Cisco’s latest move, embedding Splunk Observability with agentic AI, promises to automate large parts of incident detection and remediation. If successful, it could shave hours off troubleshooting cycles, free up engineers for higher-value work, and give execs a clearer line of sight into the cost and performance of their digital estates.
The launch comes as businesses scramble to contain the operational risks of scaling AI systems. With large language models (LLMs) and AI agents embedded across customer experience, supply chains and back-office functions, traditional monitoring no longer suffices. Cisco’s bet is that agentic observability, software agents that act autonomously to collect telemetry, triage incidents and propose or effect fixes, will become a prerequisite for resilience.
What Cisco and Splunk Announced
Cisco has integrated new AI-driven capabilities into Splunk Observability Cloud and Splunk AppDynamics, deepening ties with Cisco ThousandEyes. Together, these are designed to unify monitoring across apps, networks, and infrastructure while layering in the appropriate business context:
AI Troubleshooting Agents
Available in Splunk Observability Cloud and AppDynamics, these agents automatically analyse incidents, surface potential root causes, and recommend fixes.
Event iQ and Episode Summarisation
Part of Splunk IT Service Intelligence (ITSI), Event iQ correlates alerts to cut noise, while Episode Summarisation provides context, including impact and likely cause, across grouped incidents.
Observability for AI
- AI Agent Monitoring tracks the quality, cost, and security of LLMs and AI agents.
- AI Infrastructure Monitoring alerts on bottlenecks and cost spikes in AI services.
Unified Business and Experience Insights
- Business Insights in Splunk Observability Cloud links app performance with critical business processes such as checkouts or loan approvals.
- Digital Experience Analytics gives design and product teams deeper visibility into customer journeys.
- Session Replay for browsers and mobile apps helps pinpoint experience issues.
- Splunk RUM + ThousandEyes connects real user experience with network performance across third-party domains.
Patrick Lin, SVP and GM of Splunk Observability, positioned the launch as a safeguard against runaway complexity:
Our mission is clear – to help organizations put AI applications and agents to work, while retaining visibility and control.With the latest innovations in Splunk Observability, we are empowering enterprises to proactively monitor their critical applications and digital services with ease, resolve issues before they escalate, and ensure the value and outcomes they derive from observability are commensurate with the cost.”
Business Impact: Resilience, Cost, Speed
The implications go beyond IT departments. For CIOs, the offer is resilience and cost discipline: spot issues before customers notice, ensure AI workloads run at the right price, and reduce mean time to resolution. For CFOs, the promise is a tighter grip on AI-driven cloud expenditure, often volatile and difficult to predict.
A retail example illustrates the stakes. A checkout slowdown could stem from the application, the network, or an LLM-powered recommendation engine. With agentic observability, teams can correlate telemetry across these layers, identify the root cause, and act before carts are abandoned. The commercial case is immediate, where higher uptime translates into retained revenue.
Procurement Checklist
For buyers, the announcement raises as many questions as it answers. Before signing, procurement teams should demand clarity on several fronts:
- Licensing model: Are agentic features bundled or separately priced? Per-agent, per-node, or usage-based?
- Availability: Which features are generally available now, and which remain in Alpha/private preview?
- Auditability: Do autonomous agents keep full logs of their actions? Can remediation be disabled per environment?
- Data governance: Where is telemetry stored, for how long, and under what encryption model? Can customers bring their own keys?
- Integration: How well do the new tools mesh with existing ticketing, change-control and CI/CD pipelines?
- Vendor lock-in: Can customers extract data via open standards such as OpenTelemetry?
Without answers, cost forecasts and risk assessments remain incomplete.
Risks and Governance
Automation inevitably carries hazards. False positives or ill-judged remediation could worsen an incident rather than resolve it. The capacity to roll back, to approve or block agent actions, and to audit decisions after the fact will determine whether SREs and security teams trust the system. For regulated industries, proof of compliance, from GDPR data handling to financial services audit trails, will be non-negotiable.
Availability
Cisco said Splunk AI Agent Monitoring, AI Troubleshooting Agents, ITSI Episode Summarisation, Business Insights, Digital Experience Analytics, and the RUM-ThousandEyes integration are in Alpha (private preview). Other features are generally available worldwide.
Consider This…
The march towards autonomous operations is not optional. As AI systems scale, observability must evolve to keep them accountable, affordable, and aligned with business purpose. Cisco and Splunk’s wager is that agentic observability will be the new baseline.
The real question for buyers is: Are you ready to entrust your digital estate to software agents, and do you have the governance in place to keep them honest?
Cisco’s Bigger Bet: Acquiring Splunk and Product Integration
In September 2023, Cisco announced it would acquire Splunk in an all-cash deal worth US$28 billion, paying US$157 per share. The transaction was completed on 18 March 2024, making it the largest acquisition in Cisco’s history.
Post-acquisition, Cisco has moved to fold Splunk’s observability, security and analytics technologies into its broader portfolio. For example, it is integrating Splunk with Cisco’s networking and security offerings (such as Secure Firewall, Talos, SecureX and Threat Defense), unifying observability across hybrid, cloud and on-prem environments, and aligning Splunk’s log analytics and telemetry capabilities with Cisco’s infrastructure tools.
