From Alert Fatigue to Operational Clarity: Turning Cisco Data Fabric Vision, powered by Splunk, into Agentic Operations Reality

Leadership Hanlin Fang

Key takeaways

  1. Cisco Data Fabric helps teams prepare data, context, and governance so AI agents can support faster and more informed operational decisions.
  2. Agentic operations focus on helping people work more efficiently by using AI to investigate, enrich, and prioritize information.
  3. Successful AI adoption depends on making data accessible, understandable, and trustworthy across security, IT, observability, and network environments.

I recently spoke at Cisco Live to introduce Cisco Data Fabric powered by the Splunk Platform and shared how Splunk and Cisco are turning the vision behind agentic operations into product delivery. Here I share the key points of my presentation.

Enterprise operations teams are entering a new phase of work. Security, IT, observability, and network teams have spent years being asked to do more with more telemetry, more alerts, more tools, more incidents, and more risk. The result is too much time spent searching, stitching, validating, and reconstructing context manually.

AI can change that equation, but not in a simplistic way that is often described.

Rather than replacing operators with autonomous agents, the goal is to give every operator a trusted team of agents working behind the scenes: reviewing telemetry, correlating signals, enriching findings, checking dependencies, and narrowing thousands of events into the handful that truly need human judgment.

That is the shift toward agentic operations, and it is the product direction behind the Cisco Data Fabric vision. In this operating model, analysts do not start the morning by opening ten dashboards and rebuilding the story from scratch. They start in a workspace where AI has prepared the evidence: what changed, which data was used, what action is recommended, and where human judgment is required.

Agentic operations are not automation for its own sake. It is about helping humans get to clarity faster.

From “Is This Noise?” to “How Much Does This Matter?”

The most important outcome is that an ambiguous signal becomes a clearly scoped incident with evidence, context, and a safer path to action.

A suspicious domain lookup becomes a recurring pattern. A recurring pattern becomes a host-level investigation with business and service context. The team is no longer stuck asking, “Is this signal or noise?” They ask: “How much does this matter? Who does it affect? What should we do now?”

For security leaders, this means faster triage and more consistent investigations. For ITOps, observability, and network teams, it means less time manually correlating signals and faster understanding of service impact. For executives, it means improving resilience and efficiency without adding operational complexity.

Why the Shift Is Happening Now

Several forces are converging to drive the urgency for this change

Operational data has expanded beyond what human-scale workflows can reasonably handle. Logs, metrics, traces, flows, events, configurations, vulnerabilities, service maps, and business metadata are growing across every environment.

The conditions teams respond to are moving faster. Threat actors are using automation and AI. Outages can propagate across cloud, application, network, identity, and security domains in minutes. The bottleneck comes from an understanding of enough context to act with confidence quickly.

Lastly, the workforce model is changing. The future will be human-agent collaboration: people setting goals, making critical decisions, and owning accountability, while agents perform repetitive investigation, enrichment, correlation, and first-pass analysis at scale.

The Hard Truth: AI Value Depends on the Data Foundation Underneath It

Many AI pilots look impressive in controlled environments. Far fewer change day-to-day operations in production. Enterprise AI fails by placing a general-purpose model on fragmented, poorly governed data and hoping for the best. It succeeds when the data foundation is ready for AI and delivered as part of the operational workflow.

Teams putting agents into production tend to get three things right.

  1. Make the right data accessible at the right time without forcing every dataset into one place. Agents and analysts need to reach across real-time data, historical data, federated sources, third-party systems, and external stores without unnecessary movement, duplication, or cost.
  2. Make the data understandable. Raw telemetry is not enough. An agent needs entities, relationships, schemas, metadata, and business relevance. It needs to know that a host supports an application, that the application supports a business service, and that the service affects customers, revenue, or critical operations.
  3. Build trust from day one. Production AI requires access control, auditability, lineage, policy boundaries, guardrails, and human approval paths. Without those, organizations may get an interesting prototype, but not a trusted operating model.

In short: successful teams create access, meaning, and trust. They make their data accessible, contextual, and governable for AI.

From the Cisco Data Fabric Vision to Agentic Operations

When I introduced the Cisco Data Fabric vision, the intent was not to describe another data platform in the abstract. Cisco Data Fabric, powered by the Splunk Platform, is the system of operational records and data intelligence layer underneath this agentic future.

At the data layer, data management helps unify access across Splunk indexes, Machine Data Lake, and federated sources. The right data is rarely in one place. It may be hot, historical, external, or federated across cloud, network, security, and observability systems. Analysts and agents should not have to care where data lives before asking the right question.

At the context layer, capabilities such as data catalog, knowledge graph, and business context make data understandable. This is how teams move from “I found a log” to “I found a service, tied to a host, tied to a region, tied to customer impact.”

At the action layer, AI capabilities turn data and context into operational workflows. Purpose-built models matter because operational data is not ordinary text; it is logs, traces, metrics, flows, anomalies, sequences, and time series. Agent Builder gives teams a practical way to create agentic workflows without becoming AI engineers.

MCP Server extends those workflows across systems through a governed interface, because real incidents rarely stay inside one tool. AI Canvas in Cisco Cloud Control provides the collaborative surface where humans and agents inspect telemetry, review evidence, understand blast radius, and decide what to do next.

Across all of it, trust and openness are critical. Governance must be built in. The architecture must work across the systems customers already have, rather than forcing teams into another closed island. That is how the CDF vision becomes product delivery.

Start With Readiness, Then Delivery

For executives, the takeaway is clear: do not start your AI strategy by asking, “What agent should we build?” Start by asking whether your data foundation is ready to support agents in production, then choose one high-value workflow where data, context, action, and governance are clear.

Can your teams access the right data across domains without creating unsustainable cost and complexity? Can your systems provide enough context for AI to reason over entities, dependencies, services, and business impact? Can analysts and agents move from detection to response? Can you govern AI workflows with the same rigor you apply to critical systems?

Agentic operations are not a someday vision. It is the next operating model for digital resilience, and Cisco Data Fabric is how we are turning that model into product reality. The winners will not be the organizations that experiment with most agents. They will be the organizations that prepare data, context, workflows, and governance so humans and agents can operate together with speed, trust, and accountability.

Related Articles

The Evolution of the SOC: Moving from Reactive to Agentic with Enterprise Security at RSAC 2026
Security
8 Minute Read

The Evolution of the SOC: Moving from Reactive to Agentic with Enterprise Security at RSAC 2026

Announcing a series of major advancements within Splunk Enterprise Security (ES) designed to further reinforce Splunk ES as the AI-Powered, SecOps platform.
CI/CD Detection Engineering: Failing, Part 3
Security
4 Minute Read

CI/CD Detection Engineering: Failing, Part 3

In part 3 of our now 4-part series, we walk you through how we failed to use CircleCI to continually test detentions!
Visualising a Space of JA3 Signatures With Splunk
Security
2 Minute Read

Visualising a Space of JA3 Signatures With Splunk

One common misconception about machine learning methodologies is that they can completely remove the need for humans to understand the data they are working with. In reality, it can often place a greater burden on an analyst or engineer to ensure that their data meets the requirements, cleanliness and standardization assumed by the methodologies used. However, when the complexity of the data becomes significant, how is a human supposed to keep up? One methodology is to use ML to find ways to keep a human in the loop!