The 10th annual Splunk .conf took place in Boston, Massachusetts, this year, a refreshing change from the heat and slot machines of Las Vegas. The change in venue didn’t seem to affect the event’s turnout, as Splunk’s Boss of the SOC (BOTS), its Capture the Flag competition, had even more attendees than the previous year by a large margin.

There were many comments this year about how, between BOTS and some of the announcements, this was a return to the Splunk of old — a big compliment given how many people have been holding their breath for three years now over Cisco’s acquisition of Splunk.

The opening keynote, delivered by Cisco Chief Product Officer Jeetu Patel, emphasized the importance of AI and machine data in the future of Splunk, referring to data as the essential fuel for AI. Machine data at “ludicrous scale” was a consistent theme throughout the conference.

Some of Splunk’s key announcements included the Cisco Data Fabric and its Machine Data Lake. The Cisco Data Fabric is its new way of describing the data journey, from traditional Splunk ingest to federated search (such as on Snowflake, which it also announced) and analytics to its new Machine Data Lake.
The Machine Data Lake is a cost-effective way to store data within Splunk, allowing data to be promoted to Splunk for easier and faster search and analytics. Importantly, Machine Data Lake sits below both Splunk ES and Observability, so data is effectively shared and can be promoted to either instance as needed.

Cisco also announced its AI Canvas, which provides a more widgetlike experience to interact with the AI assistant. This is an interesting approach to better visualize the AI assistant’s outputs, which can help teams operationalize and interact with the data more effectively. It uses deterministic and nondeterministic methods to present relevant content in the most appropriate widget and then highlights linked elements in other existing widgets on the canvas.

Enterprise Security 8.2 Is Live — The Rest Is Alpha

Generally available capabilities were few and far between beyond ES 8.2, but there were a few especially interesting up-and-coming security announcements:

  • A new approach to packaging: Enterprise Security Essentials, which includes SIEM and the AI assistant; Enterprise Security Premier, which includes SIEM, the AI assistant, SOAR, UBA, and threat intel management. As of the conference, this is in controlled availability.
  • Detection Studio: based on the Snap Attack acquisition, will give detection engineers better visibility and understanding of their detections, including version control. It will be available in January 2026.
  • An AI agent for script analysis: the Malware Reversal Agent, which is available now. An AI agent for triage (alpha in Jan 2026), AI SOAR playbook authoring (alpha in Nov 2025), and the ability to customize the AI capabilities to SOPs are coming.
  • Five GB per day free ingestion of Cisco firewall logs into Splunk: which is valuable and could motivate some to switch more firewall capabilities over to Cisco. Five GB per day in an enterprise setting doesn’t go very far, however, especially with firewall data.

Observability Was All The Rage, But Context Is Still King

Splunk has not lost its focus on delivering observability capabilities and is expanding them into additional areas. The vendor seeks to evolve observability by extending its reach to data and AI agents and infrastructure to drive what it calls agentic observability. The objective is to deliver unified observability to enable enterprises to demonstrate business impact and improve their ability to fix and prevent issues with AI agents. APM support for hybrid applications and business transactions in observability cloud is a key component.

Keynote announcements such as those about Data Fabric, Snowflake integration, Machine Data Lake, and the Time Series Foundational Model demonstrated that Splunk recognizes the importance to enterprises of improving digital resilience and compressing investigation and detection times. The timeline, however, on some of these releases is well into the future. Some features are scheduled for an alpha release in Feb. 2026, which will not sit well with some clients as competing platforms already deliver these offerings.

The importance of context across the enterprise was a consistent message from senior Splunk leadership. In reference to the Snowflake integration and supporting open formats, Kamal Hathi, SVP and GM of Splunk, stated that “it gives great business context for many of the operational use cases.”

AIOps and observability, which are increasingly dependent on agentic AI, can only achieve their objectives if they have full contextual awareness. Splunk appears to be in tune with this and is working to make these capabilities generally available starting in October but with some only being targeted for alpha releases in February of 2026.

Splunk Pushes Forward With Its Data Platform Enhancements

Overall, .conf demonstrated that Cisco is heavily focused on leveraging Splunk to support Data Fabric and its AI message while still backing Splunk’s open ecosystem message and large, engaged community. Now with the acquisition fully behind it, Splunk has the opportunity to turn up the pressure on competitors with the full backing of Cisco’s resources and experience.

Forrester clients can schedule an inquiry or guidance session to break down the security and observability announcements.

There is also an upcoming opportunity to connect with Forrester analysts (and your peers) in person: the Forrester Technology & Innovation Summit from November 2–5 or Security & Risk Summit from November 5–7. Both events are packed with visionary keynotes, informative breakout sessions, interactive workshops, insightful roundtables, and other special programs to help you master risk and conquer chaos. Join us in Austin, Texas — we can’t wait to see you there!