Review of the 2024 Splunk Conference (or – is Cisco going to mess up Splunk)

Jun 18, 2024 10:56:19 AM

Fresh off a week at the Splunk conference (called .conf24), I want to share a few insights about my time at the show.

The Elephant in the Room: The first and top question on everyone’s mind – and I mean EVERYONE – is, “How is the Cisco acquisition of Splunk going to impact Splunk?” This question was front and center in every keynote, every executive briefing, and every one-on-one that I had at the conference. It was also a very candid and top-of-mind topic for those on the show floor. The simple answer is that we don’t know yet, but things are looking good. If you’d asked me the day after I heard the announcement, I would have had a not-so-positive reaction. Now, after spending a week with the Splunkers and – more importantly – those who make up the Splunk community of fanatics, I am much more hopeful that the “secret sauce” that makes Splunk Splunk is going to survive (and likely thrive).


One of the comments that came from Gary Steele – Splunk’s former CEO and now President, Go-to-Market at Cisco & GM, Splunk – is that exactly one person at Splunk had a title change: him. His interaction with Chuck Robbins (Cisco’s Chair and CEO) is genuinely complementary. Several anonymous Splunkers that I talked to shared that Chuck and Gary have a true bromace, and there is plenty of evidence of this. Chuck even wore jeans and a hoodie for his keynote (another respected analyst noted that the “dress code at .conf24 is very different from Cisco Live. Lol.”). I share this not to make headway as an entertainment and fashion reporter, but to show that .conf24 was about as normal as you can expect and did a lot to ease many people’s nerves.

One last thought on that account: during his keynote with Gary, Chuck stated, “Our goal is to not screw anything up with Splunk.” It was met with THUNDEROUS applause!

Time will tell, but if there was a single takeaway from the conference, it is that Splunk is alive and well.

Splunk – the perfect use case for all things AI: Moving past that elephant, Splunk continues to innovate. I had multiple opportunities to chat and listen to Tom Casey, SVP & GM, Products & Technology, about their direction. As you might imagine, Splunk will invest heavily in AI…not to participate in the marketing buzzword bingo, but because using AI in observability and orchestration might be the ideal use case. Tom introduced me to Hao Yang, the new Head of AI for Splunk, before a panel conversation dedicated to AI. If they can nail their use cases (and the use cases that they shared look very promising), this will be a significant game-changer for Splunk.


I can also share that Splunk (as always) is extremely attuned to their community (more on that in a minute). But many of their use cases have come and will come from their community members using the product and providing feedback. Yes, I know that plenty of companies claim to listen to their community for features and advancements, but few work directly with their customers the way Splunk does. I know for a fact that the Splunk Trust is providing AI use cases and feedback, and many of those will likely be implemented. I shared a few myself on using AI to evaluate regulatory controls and report generation.

The Splunk Community: I really wanted to chat with those on the show floor about their feelings on Splunk. Is the Cisco acquisition still freaking them out? Is Splunk moving in the right direction? The answers were positive – extremely positive. In fact, much more positive than I would have imagined. Like any big acquisition of another big company, there is always trepidation about the motivation for it all: yes, numbers and math are always involved, but sometimes it is a people grab, sometimes it is a technology play, sometimes it is a market play. In the case of the Cisco/Splunk deal, it is likely a play to strengthen Cisco’s stance as a security leader, and will extend Cisco’s reach to open markets to Splunk that may not have been available previously. But how does this impact the community? The simple answer is that it does not. The community will remain the same. The Splunk conference will not be wrapped up into the Cisco conference, though both companies will have a presence at each. There will be sales advantages on both sides, and the biggest change so far is that the Splunk sales team and the Cisco sales teams are visiting customers together already (as you might expect). But the access that the community currently enjoys, the impact that they have on support, and the zeal that they have for all things Splunk will not be diminished.

SURGe Minicon: I have to mention that I was allowed to moderate a panel as part of the SURGe Minicon (think of it as a separate track of training and events as part of the larger conference). The Splunk SURGe team is made up of some of the industry’s finest security researchers, and they have a single mission: improve security for everyone. I love the SURGe group and can only hope that more companies figure out a way to implement a program like SURGe to give back to the community. I was honored to be able to participate, and will be more than happy to do so again in the future.

In closing, Splunk .conf24 was outstanding. Even the oppressive heat of Vegas (it was 111 degrees Fahrenheit one of the days during the conference) couldn’t put a damper on the festivities. Lastly, MASSIVE shoutout to the Splunk AR team: Joely, Sophie, Rachel, Morgan, Ruth, and Christine are some of the best AR leaders that I know. It was a great to be able to see them all again and the conversations I had with them were outstanding!

Looking forward to .conf25!

Chris Steffen

Written by Chris Steffen

Christopher Steffen, CISSP, CISA, is the vice president of research at EMA, covering information security, risk, and compliance management. Before EMA, he served as the CIO for a financial services firm, focusing on FedRAMP compliance and security. He has also served in executive and leadership roles in numerous industry verticals. Steffen has presented at numerous industry conferences and has been interviewed by multiple online and print media sources. Steffen holds over a dozen technical certifications, including CISSP and CISA.

  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts