Splunk and Cisco Use Cases
Splunk and Cisco together help organizations monitor, secure, and optimize complex digital environments by combining Splunk's strength in analytics, observability, and security with Cisco's leadership in networking, infrastructure, and security. This page brings together our joint use cases by the primary outcomes they support, so you can more quickly find the guidance most relevant to your goals — from cross-domain network visibility and application troubleshooting to security operations, data onboarding, platform operations, and industry-specific use cases.
Looking for Cisco use cases by product line? Click here to see our data source descriptor page for Cisco.
Correlate network domains
ITOps teams need complete visibility into the health of owned and unowned networks, infrastructure, and applications, with a single place to view related alerts and investigate issues faster. By grouping and enriching alerts, teams can reduce noise, quickly identify affected domains, and use directed troubleshooting to respond to incidents more efficiently.
- Monitoring facilities with differing applications
- Monitoring ingress and egress traffic across Operational Technology perimeters
- Monitoring Cisco switches, routers, WLAN controllers and access points
- Assuring enterprise WAN services with Splunk software
- Providing real-time assurance for MPLS-to-SRv6 transitions
- Operating Meraki branch networks at scale
- Monitoring MPLS backbone infrastructure in real time
- Managing Cisco IOS devices
- Creating cross-domain visibility in campus infrastructure
- Sharing information in a global operation
Pinpoint network impact on app performance
Teams need unified, real-time visibility across applications, infrastructure, and every network their digital experience depends on. By quickly pinpointing and resolving issues — whether they originate in the code, the cloud, or anywhere along the network path — teams can ensure seamless collaboration, faster resolution, and consistently reliable digital experiences that support both users and business success.
Security, identity, and compliance
Security teams can combine Splunk analytics with Cisco network, identity, and firewall telemetry to detect threats faster, manage identity risk, reduce unnecessary data volume, and support investigative and compliance workflows.
- Integrating Cisco Secure Network Analytics with Enterprise Security and RBA
- Managing identity risk with Enterprise Security and Cisco Identity Intelligence
- Reducing PAN and Cisco security firewall logs with Splunk Edge Processor
- Reducing Cisco ASA data volumes with Edge Processor and Ingest Processor
- Processing DMCA notices
Data onboarding and platform operations
These use cases focus on the foundational work that makes broader outcomes possible: collecting and shaping telemetry, reducing and enriching data, managing operational environments, integrating notifications into team workflows, and using advanced platform capabilities to support analysis.
- Monitoring Cisco network devices using gRPC
- Deploying and managing your Splunk POD environment
- Sending Splunk Observability Cloud alerts to a Webex space
- Using in-stream aggregation to manage event storms and reduce data volume
- Using federated search for Amazon S3 to filter, enrich, and retrieve data
- Using the Cisco Time Series Model 1.0 on DSDL 5.2.3
Industry, IoT, and specialized use cases
These use cases focus on physical environments, industry-specific operations, IoT and OT telemetry, and other specialized scenarios.
- Creating cross-domain visibility in campus infrastructure
- Gaining insight about in-store retail customers
- Monitoring common Operational Technology protocol ports
- Monitoring and logging MQTT topic messages using Eclipse Mosquitto
- Monitoring facilities with differing applications
- Monitoring ingress and egress traffic across Operational Technology perimeters