4 min read

10 years of Splunk and now Cisco

10 years of Splunk and now Cisco
Photo by Meghan Schiereck / Unsplash

On Thursday 21st of September 2023, one day after my birthday, Splunk announced it was merging with Cisco for a whopping something billion dollars of cash. This was something inevitable but it also happens to coincide with my 10 year anniversary of being a Splunk Certified Architect. Time to write something about both events.

Cisco loves Splunk

The last couple of years there was a lot of discussion in my Splunk inner-circle about the future of Splunk and it was not a positive one.

  • Splunk Enterprise is (still) a great product but it's development is stale for a couple of years now.
  • Splunk DSP never took off and I believe is not available anymore?!
  • Splunk ITSI was a great idea but all implementations I saw were left empty after several years because it took to much effort to built and maintain.
  • Splunk ES is still a great SIEM solution but I am not the expert on that so let's leave that out.
  • There acquision of SignalFX and there continued effort in OpenTelemetry is really great but what is the adoption of the full Suite?!

I still love Splunk. It has a special place in my heart. It launched my freelance business into orbit. I had an amazing opportunity to speak at .Conf17 in Washington. I have met a lot of really great people and learned a lot.

I do want Splunk to continue to succeed but what will happen now Cisco bought it?

  • Cisco already has Cisco Observability based on AppDynamics. Will SignalFX development come to a hold and/or merge?
  • Splunk Enterprise is an unique product so there should be and there is still a large market for this product.
  • However not investing in Splunk Enterprise and trying to squeeze money from it is not a great strategy. Yes I am looking at you HP/Micro Focus/OpenText!

My 2 cents below.

Cisco will merge Splunk Observability Suite (SignalFX) and Cisco Full-Stack Observability (Cisco FSO), formerly AppDynamics, into one product. I have some experience with AppDynamics and really liked the product. Haven't worked with it since the acquisition by Cisco and the rebranding into Cisco FSO but I assume most of it is still the same. I have some experience now working with the Splunk Observability Suite but too little of experience to be able to judge the product. I don't see a world where Cisco will leave both products as-is so one needs to merge into the other. The branding will remain Cisco FSO for sure. I think my bets would be on merging Splunk Observability Suite into Cisco FSO but keeping the stuff that Splunk was doing on the OpenTelemetry front in tact. Cisco invested in the Cisco FSO brand and they want to continue doing so and not do a full rebrand again.

Cisco has no alternative to Splunk Enterprise and a LOT of enterprise organizations use Splunk Enterprise as there SIEM or log analytics platform where Cisco devices play a large role. Therefore I think Cisco will rebrand Splunk Enterprise somewhere down the line into a Cisco product but that the core product will remain a separate product. I hope that they will also invest in the product!

For sure I will monitor the situation closely and I wish all the best to the great people within Splunk and it's ecosystem!

10 years of Splunk

Never ever I thought while signing-up for my Splunk Admin course in 2013 that I would still be working with Splunk in 2023.

I had a history working with the Mercury Interactive -> HP -> MicroFocus -> OpenText monitoring stack and already in 2013 the software was old. Can you imagine it is still being used by organizations today based on the same core? Mind blowing to me.

When I started freelancing in 2013 I knew I had to take care of my knowledge level myself and because I heard some rumblings about Splunk I decided to buy myself a Splunk Admin course with a Splunk partner. Soon after that course I started collaborating with that partner with organizations across the BeNeLux. Splunk took off like a rocket since that moment and the number of projects and job ads I got was very high.

In 2017 I signed up for a talk at .conf in Washington, the Splunk yearly conference, and was happy to see that talk approved. It was a great experience rehursing the talk and giving it for dozens of people. Working with Splunk people tuning my slidedeck and getting feedback from many people in the community was awesome.

My role as a Splunk developer, admin, architect, product owner took me to many large and small companies. They say it takes 10.000 hours to really get to know something and for Splunk it's no different. I can do Splunk while sleeping now and I know I can add a lot of value to all companies working with Splunk.

Because I was working with so many companies I also learned a lot about how to work with, and in IT teams, and how to make those teams succesful. This really helped me in my current role as Product Owner.

All I can say is Splunk, thank you! Thank you for all the things I learned and the things I have seen. I wish you all the best in the future. For sure I will keep playing with the software and will be watching all the things that will happen to you closely!