Splunk .conf25 – Cisco’s Data Fabric, Ponds, Puddles, and Lakes

Splunk’s new vision for data collection and ingestion is officially modernising for a new age of AI and agentic AI development. Announced during Mondays opening keynote Jeetu Patel, Cisco President, introduced a blended vision – mixing Cisco’s Data Fabric with Splunk’s software to facilitate the widespread adoption of AI throughout their customer base. The key to understanding why this is important, and the best ways to utilise this new technology comes by breaking down what a data fabric is and why federation is integral to this new vision.

Simply put a data fabric is a data architecture designed to hone your data for use with big data models and AI infrastructure, a foundation for your modern ‘autonomous’ workflow development. As a relatively new approach to data management a data fabric offers exciting new opportunities to businesses and organisations without a dedicated ML or AI resource – allowing you to leverage new technologies without having to untangle complex algorithms or provision excessive infrastructure. Whilst no single vendor currently has a monopoly on the data fabric solution Cisco’s offering is unique, its integration with Splunk sits in a prime spot to deliver faster time to insight without the issues of tool compatibility and engineering engagement.

Now for the real question, how will you use it? Cisco’s vison is that once the cost and complexity of AI is removed, you’ll be able to use your machine and business data to train organisation models to correlate and extract insight to drive better decisions – what ever that means for your organisation! It’s all about business agility, building “digital services that are more resilient, adaptive, and responsive to the needs of their users” (Kamal Hathi, SVP and GM Splunk).

To pair with this announcement, Splunk also unveiled their primary offering in the ML space, an Auto Regressive Language model (Foundation-sec-8B) and rebranded AI toolkit (previously Machine Learning Toolkit). The message here is clear, turn your proprietary data into actionable intelligence with a unified suite of collection, storage, management, and models. Foundation-sec-8B will be available on Hugging Face in a few months (Nov 2025) so we’ll be able to comment more then but from the information currently available it seems promising.

Designed specifically for the security domain Foundation-sec-8B is a generalist tool for building AI-powered security workflows and applications. As an auto-regressive model its functionality is based on predicting future values passed on past values – automating triage based on past workflows or proactive threat defense using previously modeled attacker behavior. Whilst we cannot comment on performance yet the theory behind Foundation-sec-8b is promising, using transfer learning (fine-turning a pre-trained model on a specific dataset) it will adapt in within your Splunk ecosystem to be a specialised model unique to your environment.

The next step in the thought process here is how you’ll build your data fabric and feed any ML model with the right data it needs to be useful to your business applications. Splunk’s answer here is an expansion of the current federated search to include Snowflake, Azure data stores, and Cisco telemetry with support for Apache Iceberg/Delta Lake. Whilst talk around data ponds, puddles, any other notable bodies of water make it hard to know what this means for your business the intention is simple – less duplication and more unification of your wider product stack. The main applications here are accelerated triage and informed decision making by combining the strengths of Splunk with those of other platforms. With time we’ll have more insight into the practicalities of an expanded federated search but at its core this resurfaces common themes within the data space – how to effectively store your data, across your tools, to optimise availability, cost, and compliance.