By Stig Andersen | 559 words | Read time: 3 minutes
Boston was buzzing as thousands of Splunk enthusiasts gathered for .conf25 – and while the energy of the keynotes, sessions, and hallway conversations was as vibrant as ever, one message stood out above all: Splunk is no longer just a log management solution. It is becoming the foundation for the next generation of data platforms.
The centerpiece of this year’s conference was the announcement of the Cisco Data Fabric – a strategic evolution that positions Splunk as the leading data platform of the future.
From platform to fabric
The Cisco Data Fabric introduces a unified layer on top of the Splunk platform designed to manage, federate, and analyze data across a wide variety of sources – from Cisco infrastructure to cloud storage, apps, SaaS, and beyond.
It’s not a physical data bus but a logical, architectural framework that ensures organizations can harness the right data, with the right analytics, for the right actions in the AI era.
Key values of the strategy
- Cost-effective scalability: By enabling a federated data architecture and filtration, organizations can process and analyze data in place, cutting costs tied to data movement.
- AI integration: A new layer for unified AI agent orchestration allows AI assistants to operate directly on the data fabric, opening the door to automation and advanced analytics.
- Openness and integration: The platform is open by design, scaling integration with third-party tools to create a seamless ecosystem.
- Enhanced network insight: With Cisco network data at its core, the solution provides powerful, preconfigured dashboards for security and operations.
Innovation in action
The broader conference sessions showed how this strategy is being delivered in practice.
Federated Search for Snowflake was a standout announcement. This integration allows users to query data residing in Snowflake directly from Splunk, without moving it. By correlating Splunk’s high-velocity machine data with valuable business data in Snowflake, teams can connect operational issues directly to business outcomes – a huge step towards an open data ecosystem.
The Operational LLM promises to bring AI closer to the workflows of IT and security teams. Trained on a massive corpus of anonymized machine data, it understands the unique language of logs, metrics, and alerts – powering use cases like natural language to SPL, automated root cause analysis, and predictive insights.
The AI Canvas provided a glimpse into what collaboration between humans and AI agents will look like. Acting as a virtual war room, it gives operators an AI-powered co-pilot that automates grunt work, surfaces summaries, and suggests next steps, allowing experts to focus on complex problem-solving.
On the infrastructure side, the Ingest Processor was revealed as a major evolution of the Edge Processor. It enables real-time data transformations, filtering, and routing before data hits the index – a powerful tool for efficiency and cost optimization.
Our takeaway
Across the board, the message was clear: Splunk is entering a new era. By combining Cisco’s infrastructure expertise with Splunk’s analytics power, the Data Fabric sets the stage for a future where organizations can accelerate digitalization, harness AI responsibly, and gain the insights they need to act faster.
.conf25 showed us that Splunk is no longer just about managing logs – it is evolving into the data platform that fuels AI-driven operations.
If you’d like to talk about how these innovations can be applied in your organization, reach out to Stig Andersen, our CPO, at stiga@trifork.security.