Mega acquisition spree continues in the Observability space

This time it is the blockbuster deal in which Cisco is buying Splunk for $28B in cash. While the numbers look eye-popping at first glance, Splunk is bringing in significant revenue at $4B ARR - the purchase price is only 7 times ARR.

These were the other acquisitions in the observability front in 2023 alone:

👉 Feb 9, 2023 - Francisco Partners acquires Sumo Logic for $1.7 B in an all-cash transaction.

👉 Mar 20, 2023 - HPE acquires OpsRamp.

👉 Jul 19, 2023 - Dell acquires Moogsoft.

👉 Sep 14, 2023 - Francisco Partners acquires New Relic for $6.5 B in an all-cash transaction.

Here is Constellation Research's take on this news:

âś… The first thought that comes to mind is that this deal is a very natural fit. Cisco entered the observability race with its acquisition of AppDynamics and ThousandEyes and has been trying to build the full stack observability (FSO) platform for a while. Adding Splunk to this mix brings true full-stack observability capabilities between APM, DEM, Logs, other observability capabilities, and SIEM, to add to their own network monitoring.

âś… Given that there is very little product overlap, Cisco gets a big customer base and potential upsell opportunities. A big TAM expansion for both companies.

âś… On the Security information and event management (SIEM) front, Splunk is one of the strongest players. Not only do they have a mature solution, but many customers trust them despite a higher price point compared to other vendors.

âś… On the identity threat detection and response, the combination of Splunk with Oort and Duo could be more compelling to their security customers.

âś… Splunk has been doing a lot of good work integrating generative AI into their solutions. This could easily port over to the Cisco full-stack solution.

âś… Splunk was one of the early vendors to combine security and observability data to provide insights into both security and service outage incidents.

âś… Cisco channel partnership and sales are one of the best. It could crank Splunk revenue even before the integration happens.

âś…Cisco's XDR is well-established and has been around for a while. Adding Splunk SIEM to the mix, assuming the companies can integrate soon, will be a huge boost. It will be hard to integrate two big platforms with considerable technical debt built over the years.

âť“ We hope Splunk and its leadership team will lead the observability initiatives in Cisco. There was a lot of exodus from Cisco on that front, this could not only bring immediate credibility but also could bring in some talent who can see them as a major player in the observability market now.

âť“ Splunk has its own problems with integrating its Log enterprise and newer cloud-based observability platform based on the SignalFX platform. Bringing more to the mix can slow things down considerably.

âť“ With the conversion from On-premises to cloud-based software, Splunk struggled a bit to have unified pricing as most of their observability competitors have implemented a clean consumption-based pricing model already.

âť“ Pricing strategy is going to be a mess especially when they move from standalone solutions to completely integrated solutions.

âť“ Neither of them is known for their AI game, though Splunk is ahead of Cisco on that front.

âť“ Some nervous customers are already reaching out and asking for opinions and strategies on what to do. The pricing strategy will be a mess for a while. Splunk has recently moved to mostly consumption-based pricing. Cisco needs to figure out how to integrate this pricing model with its model soon.

âť“ Cisco took a while to integrate AppDynamics and ThousandEyes long after the acquisitions. I hope this integration goes easier. Splunk was already struggling with too many acquisitions with TruStar, TwinWave, Phantom Cyber, and Metafor, on the security side, and Flowmil, Rigor, Plumbr, SignalFX, Omnition, and VictorOps on the observability side. My advice would be to dump the smaller, not useful ones to concentrate on the bigger goal.


While the acquisition price seems high, this gives Cisco an opportunity to expand its TAM. The observability market is growing and if Cisco and Splunk can integrate their platforms soon they can win on observability. Overall, this deal is good for both companies. A quick integration could bring a solid combined security + observability platform to the market which the market sorely lacks.

Observability and security market is constantly getting disrupted. Customers should keep a close watch on the situation to make sure their interests are protected.

Constellation's Recommendation:

  • Splunk customers should make sure they advocate for their executive sponsors to remain with the team and fulfill their best interest
  • Clients should review roadmap, pricing and product strategy commitments
  • Constellation recommends that clients review their total Splunk and Cisco spend during contract renegotiations

Schedule an advisory call with Andy Thurai, VP and Principal Analyst covering AIOps, Observability, AI, ML and Incident Management coverage areas to discuss further.

 

Business Research Themes

Data to Decisions, New C-Suite, Tech Optimization

Roles

Chief Analytics Officer, Chief Data Officer, Chief Digital Officer, Chief Information Officer, Chief Information Security Officer, Chief Technology Officer