6 min Applications

Cisco and Splunk take first integration steps towards Unified Observability

Cisco and Splunk take first integration steps towards Unified Observability

Cisco is not wasting any time and has already completed the first integrations between its own product offerings and those of Splunk. Full-Stack Observability can now actually live up to its name, even though it will be called Unified Observability.

This year at Cisco Live, it’s all about AI. We covered that in several articles yesterday. Last year, FSO, or Full-Stack Observability, was the buzzword that people at Cisco tried to work into their presentations and sessions as often as possible. This year, that’s much less the case.

The somewhat muted presence of Full-Stack Observability this year is actually a bit weird, although we also understand a company’s need to focus on one big theme during a show. But after the completion of the Splunk acquisition, there are about 28 billion reasons to talk some more about Full-Stack Observability. This is because Cisco can now link observability insights from the infrastructure layer to observability insights that Splunk extracts from customer data and logs. So it combines insights from data at different levels. That makes the whole thing even more powerful than it already was.

Just because it was pretty quiet around FSO on the first day of Cisco Live doesn’t mean it’s no longer on the agenda. Quite the contrary, in fact. On the second day, Cisco details some of the possibilities that the integration of the two platforms can offer customers. Mind you, the acquisition was officially completed only very recently (March 18, 2024), so there is not yet a huge amount of news surrounding the integration of the two environments. In conversations we had with people from Splunk and Cisco about this, they did indicate that both sides went to work very quickly after the acquisition closed, but you can only do so much in 2.5 months.

From FSO to Unified Observability

To indicate that we are no longer talking about the old FSO now that Cisco can deploy Splunk for observability purposes in addition to AppDynamics, among others, the word artists at Cisco have coined a new term: Unified Observability (actually, this is not a new term). You can interpret this a bit like the “Unified” in Unified Storage. It involves multiple types of observability brought together in a single environment. On the one hand, there is the Application Performance Monitoring data from AppDynamics that makes it possible to monitor the performance of traditional applications. On the other hand, there is the Splunk Observability Cloud that does the same for modern microservices-based applications.

That shared environment is not there at the moment, of course. There is still work to be done to fully integrate everything, if that is even the intention in the near future. Reading and listening between the lines, we did understand that Splunk is moving to the same design language and principles that Cisco uses for its environments. So the look and feel of both environments will be unified first.

First steps toward integration of Splunk and Cisco

Of course, merging data from different sources starts with a connector. So Cisco took some steps to make that happen. That starts with new SSO credentials that allow you to easily log into both environments and get started. Furthermore, Cisco has built a deep integration between AppDynamics and Splunk. With Splunk Log Observer Connect for Cisco AppDynamics, you can seamlessly switch to Splunk Observability Cloud from AppDynamics. Not only that, this integration also takes context into consideration. That is, it goes straight from AppDynamics to the right logs in the Splunk Platform. So it integrates deeply into the workflow and should ensure that problems are found and resolved faster.

In addition to the above integration, there is also a somewhat more general integration between the two environments. This link between AppDynamics and Splunk Enterprise, Splunk Cloud and Splunk ITSI (IT Service Intelligence) should ensure that analysts and other people working with observability don’t go crazy from all the alerts and noise that come with them. Through this integration, it is possible to correlate metrics and events from AppDynamics with data from Splunk. Smart things can then be done with that through the integration. Think of grouping notifications and generating insights. This integration works both ways by the way.

Further updates in AppDynamics and Splunk

In addition to the first signs of the (deep) integration of Splunk and Cisco AppDynamics, there is also news around updates in the individual environments. This is obviously not integration news per se, but still interesting enough to briefly mention here. For example, Cisco AppDynamics will become available as a hosted SaaS service on Microsoft Azure during the course of this year. Furthermore, we highlight two more updates in a bit more detail here: Cisco AI Assistant for AppDynamics and Advanced AI in Splunk ITS.

Cisco prides itself on integrating the same AI Assistant throughout its portfolio. So now it is doing so in AppDynamics as well. Using GenAI, this assistant should enable users to make the right decisions faster. According to Cisco, the assistant takes the user’s knowledge and skills into account when doing so.

Advanced AI in Splunk ITSI should make it possible for users to more quickly uncover the insights they are looking for in the Splunk platform. One way it does this is by helping teams set things like threshold values, optimize specific configurations and proactively provide insights around the status/health of specific KPIs, services and so on. To help with this, Splunk has integrated AI and ML into the Configuration Assistant in Splunk ITSI. That environment acts as the central console to set this all up properly.

The Configuration Assistant, part of Advanced AI for Splunk ITSI, is the only one of the above that is generally available right now. The rest will become available during Cisco’s current fiscal year.

Beginning of very deep integration

Cisco has taken the first steps in the observability integration of AppDynamics and Splunk. We’ve also seen a lot of updates around Splunk and the Security Cloud this week and in previous weeks. It should be clear that Splunk is going to have a big impact on Cisco’s portfolio. That’s only natural, of course, since it paid $28 billion for it.

Splunk will become part of the foundation of virtually everything Cisco does in many ways. It can add obvious value in all of Cisco’s pillars. Even in the Networking Cloud, which we don’t hear much about at the moment in relation to the Splunk acquisition, but which is Cisco’s biggest business unit by far. There, the company already has ThousandEyes for monitoring its own infrastructure. Combined with the insights from Splunk, Cisco can take AIOps and Digital Experience Assurance (two terms that partially overlap) to the next level there as well. Clearly, we haven’t heard the last of the role Splunk will play in Cisco’s story.