heise PlusAbo
Anzeige

Cisco and Splunk tackle artificial intelligence and machine data processing

With a new data fabric architecture and a specialized foundation model, Cisco aims to simplify machine data processing with Splunk.

listen Print view
CISCO sign in front of the headquarters in Silicon Valley

(Image: Sundry Photography/Shutterstock.com)

3 min. read
iX Magazin
By
  • Vincent Rittner
Contents

Cisco subsidiary Splunk unveiled a new decentralized data architecture at its .conf25 conference in Boston: Cisco Data Fabric. It is designed to help facilitate the handling of growing volumes of machine data. The architecture is open and can consolidate data from edge, cloud, and hybrid environments. This allows data streams to be analyzed in real time and converted into usable information without first having to be centralized. This should lead to lower costs, lower latencies, and less complexity. It should also make decentralized data available for further AI processing.

Foundation model for time series

To this end, the manufacturer announced a series of integrated AI models. These include a Time Series Foundation Model (TSFM) specifically designed for time series, which is intended to be able to communicate with machine data, explained Jeetu Patel, President and Chief Product Officer at Cisco. It was trained using a mixture of internal Cisco service data, specific protocols, and industry-specific and publicly available data. The TSFM is designed to recognize patterns, correlations, and cause-and-effect chains in various logs and telemetry data and support use cases such as anomaly detection, predictions, and automated root cause analysis. While the Data Fabric is now available in Splunk, the TSFM is not scheduled to be released on Hugging Face until November 2025. Thanks to its database and architecture, it promises high precision and adaptability.

Extended federation

At the same time, Splunk is expanding Federated Search, which allows operational and business data to be connected, queried, and combined across different environments. In addition to already available data sources such as Amazon S3, Apache Iceberg, Delta Lake, Snowflake, and Microsoft Azure are also set to be added in the course of 2026. In addition, Federated Search has already been expanded to include Cisco firewall data, enabling security analyses to be performed directly from the Splunk Cloud Platform. In line with this, Cisco announced that feeding firewall logs from Cisco firewalls into Splunk is now free of charge.

Videos by heise

Agent-based automation

Cisco is also expanding its AI agent offerings in the areas of security and observability. The focus is on two new editions for Splunk Enterprise Security. Splunk Enterprise Security Essentials Edition now combines Splunk Enterprise Security 8.2 and Splunk AI Assistant and is available worldwide. Splunk Enterprise Security Premier Edition also includes Splunk SOAR and Splunk UEBA and is currently in the early access program. Most recently, Splunk also introduced a series of specialized AI agents designed to automate triage, malware analysis, playbook creation, and personalized detection rules. These are expected to be available early next year.

(mki)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten