Splunk launched a new set of generative AI tools across its products, security operations additions, and data management applications as well as more Cisco integrations.
The announcements made at Splunk's .conf24 conference come a week after Cisco's customer conference where the two companies outlined integrations to connect observability platforms. At Cisco Live, the companies announce a new single sign-on system that streamlines workflows between Cisco AppDynamics and Splunk and Splunk Log Observer Connect for Cisco AppDynamics. Cisco AppDynamics will also integrate with Splunk Enterprise, Splunk Cloud and Splunk ITSI. Overall, Cisco and Splunk will look to unify the observability experiences across both platforms as they ultimately integrate them.
Observability and security customers of both Splunk and Cisco are watching integrations closely as well as clues to how the platforms will come together. A Splunk report found that the total cost of downtime for Global 2000 companies is $400 billion annually.
Cisco Q3, Q4 outlook better as company preps Splunk integration
Here's what Splunk announced at .conf24:
- Splunk added generative AI tools for Observability, security and IT Service Intelligence. AI Assistant in Observability Cloud adds a natural language interface for engineering teams to detect and correct issues. AI Assistant in Security brings genAI to workflows in a move to speed up analyst investigation. Splunk AI Assistant in SPL makes the insights from the company's unified security and observability platform more understandable to customers.
- Advanced AI for IT Service Intelligence has a new Configuration Assistant and gets Drift Detection for KPIs and Adaptive Thresholds for entities.
- Splunk Enterprise 8.0 adds a bevy of security operations center advances to simplify how analysts detect, investigate and respond to threats.
- Federated Analytics enables customers to analyze data directly where it resides starting with Amazon Security Lake.
- Splunk Attack Analyzer, Splunk Enterprise Security and Splunk SOAR customers will see integrations that leverage Cisco Talos threat intelligence.
- Splunk's Data Management portfolio will get Pipeline Builders to enable customers to filter, mask and transform data to simplify processing and Ingest Processor, which will give customers the ability to convert logs to metrics and route them to Splunk Observability Cloud, Splunk Platform or Amazon S3.
Constellation Research's take
Constellation Research analyst Andy Thurai said:
"The natural language interface Splunk AI assistant for SPL can be very useful to power Splunk users. SPL is not easy to write and needs an expert level understanding to write it. By providing a natural language interface AI assistant, Splunk/Cisco hopes to democratize the SPL creation.
Natural language queries of incident, related observability data, ITSI, and finding fixes quicker can be good. However, I have found some of Splunk's closest competitors are way ahead of them in this regard.
Data ingestion pipeline and log/data optimization are areas where competitors have an advantage over Splunk, even after these announcements.
The Log Observer connect as a full two-way centralized log mover could be powerful with all telemetry in one place, but I do anticipate scaling issues. But my guess is Log Observer is a temporary fix to connect log and observability clouds.
Splunk's AI announcements today are nothing earth shattering and competitors already are ahead. Cisco/Splunk now has a problem of integrating Splunk Observability Cloud, Log Enterprise, AppDynamics, and ThousandEyes, and Network Observability data into one meaningful solution. While Cisco and Splunk all service portions customer needs well, the combined solutions is going to take a while to build. I estimate that it might take two years or longer.
There are also overlapping solutions such as FSO, RUM, synthetic monitoring, incident intelligence, and logs which that all need to be redesigned.
I still stand by my original comments that it might take two years for this to come to fruition at the earliest. It is going to be difficult to decide which architecture will win and if all can be cloud or hybrid. The good thing is that they have one chief product officer who will drive the product and strategy. But it is too early to make a call. I haven't seen enough yet."
More Cisco and Splunk:
