By AI agents are executing tasks autonomously, accessing resources, writing code, and generating telemetry continuously. Enterprises that built their observability and security stacks around centralized ingestion are now facing runaway costs, governance gaps, and blind spots across distributed infrastructure. The problem compounds when agents interact with systems across hybrid, sovereign, and multi-cloud environments where data cannot always move to a central store.
In this interview on TFiR, Mangesh Pimpalkhare, Senior Vice President and General Manager of Splunk Platform at Cisco, walks through how Cisco Cloud Control, Cisco Data Fabric powered by Splunk, the Splunk Machine Data Lake, and the Galileo acquisition work together to give enterprises federated analytics, agentic observability, and governance controls across the full AI agent lifecycle.
Guest: Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform at Cisco Splunk
Show: TFiR
Here is what every platform engineer, security architect, and AI infrastructure team needs to know.
Technical Deep Dive
Q: What is Cisco Cloud Control and what problem does it solve for enterprises managing multiple Cisco products?
Mangesh Pimpalkhare, Senior Vice President and General Manager of Splunk Platform at Cisco, describes Cisco Cloud Control as a common management layer across all Cisco products that allows customers to control every product from a single interface. It enables unified troubleshooting of networking and infrastructure from one location and directly supports agentic security and observability use cases. The announcement was a headline release at Cisco Live 2026.
“You can think of Cisco Cloud Control as a common management layer around all Cisco products. It allows customers to control all the products from one single interface.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: What role does Cisco Data Fabric play within Cisco Cloud Control?
Cisco Data Fabric is powered by Splunk and functions as the underlying data platform that enables all Cisco Cloud Control use cases to operate. It brings cross-domain telemetry into play, making it the connective layer for security, observability, and AI-driven workloads. Pimpalkhare positions Splunk as critical infrastructure not just for security and observability independently, but as the data foundation beneath all of them.
“Cisco Data Fabric is really powered by Splunk. It is the data platform that allows all these use cases to light up because of the cross-domain telemetry that comes into play.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: Why did Splunk move away from centralized data ingestion and what does the new federated architecture look like?
Pimpalkhare explains that Splunk’s historical approach of centralizing all data in one place is no longer viable given the volume of data AI agents generate. The new architecture allows customers to keep data in the lowest appropriate data tier based on the use case, while bringing Splunk’s analytics capabilities to the data wherever it resides. The result is faster insights at machine speed at a fraction of the cost compared to full ingestion.
“Instead of centralizing all the data in one place, we enable customers to keep data in the lowest data tier, depending on the use cases they are trying to solve, and take the power of Splunk to all the data wherever it is.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How does the Splunk Machine Data Lake work and how is it different from a traditional data lake?
Pimpalkhare describes the Splunk Machine Data Lake as a turnkey solution that functions as a unified catalog telling customers exactly where all their machine data lives across distributed locations. It does not require all data to land in a single central location and integrates with third-party platforms including Snowflake, Databricks, and hyperscaler storage tiers. The Machine Data Lake manages the decision of what data stays in raw form and what gets promoted to a high-efficiency format for security, observability, or AI model consumption.
“The Machine Data Lake is a unified catalog which tells customers exactly where all the machine data is living, whether that is in distributed locations, with Snowflake, Databricks, or other hyperscaler stores.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How did Autodesk reduce infrastructure costs by 30% using Splunk?
Pimpalkhare cites Autodesk as a customer example where long-tail data with low signal value was moved off Splunk’s primary platform and onto a data lake. Using Splunk’s data management capabilities, federated analytics, and the Machine Data Lake, Autodesk achieved close to a 30% cost reduction while continuing to support AI-first use cases. The approach avoids ingesting all data indiscriminately and instead applies tiered storage based on the signal value of the data.
“Autodesk was able to keep long-tail data on a data lake and, using Splunk’s federated analytics and machine data lake, achieve close to a 30% cost reduction while driving AI-first use cases.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How do AI agents use MCP servers and domain-specific models to detect anomalies proactively?
Pimpalkhare explains that AI agents use large language models alongside domain-specific models and interact with external tools and subsystems through MCP servers as an interface layer. Rather than waiting for incidents to be reported, agents proactively scan for anomalous behavior across security, infrastructure, and application performance layers. For this to work effectively, the agents require operational ground truth data that is current to the minute, which is where the Splunk platform serves as the foundation.
“None of the AI models are going to be able to pinpoint an anomaly unless they have up-to-the-minute information on what is happening in your network, your infrastructure, and your app layer.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: What does end-to-end agentic observability look like and what specific lifecycle stages need to be monitored?
Pimpalkhare breaks down the agentic lifecycle into distinct stages that all require observability: agents generating new code, agents completing tasks autonomously, agents accessing external resources, and agents producing measurable business outcomes. Each stage must be monitored both for performance and for cost, including token consumption. Splunk Observability covers the runtime performance layer, while the Galileo acquisition adds agent evaluation and behavioral guardrail capabilities to the earlier lifecycle stages.
“For enterprises to trust agents, they need to make sure they set up the right guardrails and ensure all elements of the agent lifecycle are observable.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: What does Cisco’s Galileo acquisition add to Splunk’s agentic observability capabilities?
Galileo is a company Cisco acquired that specializes in evaluation of AI agents and the setup of guardrails on agentic behavior. Pimpalkhare positions Galileo as covering the early stages of the agent lifecycle, specifically how agents are performing before they act, complementing Splunk Observability’s runtime and cost monitoring capabilities. Together they form Cisco’s end-to-end agentic observability approach.
“We acquired a company called Galileo. They are into evaluation of agents and they also help set up guardrails on agentic behavior.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How does Cisco protect AI agents from malicious prompt injection and external threats?
Pimpalkhare describes a two-directional security model. The first direction protects agents from the environment, specifically from malicious actors attempting to inject bad prompts or corrupted information into models. Cisco AI Defense is the specific portfolio capability that addresses this. The Splunk platform works closely with AI Defense to provide the data layer supporting these protections.
“We have specific capabilities in the Cisco portfolio like AI Defense, and the Splunk portfolio works very closely with these pieces to make sure we protect the agents from malicious activity.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How does Cisco govern AI agents that act outside their intended scope or access unauthorized resources?
The second direction in Cisco’s security model protects the environment from unsanctioned agent activity, covering scenarios where an agent gains incorrect access or executes an action it should not perform. Pimpalkhare explains that Splunk Security combined with Cisco security control elements work together to provide this governance layer. This combination is designed to catch unauthorized agent behavior before it propagates across systems.
“We think of protecting the world around you from agentic activity that was not sanctioned. This is where the combination of Splunk Security and security control elements from Cisco come into play.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How does Cisco support AI sovereignty requirements for enterprises in regulated regions like Europe?
Pimpalkhare points to Cisco’s existing footprint across on-premises deployments, sovereign cloud environments, and hyperscaler cloud platforms as a structural advantage. Splunk mirrors this pattern with analytics solutions available in both customer-managed and SaaS configurations. As Cisco Data Fabric and Cisco Cloud Control come together, the go-to-market approach explicitly includes managed service providers, sovereign clouds, and Neo clouds as routes to market alongside direct customers.
“Cisco always had a footprint in on-premises solutions, sovereign cloud solutions, and hyperscalers. Splunk very much has had the same pattern, and we are keeping our eyes on the opportunity through managed service providers, sovereign clouds, and Neo clouds.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Q: How has the Splunk integration within Cisco evolved since the acquisition two years ago?
Pimpalkhare reflects on attending Cisco Live for three consecutive years since the Splunk acquisition completed approximately two years ago. He describes the energy at Cisco Live as compounding each year, with the World of Solutions floor showing a growing ecosystem of Cisco products, partners, and customers. The observation signals that the integration is deepening commercially as well as technically, with Splunk now embedded into the core Cisco Cloud Control architecture rather than operating as a standalone product.
“Every single year you can just see the energy compounding on itself. The ecosystem and the synergy out here are tremendous.” — Mangesh Pimpalkhare, Senior Vice President and General Manager, Splunk Platform, Cisco
Resources and Documentation
- Splunk Platform, unified security and observability platform with federated analytics and Machine Data Lake capabilities
- Cisco Cloud Control, common management layer across Cisco products enabling agentic security and observability
- Cisco AI Defense, protection layer for AI agents against malicious prompt injection and external threats
- Snowflake, cloud data platform integrated with Splunk Machine Data Lake for distributed data storage
- Databricks, data and AI platform integrated with Splunk Machine Data Lake for federated analytics
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: Hi, this is Swapnil Bhartiya and we are here at Cisco Live and today we have with us Mangesh Pimpalkhare, Senior Vice President and General Manager of Splunk Platform at Cisco. First of all, Mangesh, great to have you on the show.
Mangesh Pimpalkhare: Great to be here Swapnil, thanks for the opportunity.
Swapnil Bhartiya: No, it’s my pleasure. And of course, if you look at the show floor, awesome show, great attendance. Before we get started, before I start asking you a lot of questions, I want to hear from you, from your perspective, of course, Splunk now part of Cisco, what kind of vibe you are seeing here at the conference. Energy and the queries and portions and discussions.
Mangesh Pimpalkhare: Yeah, it’s fantastic to be here Swapnil. So I’ve been at Cisco Live now for the third year in a row. We completed this Splunk acquisition about two years ago and every single year you can just see the energy compounding on itself. And you can see here, in fact, it’s pretty loud here in case you can pick up some of the buzz. We are here at the World of Solutions, which is really an incredibly rich community of not just what Cisco is showing off in terms of its products and capabilities, but our partners, some of our customers. And you see the tremendous ecosystem and the synergy out here.
Swapnil Bhartiya: Excellent. Now let’s talk about some of the announcements you folks made, so even we had to go through all that story. Let’s talk about Data Fabric for example, talk a bit about the announcement. And if you look at the new Data Fabric, what problem is it solving that Splunk Data Fabric was not solving for customers.
Mangesh Pimpalkhare: Swapnil, we just came out from G2 Patel’s keynote and everybody just heard the announcement about Cisco Cloud Control and that is the big highlight announcement of this Cisco Live. And if you look at the big momentum in the AI space and what’s happening in the industry, you can think of customers solving a range of problems, infrastructure. And then of course they are worried about agentic security and making sure everything is observable. And then of course customers ultimately want the right governance and observability around these systems and drive the business outcomes. So if you look at Cisco Cloud Control, you can think of that as a common management layer around all of Cisco products and it allows customers to control all the products from one single interface and then also lead to other exciting capabilities such as troubleshoot all their networking or infrastructure from one location and also empower the agentic security and observability that I was talking about. And Cisco Data Fabric that you asked about is really powered by Splunk. It is the data platform that allows all these use cases to light up because of the cross domain telemetry that comes into play. So that’s where Splunk plays a very critical role in not just security and observability, but the underlying data platform.
Swapnil Bhartiya: These days, whether we are using agentic AI or this AI driven world where data ingestion is also critical and keeping data in one place versus federated ingesting everything, because that can become a challenge for customers. So how are you folks making that easy also through this approach of keeping data in one place?
Mangesh Pimpalkhare: Yeah, that’s a really important aspect of our direction going forward. And I’m really excited about this because for a long time Splunk had a very centralized approach of ingesting all the data. And then of course we have extremely powerful analytic capabilities. But Swapnil, as you know, as you look at AI agents, they are extremely prolific and the data growth is just exploding, making it very difficult for customers to keep up with that kind of explosion in data and complexity. And what Splunk has done is completely changed its architecture. And now instead of centralizing all the data in one place, we enable customers to keep data in the lowest data tier, depending on the use cases they are trying to solve. And then we enable them to take the power of Splunk to all the data wherever it is. And what this does for customers is ultimately drives fast value and insights at machine speed, but at a fraction of the cost.
Swapnil Bhartiya: Cost is becoming a big topic these days. And can you talk about how are you helping customers tame the cost. And when we talk about AI, it is a big topic. So I also want to talk about the MCP server. How is it solving the problem and how are you helping customers with cost?
Mangesh Pimpalkhare: Absolutely. So I’ll start with the second part of your question. You can think of agents as automatically looking and scanning for problems. So instead of being reactive, the agents can be proactive in looking at anomalous behaviors, whether it’s a security problem or whether it’s an infrastructure downtime problem or an application performance problem. And these agents use large language models, but they also use domain specific models. They use the MCP servers as an interface to go interact with other tools and other subsystems to then put together all these answers together in trying to proactively predict and find anomalies. So that’s how the whole solution works. But underlying all this solution, it’s very critical to have the operational ground truths, because none of the AI models are going to be able to pinpoint an anomaly unless they have up to the second, up to the minute information on what’s happening in your network, what’s happening in your infrastructure, what’s happening at the app layer. And to do this effectively, this is where the Splunk platform comes in. And this is where you asked about cost. The way I’ll give you a customer example. So Autodesk, which is one of our customers, was able to keep long tail data, which often doesn’t have a lot of useful signal. They were able to keep that on a data lake. And then using Splunk’s capabilities for the data management and the federated analytics and the machine data lake, they were able to get close to a 30% cost reduction while driving the kind of AI first use cases that we talked about.
