During .conf25, Splunk, which has been an official part of Cisco for over a year, is making the necessary announcements. Just like earlier this year at Cisco Live, Splunk is certainly not holding back. The payload is substantial. There are some fundamental announcements that increasingly clarify Splunk’s added value for Cisco. That value is quite significant. Today, we bring you news about updates to the Splunk/Cisco platform, and tomorrow we will focus on security and observability.
At the time of Cisco’s acquisition of Splunk, there was a strong emphasis on the security component of Splunk that made the company interesting. That was logical, because Cisco was pushing security very hard at the time.
We noted at the time that the security part certainly had and still has value for Cisco, but that we actually saw much more value in what Cisco could do with Splunk in the area of data. Initially, this concerned observability (Cisco was also talking a lot about Full-Stack Observability at the time), but ultimately also more generally with making data available to anything and for any purpose.
The latter is exactly what today’s two announcements are about. First, there is the Cisco Data Fabric. Second, there is an integration with Snowflake.
Cisco Data Fabric
The biggest announcement at .conf25 is actually a Cisco announcement. Cisco Data Fabric is a new turn-key framework with which Cisco wants to make all data, from edge to cloud, available for (agentic) AI. Not just any and all data that happens to be stored or passes by somewhere, but only data that actually has added value.
Splunk’s role in Cisco Data Fabric is fundamental. You could say that the Splunk platform is the engine of Cisco Data Fabric. The idea behind a fabric is that you can leave your data where it is. So you don’t have to send all your data to Splunk or any other data lake. The combination of Cisco and Splunk technology should ensure that instead of one big data lake, there are a large number of data puddles that are interconnected. That is how Kamal Hathi, SVP & GM, Splunk Products & Technology put it during a briefing we attended.
Time-Series Foundation Model
In itself, a Data Fabric is not that interesting. There are already many of them, under all kinds of names. In fact, 2025 is rather late to come up with something with this name. However, underneath, we see quite a few interesting components. There are also parallels with what Cisco is doing in other areas. We will pick out a few notable components.
The first component is the Time-Series Foundation Model (TSFM). This should make it possible to carry out advanced actions with time-series data within the Cisco Data Fabric. This is fundamentally different data from what the now commonplace LLMs deal with. Time-series data is exactly what the name suggests: a series of data points recorded at fixed intervals in a database. In many cases, this type of data comes from machines of all shapes and sizes.
Time-series data poses quite a few challenges from the perspective of generative AI. In order to be able to predict or forecast, a model must process an enormous amount of historical data, sometimes at intervals of every minute or even every second. This is nothing like the text and images that many general models are trained on. It is therefore not surprising that TSFMs were not immediately available. Until recently, ARIMA (AutoRegressive Integrated Moving Average) models, i.e., statistical models, were the best option if you wanted to use this type of data for forecasting.
Recently, however, things have been moving forward and we are seeing TSFMs that perform better than statistical models and sometimes even show results in the area of zero-shot performance. Zero-shot here means a situation that is completely new to a model. In other words, a situation that was not included in the training data.
Splunk Machine Data Lake
A second interesting component that enables the Cisco Data Fabric is the Splunk Machine Data Lake. That may sound a bit strange at first, because we just wrote above that there is no such thing as a data lake. However, this is not a physical location where all data goes, but a virtual data lake. It contains a list or catalog of items that can be used for AI purposes, particularly for training models and analytics. In this way, the foundational models can be trained with machine data.
The Splunk Machine Data Lake is also another cog in the overall story surrounding Cisco’s AgenticOps. If you link the machine data from the Machine Data Lake to the Splunk AI Toolkit and the MCP server that is now also available, machine data can be sent to AI Canvas. If you would like to know more about AI Canvas, please refer to this comprehensive article we wrote about it. It indicates that the Cisco Data Fabric should also become part of the flexible, open architecture that Cisco says it has in mind in general.
Splunk Federated Search for Snowflake
The second major announcement today, alongside Cisco Data Fabric, is Splunk Federated Search for Snowflake. This is an integration for the Splunk Platform that allows users to query data in Snowflake from within the Splunk environment and join it with data already present in Splunk. According to Splunk, users can simply add Snowflake as a data source in the Splunk environment.
According to Splunk, the queries that can be used to do this are “SPL-like,” so it looks like users will have to change their queries slightly. It is also possible to use analytics from Snowflake for part of a query in order to make the final join in Splunk.
The above integration between Splunk and Snowflake again fits well into the overall picture that Cisco wants to paint. Here, too, the aim is to reduce switching between environments without having to move all the data.
The importance of Splunk for Cisco is becoming increasingly clear
As mentioned, the concepts we are discussing in this article are not particularly radical. That is, data fabrics, seamless joins, and unified environments are not new concepts. However, on the scale that Cisco and Splunk are operating and with some interesting underlying technology such as TSFM and the Machine Data Lake, it could well have a significant impact. Ultimately, that is what matters most to organizations and the people who have to work with it.
One thing is clear: Splunk is becoming increasingly integrated into Cisco. Shortly after the acquisition, Cisco integrated some components, such as AppDynamics and Splunk. That was the low-hanging fruit. With the announcements of this week, that bring Splunk much more to the data (and to Cisco) than was the case before, the next phase has clearly begun and may already be in full swing.