Gigamon has partnered with Splunk to integrate its Deep Observability Pipeline with Splunk Federated Search, aiming to give joint customers unified access to distributed telemetry data.
The tie-up targets organisations trying to analyse data spread across hybrid cloud, private infrastructure and other repositories without moving it all into one place. Under the integration, Gigamon's software extracts and enriches network telemetry, while Splunk's federated search tools query datasets where they already reside.
The move reflects a broader shift in cyber security and IT operations, as companies weigh the cost of storing and ingesting ever larger volumes of telemetry against the need to maintain visibility across complex environments. Here, the combined offering is positioned as a way to reduce data duplication while still supporting investigation and monitoring across multiple systems.
Customers will be able to keep data in locations including Splunk Cloud Platform indexes, Amazon S3, Azure Blob Storage and other third-party repositories. Security and operations teams can then search across those environments through a federated approach rather than centralising the information first.
Data pressure
The partnership comes as demand grows for tools that can handle telemetry from hybrid cloud estates and AI-related workloads. Data generated by applications, network traffic and security systems has risen sharply, increasing storage and processing costs and forcing organisations to make trade-offs over what they retain and analyse.
Gigamon said its Deep Observability Pipeline turns raw network traffic into telemetry by extracting application metadata across both north-south and east-west traffic flows. Splunk Federated Search, part of Cisco's broader data fabric strategy around Splunk Cloud Platform, allows teams to run searches across distributed datasets in place.
The Gigamon Federated Search App includes pre-built processing pipelines for Splunk Edge and Ingest Processor, along with federated search templates and dashboards. These are designed to process, route, filter and enrich telemetry closer to where it is created, reducing unnecessary data movement.
For customers, the commercial appeal is straightforward: storing and ingesting less low-value telemetry could lower costs while preserving access to higher-value information for security monitoring and operational analysis. The approach could also help with compliance and data sovereignty requirements by letting organisations decide where data is held.
Market context
The partnership arrives as federated data architectures gain traction in security operations. Gigamon cited Gartner research forecasting that by 2030, 90 per cent of new SIEM purchases will mandate federated data and content-first architectures rather than closed ecosystems and proprietary data stores.
The company also pointed to findings from its 2026 Hybrid Cloud Security Survey of more than 1,000 security and IT leaders. According to the survey, 79 per cent are considering moving public cloud data back to private cloud environments because of security concerns, while 72 per cent believe data lakes offer stronger security controls.
These trends have raised the stakes for observability and security suppliers operating between data generation and analysis. Vendors are increasingly trying to show they can help customers control storage and ingestion costs without creating blind spots in detection, investigation and performance monitoring.
"Organisations today need deeper, more connected visibility across increasingly distributed environments," said Seth Brickman, vice president of product management for the Splunk Platform at Cisco. "By combining Splunk's Federated Search capabilities with network telemetry from Gigamon, we're helping customers gain richer operational and security insights while reducing the cost and complexity of managing large volumes of data. Together, we're delivering a more flexible and AI-ready approach to data management."
Brickman's comments underline how Splunk is positioning federated search as part of a broader effort to make data analysis less dependent on centralised storage. Since Cisco acquired Splunk, the company has increasingly tied Splunk's platform to a wider data fabric strategy spanning security and observability use cases.
Gigamon, for its part, has focused on network-derived telemetry and visibility into encrypted and lateral traffic. That places it in a part of the market where customers want better insight into traffic moving within cloud and data centre environments, not just traffic entering or leaving them.
"As data volumes continue to grow across hybrid cloud and AI-driven environments, organizations need a smarter way to manage telemetry without increasing cost or complexity," said Srinivas Chakravarty, vice president of cloud ecosystem at Gigamon. "Together, the Gigamon Deep Observability Pipeline and Splunk Federated Search help customers transform raw network traffic into high-fidelity, actionable telemetry and access it wherever it resides. This approach reduces unnecessary data movement and ingestion costs while improving visibility and enabling earlier threat detection across security and observability workflows."
The solution is available now to joint customers.