Swapnil Bhartiya: Excellent. Can you talk about the Splunk Machine Data Lake because it is also there, so how is that different from what customers usually think about when they hear data lake? And I don’t want to get into the whole data lake data warehouse discussion, but talk about that, because what you folks are doing is solving a lot of problems that we usually don’t talk about.
Mangesh Pimpalkhare: Exactly. So let me walk you through it. The Machine Data Lake, you can think of it as a turnkey solution that ultimately gives customers the best data strategy for the use cases they’re driving. And what I mean by that is customers now don’t have to worry where to keep the data in its raw form or what data they need to promote into a highly efficient format to drive the insights for security or observability, or feeding it to the AI models for agents to light up anomalies. The way we do that is we look at data right from the source and Machine Data Lake then becomes a unified, easy way for customers to land all their data. But the critical part here is it does not have to all land in one central location. It can stay in a distributed set of locations. So Swapnil, we very much work with other partners, Snowflake, Databricks, other hyperscaler stores. We work with all of them. And the Machine Data Lake, think of that as a unified catalog which tells customers exactly where all the machine data is living.
Swapnil Bhartiya: Excellent. Thank you. One more topic these days, which is especially in the AI era, is observability and monitoring. What is going on there? And of course when we talk about agentic AI, it generates a lot of telemetry data itself. How does this platform handle all that machine data to also help monitor? Because you have to also keep an eye on performance, cost, and of course governance can become a big topic. So talk about that aspect, the observability aspect as well of the whole cloud.
Mangesh Pimpalkhare: Absolutely. That is a very important fast moving area in the enterprise because enterprises are experimenting with agents and for enterprises to trust agents, they need to make sure they set up the right guardrails and to make sure all elements of the agent lifecycle are observable. So what I mean here by the full lifecycle, think of agents creating new code. Think of agents coming in and completing tasks on your behalf. Think of agents then getting access to other resources. You want to make sure that each one of these activities is really monitored and observable. And then of course, last but not the least, you want to make sure you’re driving those outcomes that you care about, while of course managing your costs. So we think of agentic observability in an end to end fashion. The first part of the lifecycle where we are observing how agents are performing, this is helped by a solution from a company we just acquired called Galileo and they are into evaluation of agents and they also help set up guardrails on agentic behavior. And then of course a lot of other observability capabilities on the tokens and how many tokens you are consuming and what it’s costing you to drive all the outcomes that you care about, all that comes through Splunk Observability as well.
Swapnil Bhartiya: Since you mentioned governance and of course Cisco operates globally, these days we are hearing a lot about AI sovereignty. It is becoming very relevant with new clouds in Europe, CRA and a lot of other things coming in. With agents, of course, now agents are not just giving you information, they are becoming kind of employees, they are executing actions. So governance becomes even more important. So what kind of capabilities is this cloud giving to customers so not only they have visibility into what’s going on, but they should be able to do something about it. They should also be able to control the agents. Can you talk about the governance part?
Mangesh Pimpalkhare: You’re right that it all starts with visibility, but ultimately you also need to worry about security and putting in the right guardrails. And we think about it in a couple of ways. So we think about protecting first of all the agents from the environment from any kind of malicious activity. An example of that is malicious actors trying to put the wrong kind of prompts or information into the models. So we have specific capabilities in the Cisco portfolio like AI Defense. And the Splunk portfolio works very closely with these pieces to make sure we protect the agents from malicious activity. We also think of the reverse, which is protecting the world around you from agentic activity that was not sanctioned. So think of an agent getting wrong access to something it should not, or taking an action where it should not. And this is where the combination of Splunk Security and then a lot of security control elements from Cisco come into play and work with each other to provide that governance. So you talked about sovereignty Swapnil and one of the big advantages that Cisco always had is it had a footprint in on-premises solutions, sovereign cloud solutions, hyperscalers on the cloud, and Splunk very much has had the same pattern. We have our analytics solution working both in customer managed solutions as well as SaaS solutions on the cloud. And as we bring the Cisco Data Fabric and Cisco Cloud Control together, we are very much keeping our eyes on the opportunity, not just with direct customers, but through managed service providers, through sovereign clouds, through Neo clouds, through all these routes to the market.
Swapnil Bhartiya: Mangesh, thank you so much for joining me and not only walking us through all the announcements, but also how Splunk and Cisco are solving some of the very serious, critical problems for customers. So thank you for sharing your insights and I would love to have you back on the show. Thank you.
Mangesh Pimpalkhare: It’s been a pleasure. Thanks for having me Swapnil.
