Gigamon has formed a strategic partnership with Splunk, combining Gigamon's Deep Observability Pipeline with Splunk Federated Search.
The joint offering is intended to let organisations access and analyse distributed telemetry without moving or duplicating the underlying data. It targets security and IT teams managing growing volumes of information across hybrid cloud and AI-driven environments.
The integration combines Gigamon's network telemetry processing with Splunk's federated search model, which lets users query datasets where they are stored. In practice, customers can collect, filter and enrich network data close to its source, then search it across multiple repositories through a single workflow.
The companies are presenting the partnership as a way to reduce the cost of storing and ingesting large data volumes while preserving visibility for security monitoring and operational analysis. It also gives customers the option to keep data in different locations, including Splunk Cloud Platform indexes, Amazon S3, Azure Blob Storage and other third-party repositories.
Customer choice
A central theme of the partnership is flexibility over data location. That reflects a broader shift among large organisations seeking to balance storage costs, compliance rules and data sovereignty requirements without losing access to analytics tools.
The companies pointed to growing demand for federated approaches to security and observability data, citing Gartner research that by 2030, 90 per cent of new SIEM purchases will mandate federated data and content-first architectures rather than closed ecosystems and proprietary data stores.
Gigamon also cited findings from its 2026 Hybrid Cloud Security Survey of more than 1,000 security and IT leaders. According to the research, 79 per cent are considering repatriating public cloud data to private cloud environments because of security concerns, while 72 per cent believe data lakes offer stronger security controls.
That helps explain why vendors are increasingly focusing on systems that can analyse data in place rather than pulling everything into a central platform. For customers with large, widely distributed estates, the economics of duplication and movement have become harder to justify.
Security focus
The combined setup is aimed at organisations that need visibility into encrypted traffic, east-west traffic within environments and activity across hybrid cloud infrastructure. Gigamon said its platform extracts and enriches application metadata from raw network traffic, while Splunk Federated Search enables those enriched datasets to be searched without first consolidating them in one location.
The companies said the result should help users identify threats earlier, speed up investigations and improve compliance monitoring. They added that the approach can reduce unnecessary data movement by ensuring only selected telemetry is stored, searched and analysed.
The Gigamon Federated Search App includes pre-built processing pipelines for Splunk Edge and Ingest Processor, along with federated search templates and unified dashboards. Those components are designed to simplify deployment for joint customers and give security and operations teams a common view of distributed telemetry.
Seth Brickman, Vice President of Product Management for the Splunk Platform at Cisco, outlined Splunk's view of the partnership.
"Organisations today need deeper, more connected visibility across increasingly distributed environments," said Brickman. "By combining Splunk's Federated Search capabilities with network telemetry from Gigamon, we're helping customers gain richer operational and security insights while reducing the cost and complexity of managing large volumes of data. Together, we're delivering a more flexible and AI-ready approach to data management."
The deal also gives Gigamon a route deeper into Splunk-centred customer environments as buyers reassess how they manage observability and security data across cloud and on-premises infrastructure. For Splunk, now part of Cisco, the tie-up broadens the range of telemetry that can feed investigations and operational monitoring without requiring wholesale changes to where customers keep their data.
Large enterprises have been under pressure to contain observability and security tooling costs as telemetry volumes rise. Network traffic, application metadata and cloud activity can generate significant storage and processing bills, particularly when teams duplicate information across several tools for search and analysis.
Federated approaches offer one response by allowing organisations to keep data in lower-cost stores and still query it when needed. The trade-off has often been complexity, making integrations such as this important if suppliers want to persuade customers that decentralised data strategies can work in practice.
Srinivas Chakravarty, Vice President, Cloud Ecosystem, at Gigamon, said the aim was to help customers manage rising telemetry volumes without increasing operational strain.
"As data volumes continue to grow across hybrid cloud and AI-driven environments, organizations need a smarter way to manage telemetry without increasing cost or complexity," said Chakravarty. "Together, the Gigamon Deep Observability Pipeline and Splunk Federated Search help customers transform raw network traffic into high-fidelity, actionable telemetry and access it wherever it resides. This approach reduces unnecessary data movement and ingestion costs while improving visibility and enabling earlier threat detection across security and observability workflows."
The solution is now available to joint customers.