Jeetu Patel outlined a vision for how the combination of Cisco and Splunk technology—including the newly introduced Cisco Data Fabric—will help businesses and organizations move into the agentic AI era.

“We are now squarely moving into the second era of AI, which essentially is agents being able to conduct jobs and tasks for us almost fully autonomously” Patel said. “And this is going to be much more about automation of workflows, rather than just individual productivity,” he said, contrasting agentic AI with the focus on generative AI and chatbots that have marked the first years of the AI revolution.

Cisco Data Fabric is a framework designed to simplify how companies use machine data for AI. Powered by Splunk technology, it pulls together information from across servers, applications, networks, and edge devices. The goal is to make that data easier to search, analyze, and apply in real time—whether for training AI models, spotting anomalies, or coordinating digital services.

"Organizations everywhere are sitting on a gold mine of machine data that's been too complex, cumbersome, and costly to leverage for AI, until today,"Patel. He added that Data Fabric could allow companies to build AI models using their own data, rather than depending only on public sources.

Data fabric features

The system includes tools for managing time series data, anomaly detection, and automated root cause analysis. It also introduces a new AI-driven workspace called Cisco AI Canvas, which lets teams investigate, visualize, and share findings in a common environment. Built-in federation features extend the framework by connecting to outside platforms like Amazon S3, Apache Iceberg, Delta Lake, Snowflake, and Microsoft Azure.

Cisco said Data Fabric was designed to work at extreme scale, letting enterprises process large volumes of machine data across cloud, edge, and on-premises environments. By embedding AI at every stage, from collection to analysis, the framework may help organizations reduce costs and shorten the time needed to resolve incidents. Analysts say this federated approach also avoids the expense of moving large datasets while still making them available for search and correlation.

Linking Splunk and Snowflake

Alongside Data Fabric, Cisco highlighted a new Splunk integration with Snowflake. Called Splunk Federated Search for Snowflake, it allows teams to query Snowflake data directly from the Splunk interface and combine it with operational data already in Splunk. This approach aims to reduce silos and give security and IT teams a broader view of their systems.

"Splunk Federated Search for Snowflake makes it simple for customers to access and act on their data, uniting business and operational insights in one view," said Kamal Hathi, Splunk's senior vice president and general manager.

For customers, the integration means they no longer need to move Snowflake datasets into Splunk before analysis. Queries can be run in place, with Splunk handling federation and enrichment. Cisco said this will allow teams to set business context for IT operations and security use cases, accelerating triage and resolution. Snowflake executives added that the move builds on their platform’s role as a central hub for analytics and strengthens its value for AI-driven workloads.

Observability with AI agents

Cisco is also bringing AI agents into observability. The updated Splunk Observability portfolio now includes agentic AI features that automate data collection, set up alerts, and suggest fixes during incidents. These additions are meant to help IT teams prioritize issues based on business impact and keep track of whether AI models are performing as intended.

New tools also connect observability with Cisco's ThousandEyes network monitoring and provide business insights linked to application health.

Among the new features are AI troubleshooting agents in Splunk Observability Cloud and AppDynamics, which can automatically analyze incidents and recommend next steps. Event correlation and automated summaries in IT Service Intelligence are also designed to cut down on alert fatigue by grouping related events into a single view. Cisco said these improvements will help teams focus on critical issues instead of being buried in noise, while also ensuring AI applications and large language models are performing as expected.

Security at the core

With cybersecurity a core focus, Cisco introduced new editions of Splunk Enterprise Security that embed AI throughout the threat detection and response process. The updates add AI-driven triage, malware analysis, and automated playbook creation, all aimed at cutting investigation times and reducing the burden on security analysts.

"Adversaries are already using AI, so defenders need to seize every possible advantage," said Mike Horn, Splunk's head of security.

Cisco said the new security offerings are designed to give customers flexibility, with Essentials and Premier editions that bundle different sets of tools. These include Splunk SOAR, Splunk UEBA, and an AI assistant for security operations. The goal is to unify detection, investigation, and response into one workspace, replacing the need to switch between fragmented tools. Additional AI agents are being introduced to automate triage, reverse engineer malware scripts, and even draft playbooks based on natural language prompts.

Together, the announcements show Cisco's plan to place Splunk at the core of its AI strategy—spanning data management, observability, and security. By blending machine data with AI-driven tools, the company is betting that enterprises will gain faster paths from information to action.