Cisco and Splunk: better together, but side by side

Cisco and Splunk: better together, but side by side

Just before Splunk .conf24 kicked off, Cisco CEO Chuck Robbins and former Splunk CEO Gary Steele took a moment to answer some questions from the press in attendance. Here are some insights that emerged in the process.

Splunk played an important role at Cisco Live last week. This week is no different. Quite a few people from Cisco attended the first day of .conf24, Splunk’s annual conference. Central to the first day was an appearance by Cisco CEO Chuck Robbins in the opening keynote by former Splunk CEO Gary Steele (now President and Head of Go-To Market at Cisco). Promises toward the Splunk community that Splunk will not materially change were an important part of this appearance.

Splunk is important to Cisco, Cisco is important to Splunk

The latter is important. Indeed, there is a fear here and there in the Splunk community that the acquisition will put a break on innovation and that Splunk will be fully integrated into Cisco’s offerings. There is no need for those who hold Splunk dear to their hearts to fear that, the two assure the entire room.

The effect of Splunk on Cisco is perhaps even greater than the other way around, both Robbins and Steele indicate during the Q&A they did with press and analysts. Cisco can learn a lot from the way Splunk enters the market, for example. Hence, Cisco has made Steele responsible for the GTM strategy throughout Cisco. This is also immediately the only job title change within Splunk after the acquisition, Steele indicates. All other Splunk employees still have their old positions.

Culture is a match

The fact that Cisco and Splunk get along well together is not only due to the complementary portfolios and the large overlap in customers. Of course, Cisco AppDynamics’ Full-Stack Observability and Splunk’s Observability Cloud are an excellent match. They merge data and insights from different parts of customers’ environments. That’s certainly going to lead to more and deeper insights, there seems no doubt about that. In Cisco’s security portfolio, the insights and data Splunk can bring to the table also add a lot of value.

However, both Robbins and Steele emphasize that there is another much more fundamental reason why Cisco and Splunk work well as a pair. They are broadly the same companies in terms of culture. That’s important, especially when Splunk customers now also occasionally run into someone from Cisco in the conference room. If it clashes in terms of corporate culture, then those are not pleasant meetings for customers.

Finally, it’s also worth noting here that Cisco is much more of a software company than you might think. Robbins also pointed this out several times during the media moment. Revenue from software is now about 20 billion dollars. His point is that Cisco really knows how to develop and market software. It doesn’t have to make a huge leap in that regard now that Splunk is part of the company.


Robbins and Steele also talked quite extensively during the Q&A prior to .conf24 about the openness that both companies strive for. Both Cisco and Splunk have recently made a clear point of opening up their platform to (data from) other parties as well. These can be complementary parties, but also competitors. At Cisco, this is clear in the areas of collaboration and security, where it competes with Microsoft and Palo Alto Networks, respectively, but has made Webex hardware suitable for Teams and is running metrics from Palo Alto Networks in Cisco XDR. Splunk has a similar approach, Steele indicates, without giving further details.

This openness, of course, can be explained as a sign of weakness. Why be open if you don’t really need to be? Yet, particularly in the area of cybersecurity, there is a case for every vendor to do so. Cisco announced just last week at Cisco Live that it is going to partner with Microsoft (the world’s largest security vendor) in the fight against attackers. This is simply necessary. A certain amount of openness is an important part of that.

For completeness, openness does not mean that the companies are going to open-source everything or suddenly make all insights, metrics and the like available to everyone. This is purely about the realization that they can’t do it alone. That they need to open up their own platforms to other data sources.

Cisco is no Broadcom

Of course, we will have to wait and see exactly what Splunk’s position within Cisco is going to be. But if a company spends $28 billion to buy another company, it’s not going to then completely tear that company apart, drastically reducing its value, Robbins indicated during a press session.

So with that, Cisco takes a substantially different view of things than Broadcom, which does seem to be taking a somewhat more drastic approach. VMware was and is a much more complex company than Splunk, and there was and is considerably more legacy in it, so the comparison is not entirely fair. However, the point is clear: Cisco is not going to intervene rigorously in Splunk. This year is not Splunk’s last .conf and we should expect an acceleration in development at the company rather than a slowdown.