AI agents should not only automate IT tasks, but also keep an eye on other agents. Splunk is shaping this vision of AgenticOps within its revamped Observability offering.
Splunk’s announcements during .conf25 revolve around AgenticOps In a nutshell: AgenticOps means that all kinds of IT tasks become the responsibility of AI agents, who take over routine tasks from employees, who can then devote themselves to more meaningful activities. That alone is not enough, because monitoring agents is also a fast-paced activity and requires new agents. You may wonder who ultimately monitors what, because someone has to look at the real-time effectiveness of agents. Splunk’s innovations respond to this.
Agentic observability
Both Splunk Observability Cloud and Splunk AppDynamics now offer the option of running troubleshooting via agents, which automatically analyze incidents to identify root causes. Event iQ automatically correlates alerts and provides context for grouped alerts within Splunk IT Service Intelligence (ITSI). Splunk ITSI then provides summaries including trends, the estimated impact on the organization, and, where possible, the root cause, all to enable troubleshooting as quickly as possible.
Troubleshooting IT problems of yesteryear can therefore be made easier thanks to AI agents. However, agents themselves present their own challenges. That is why AI observability must grow in line with the performance and potential dangers of AI agents, LLMs, and the entire AI infrastructure. Both the quality and the costs of LLMs and AI agents require insight, or monitoring. Detecting potential bottlenecks and usage peaks is just as important as in all other areas of IT, which is why Splunk is expanding its capabilities to measure all of this.
Unified offering
Finally, Splunk combines its own AppDynamics with Splunk Observability Cloud as a “unified” experience for 3-tier and microservices environments. It integrates with Cisco’s ThousandEyes so teams can see the impact of the network on application performance. This can be quite specific, as Splunk points out. Think of checking whether the payment process is working properly or whether all SaaS services are accessible.
The idea behind a “unified” offering is also that organizations can look beyond uptime and incidents. For the business side of the company, it is also interesting to see whether customers click on suggestions or drop out somewhere in the purchasing process. This can lead to insights into the design of the site or the choice of certain products and takes Splunk’s usual monitoring beyond preventing incidents or measuring usage costs. Once again, it is clear that Splunk can achieve anything with data; it is up to the user to determine exactly what can be gained from it.
Further expansions
In addition, Splunk Application Performance Monitoring in Observability Cloud is expanding with support for hybrid applications and business transactions. This strengthens APM for cloud-native applications and continues to cover traditional 3-tier environments, building on the expertise of Splunk AppDynamics. Cisco is also introducing Browser and Mobile Session Replay for Real User Monitoring in Splunk AppDynamics and bringing that feature to Splunk Observability Cloud, allowing teams to review and optimize the actual user experience.
Furthermore, there will be a new Splunk AppDynamics Agent based on OpenTelemetry. This agent allows customers to collect telemetry in Splunk AppDynamics or in Observability Cloud, enabling existing AppDynamics customers to use the observability offering that best suits their situation. Finally, Real User Monitoring in Splunk Observability Cloud will be integrated with Cisco ThousandEyes. This will make it possible to correlate the actual user experience with network performance across proprietary and external domains, quickly identifying regions or services affected by network bottlenecks.
Conclusion
In short, with AgenticOps, Splunk is positioning itself as the control layer for what we already know as AgenticOps: a unified observability offering that brings together AppDynamics and Observability Cloud, complemented by APM for hybrid environments, Session Replay, RUM and ThousandEyes integrations, and an OpenTelemetry-based agent to collect data from anywhere. The promise is to move faster from symptom to impact and root cause, even for problems with AI agents themselves.
The burden of proof now lies with practice. Organizations must be able to see that MTTR is decreasing, alert noise is decreasing, and LLM costs remain transparent. This includes clear governance over who monitors the agents. If this succeeds, the role of security and observability teams will shift from firefighting to directing agents, with measurable gains for both IT and business.