New Cisco-Splunk observability roadmap details emerge
Post-acquisition, Cisco puts Splunk's CEO in charge of its observability strategy and lays out the details of how Splunk Observability Cloud will replace its existing platform.
This story was updated on 6/13/2024.
New details about how Splunk will steer Cisco's full-stack observability strategy emerged this week as Splunk made updates to its own product portfolio and disclosed specifics about how it will fold in Cisco's AppDynamics application performance management tool.
Presentations at last week's Cisco Live gave a broad overview of plans to put Splunk at the center of the company's observability product line, starting with integrations between Splunk, Cisco's AppDynamics APM tool and ThousandEyes for cloud and network performance monitoring.
This week, Cisco chair and CEO Chuck Robbins kicked off Splunk .conf24 by officially handing former Splunk CEO Gary Steele the observability reins as part of his new role as Cisco's president of go-to-market for its sales, partner and marketing teams.
"I can't overstate the value of this gentleman leading the integration and then taking on the strategic role that he took on for the entire company at Cisco," Robbins told .conf24 attendees during an opening keynote presentation Tuesday night. "You should feel really good about how he's sitting in [on] every decision that Cisco is making. And that should give you confidence that we're going to deliver value for you."
RIP FSO platform v1
Tom Casey, senior vice president and general manager of product for Splunk, said during a Cisco Live keynote last week that Splunk Observability Cloud will replace Cisco Observability Platform. This product had also been known as the Full-Stack Observability (FSO) platform when it launched last year. The AppDynamics development team has been moved into Splunk, and the company will continue to support Cisco Observability Platform and Cisco Cloud Observability customers in the short term.
Splunk Observability cloud had a few advantages over the Cisco platform, a Cisco spokesperson said in an email to TechTarget Editorial following this story's publication.
"Splunk Observability Cloud has been in the market longer and has a wider reach," according to the spokesperson. "We will work with customers on a migration path to Splunk Observability Cloud, which has a large install base, a more mature offering for infrastructure monitoring and microservices application performance monitoring, and an advanced integration with the Splunk Platform."
This week, Splunk officials speaking at .conf24 used the term "full-stack observability" in descriptions of coming tie-ins between AppDynamics and Splunk Platform, Observability Cloud, and IT Service Intelligence (ITSI).
"Splunk, now supercharged by Cisco, is bringing you full-stack observability that you need to see across your digital footprint," said Patrick Lin, senior vice president and general manager of observability at Splunk, during a keynote presentation Wednesday. "[That includes] owned and unowned [assets], private and public networks, traditional applications or micro services, mobile or web front ends, running on data platforms that are on prem or in the cloud. [We have] visibility into all of that now."
Lin's presentation made clear that AppDynamics, acquired by Cisco in 2017, is slotted into the traditional three-tier application category while Splunk Observability Cloud, based on its 2019 acquisition of SignalFx, will handle newer microservices applications. AppDynamics' data will be imported into Splunk's back end via its Log Observer Connect; AppDynamics and Splunk Observability Cloud will be linked via common user interfaces, according to Lin's presentation. AppDynamics performance metrics and alerts will become part of ITSI. Keynote presentations at .conf24 this week also included a nod to OpenTelemetry, which had been the focus of product integrations under Cisco FSO.
AppDynamics, Splunk customers welcome new combo
Industry analysts said they believe few enterprise customers will be affected by the demise of FSO, as it's unclear whether any have bought into the platform yet. AppDynamics and Splunk also already had some integrations. But existing users of both Splunk and AppDynamics welcomed further tie-ins this week.
"I have an integration between the two today, but it's only [business transaction] status and machine metrics," said a monitoring director at a U.S. government agency speaking on condition of anonymity in an online interview this week. "I would like to get the stack traces into Splunk so that I can [have] the team build ITSI KPIs off them. … It makes sense for Splunk to be at the core [of Cisco's observability strategy] because [AppDynamics'] log analytics leave much to be desired."
On the Splunk side, AppDynamics will bring APM features such as user experience monitoring and business risk management into the combined product, according to Lin's presentation.
"Splunk has a unique advantage now," said Steve Koelpin, lead Splunk engineer for a Fortune 1,000 company in the Midwest. "[AppDynamics] is an APM tool through and through, where [Splunk Observability Cloud] is more focused on real-time monitoring for microservices."
Steve KoelpinLead Splunk engineer, Fortune 1000 company
Meanwhile, Splunk consolidated and integrated parts of its own product line this week, folding Mission Control into Splunk Enterprise Security 8.0 along with incident response automation features from its security orchestration, automation and response product that reduce switching between tools.
In the observability realm, Splunk added links between its Splunk Cloud log data and Splunk Observability Cloud application performance management tools, which customer Progressive Insurance demonstrated during a keynote presentation. Jonathan Moore, a domain architect for the insurance company, added that he looked forward to the AppDynamics integration and new AI Assistant that Cisco plans to roll out for the APM tool.
"Our developers at Progressive … don't want to have to worry about the patterns and methods and ways to instrument an application so data gets loaded appropriately. That needs to be easy," he said. "And it's exciting to hear about the AI Assistant, that support next to me, so that even the architect and the people in the back [office] … can go in and use these tools."
Cisco-Splunk integration fine print remains
It's still early -- the $28 billion transaction between Cisco and Splunk only officially closed March 18. But the two companies have yet to publicly address all the permutations of the planned integrations, including products that had been folded into FSO under Cisco, such as Panoptica for API security. Splunk also has tools in its portfolio with an unclear future post-merger, such as Incident Intelligence. Both Splunk and Cisco rolled out AI assistants this week for observability, and it remains unclear how or whether they will be combined.
Cisco and Splunk officials emphasized that the two companies' observability integration plans will be speedily executed. But one industry analyst remained skeptical about how quickly the two companies can complete the work.
"The combined [product] is going to take a while to build. I estimated that it might take two years to come close to it. But looking at the pace they are moving, it looks like it might take even longer," said Andy Thurai, an analyst at Constellation Research. "Even at that, it is going to be difficult to decide which architecture will win and if all can be cloud or hybrid or local. … The good thing is that they have one [executive] who will drive the product and strategy vision. But it is too early to make a call."
Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.