Splunk and the Observability Slamdunk!

What makes bats, dogs and cats different from humans? In fact, let’s make the question specific. What makes them able to see things in a pitch dark room, smell something 12 miles away and differentiate among several kinds of scents in a jiffy? Ultrasonic sound frequencies, Jacobson’s organ, an intelligent nose – somehow these creatures do better than our limited-capacity eyes and ears! Humans – the smart ones- use these friends because we know our constraints of sight and sound. IT folks- again the smart ones- use the tough combination of a dog-sharp nose, ultrasonic ears and dark-room vision goggles that Observability’s edge gives. But is Observability losing its edge (due to noise fatigue, fragmentation, AI, high costs, security threats, reaction reflexes and new blind spots) or gaining some (due to AI, federation, unification, and automation? We sat across Robert Pizzari, Group Vice President of Asia, Splunk a few days back and spelunked down this cave. Follow us to see what we saw.

We are happy about Cisco Data Fabric introduced recently-it helps to solve the visibility issue for IT infrastructure that gets challenging to troubleshoot issues as it is in multiple siloes.

How is Splunk doing in the new era with AI stalactites, LLM stalagmites and post-the-Cisco-handshake turn?

The name and concept of our company goes back 20 years or so- it was all about helping people find issues in IT early on by monitoring databases, applications and systems. Troubleshooting would take a lot of time when a user raised a ticket if data collection, ingestion and visibility were absent. We have been providing those eyes and capabilities to enterprises. Merging with a world-class company like Cisco has been a new exploration. Since the acquisition, Cisco has been fuelling innovation and growth. Splunk is strategic to Cisco as it brings visibility. And yes, pretty soon, we would be interacting with Bots in various parts of our work and lives. Visibility and security needs make it imperative that we look at Observability seriously and with fresh eyes. We are happy about Cisco Data Fabric introduced recently- it helps to solve the visibility issue for IT infrastructure that gets challenging to troubleshoot issues as it is in multiple siloes. We have also announced a ‘Federated approach’ and AI Canvas along with new strides in agentic observability and AI agent monitoring.

Now that data volumes are growing at a rapid pace and in all directions, federated approaches give Splunk the power to help customers search from anywhere across their IT footprints.

Let’s double-click on the word ‘federated’. Is it a new path specially after Splunk leaning on a ‘centralised’ approach for long?

Our concept was based on – what is the data that we are ingesting. And also on its frequency, the needs of its storage-time, and the propensity of its reuse. We added time-value of data and gave the power of visibility and data value. Our initial philosophy was that everything should be in Splunk. We were giving value to customers as top 5 areas but some of them found this useful yet, costly. We made a pivot from an ingesting-mode to a workload-context mode. We also aligned with data storage shifts. Now that data volumes are growing at a rapid pace and in all directions, federated approaches give Splunk the power to help customers search from anywhere across their IT footprints. Irrespective of where it sits, we can have any data in our end-to-end monitoring span. We took a financial hit with some of these shifts but it has kept customers happy and loyal. With Federated Search, organisations in India can manage and query machine data without forcing wholesale migration to a central monolith. This reduces migration risk / cost, enables local processing (for latency / compliance), yet still provides unified visibility.

Some organisations want to simplify operations and some want to go hybrid. We have a flexible architecture now that can do both. Our open system approach and technologies across many organisations help us serve our customers- no matter what vendor they use. As long as it is machine data, we can provide observability.

You have always underlined the standards-based approach- with telemetry and OCSF (Open Cybersecurity Schema Framework). Does that give any advantage or challenge?

We work as per the customer’s demand. Not all vendors are open to these standards. Some are. We have always stood by open telemetry standards. It is an industry movement and helps to stop vendor lock-ins. It is also a market demand. It provides stability when companies pivot in and out of technologies.

After working on machine data for so long, does the human-data dominance in LLMs prove a new challenge?

Our heritage is machine data. Queries and analytics in Splunk have mostly been on machine data. But GPUs, training workloads, data pipelines are opening up doors to reliability and performance. We stress on end-to-end monitoring defined by reliability and performance.

What makes India market interesting to you?

As India enters the next phase of Digital India, digital infrastructure expands and AI adoption is accelerating (30 per cent of Indian organisations have adopted AI as opposed to 26 per cent globally), businesses face growing challenges in regulations, compliance, cybersecurity and connectivity. India is the perfect market for Splunk to grow and support organisations to tackle these challenges head-on. It solidifies the significance of its agentic AI product offerings at a time when investments in data centres, cloud, IT, and data-driven technologies are surging. Cisco has been a long-time investor in India and is one of the top markets for Cisco.

Enterprises today are drowning in dashboards. The average organisation uses over 20 different observability tools, and nearly 60 per cent with alert fatigue.

What are your views on AI-Native observability offerings? How does Splunk evolve towards/address these new directions?

Observability remains a cornerstone for organisations striving for digital resilience in an increasingly complex ecosystem. It enables teams to monitor, trace, and analyse the health and performance of applications, infrastructure, and services, ensuring reliability, superior user experiences, and business continuity. As hybrid clouds, distributed systems, and AI-driven workloads redefine the digital landscape, the role of observability has expanded. It is no longer about collecting telemetry but about interpreting complex, fast-changing environments, correlating performance with business outcomes, and enabling teams to act in real time.

The evolution toward AI-native observability is a natural progression. Modern systems demand automation, anomaly detection, and root-cause analysis that go beyond traditional monitoring. Splunk is leading this transformation by embedding intelligence and automation across its observability platform, turning siloed telemetry into unified, AI-ready intelligence that connects business, operational, and machine data. By doing so, Splunk is enabling organisations to move from reactive monitoring to proactive, predictive, business-outcome-centric observability - empowering organisations to turn data into decisive action and drive meaningful results.

Is Observability easily translating into effective cybersecurity? Why or why not? What are CISOs and players doing/not doing right?

Observability and cybersecurity can no longer operate in silos. Yet many still do. Our latest State of Observability research shows that while 73 per cent of observability leaders improved ‘mean time to resolve’ incidents after unifying security and observability workflows, most organisations continue to juggle fragmented tools and data silos that limit visibility and delay response. Leaders who unify workflows across SecOps, ITOps, and engineering are able to identify issues and troubleshoot faster.

The key is collaboration. When CISOs collaborate directly with IT, engineering, and data teams, they can showcase the business value of cybersecurity as an enabler of system uptime, product innovations, and data privacy and trust, not just a cost centre. Effective cybersecurity begins with unified observability, where performance, security, and resilience converge.

Any thoughts on some customer concerns around tool sprawl, too much alert noise, and a lot of fragmentation when it comes to observability?

Enterprises today are drowning in dashboards. The average organisation uses over 20 different observability tools, and nearly 60 per cent with alert fatigue. Tool sprawl, data silos, and too much noise are slowing teams down instead of driving resilience.

The way forward is to look at observability holistically and that is -- full-stack, end-to-end, and in real time with security built in. Leading organisations are already converging observability and security workflows, improving mean-time-to-resolve by over 70 per cent. AI and telemetry management can now filter redundant signals, correlate issues automatically, and turn data noise into actionable intelligence.

The goal isn’t to add another tool, but to build a unified, intelligent observability layer that helps teams see everything, respond faster, and innovate with confidence.

pratimah@cybermedia.co.in