Cisco Systems, Inc. (CSCO) Earnings Call Transcript & Summary

Hello, everyone. Thank you so much for joining today's session. My name is Elisha, and I'll be your host for today. Before we get started, I have just a few housekeeping notes to cover. First off, this session is being recorded. [Operator Instructions] All right. With that, we'll get started. Sami, just one moment, the floor will be all yours.

Thank you, everyone. I'm Sami Badri, Head of Cisco Investor Relations. Thank you all for joining us today. We're delighted to be joined today by Gary Steele, EVP and GM of Splunk. As you likely know, Cisco acquired Splunk, with the deal closing on March 18, 2024. Gary served as Splunk's CEO over 2 years prior to joining forces with Cisco. Splunk has significantly accelerated product innovation under Gary's leadership, delivering best-in-class and market-leading capabilities across its unified security and observability portfolio as well as new AI-powered products through Splunk AI. Prior to joining Splunk, Gary was the founding CEO of Proofpoint, where he led the company's growth from an early-stage start-up to a leading publicly traded security as a service provider. He previously served as CEO of Portera and held various leadership roles at Sybase, Sun Microsystems and Hewlett-Packard. First, before we get started into the tech talk, I'm going to be reading some safe harbor statements. This presentation contains or may contain projections and other forward-looking statements regarding future events or the future financial performance of Cisco, including future operating results. These projections and statements are only predictions. Actual events or results may differ materially from those in the projections or other forward-looking statements. With that being said, we're going to kick-start our tech talk with Gary. Gary, I hand it over to you.

Great. Thank you so much, Sami. And it is great to be here today. Super excited. What I wanted to do today is talk a little bit about Splunk and our focus. So we are a software business dedicated to building a safer and more resilient digital world. And when you think about that, what does that ultimately mean? We, today, help some of the largest, most complex organizations keep their digital systems securely safe and up and running. It's sort of an interesting concept and it's become more relevant than ever these days, because resilience is actually incredibly hard. And the reason for that is the digital footprint of most organizations have grown rapidly through the course of the pandemic and after, organizations are using digital systems to interact with their customers and drive revenue in this next generation of IT. And as part of that, you have this broad digital footprint. You need to understand what's happening across that footprint. And it really comes down to visibility that helps organizations figure all that out. And that's where Splunk has always differentiated itself. What has made Splunk unique from the very beginning is our ability to bring machine data into our systems that's unstructured, sometimes structured and be able to drive analytics and understanding across all that machine data about the security and posture of an organization as well as all of the application characteristics, understanding and being able to prevent unplanned downtime. And so it's this visibility that is differentiated to Splunk in the marketplace, to be able to look across that vast digital footprint and help organizations ultimately decide how to be secure and how to drive that broad resilience initiative. And there's been different approaches to this resilience problem. Oftentimes, companies have taken a single domain approach, meaning a set of security capabilities separate from their observability capabilities. And one of the things that has continued to differentiate Splunk is our ability to bring these two disciplines together on a single platform to help organizations focus and drive resilience. And the reason it's important to bring it together is at the end of the day, when there is an event, some application is behaving oddly. Is it a security issue? Is there a threat actor that is operating in the environment, stealing data and ultimately driving odd application performance? Or do you have some form of application failure? Is it a drive full? Is it a network issue, a network connection? Is it an application failure, memory overflow, something like that? And so our ability with single platform to bring together security and observability ultimately helps organizations be that much more resilient and that much more effective in driving that initiative broadly across their organization. Now our product line to support this is all based on unified platform. And we deliver this with domain-specific applications sitting on the platform for both security and observability. One of the things that has made Splunk unique over a long period of time is that not only does Splunk deliver compelling best-in-class applications for security and observability, we have a broad developer community that brings its best to capability and builds on top of that Splunk platform. So examples of that is you could look in what is known as Splunkbase, our partner community, and find applications for things like fraud and other applications that are quite common. And so this broad utility of platform that brings together all of this machine data, that drives analytics around it allows, organizations to see more and drive better results from this vast set of data that they have. And we've been in our best-in-class applications for security and observability. Security that we have a broad product line, which we'll talk about further in the presentation, that helps organizations better detect, investigate and respond to particular events and drive a next-generation security posture. On the observability side, we bring together best-in-class capabilities across all of the facets of observability, from how you monitor your applications to understanding what the digital experiences of your users, to understanding your infrastructure, all in a single best-in-class environment that allows you to really understand and predict and be proactive about application issues. Now obviously, one of the big topics in the industry is AI, and the influence of AI on this particular sector has been tremendous. And one of the things I'm super enthusiastic about is our use of AI and the outcomes that we're seeing from that. As a company, Splunk has invested heavily for many, many years, predominantly machine learning. Because we're a data-rich environment, it's always been conducive to drive really good outcomes based on rich datasets on machine learning side. So for example, we released our Machine Learning Toolkit in 2017. We've had hundreds of thousands of downloads of that toolkit, and it's actively deployed across many disciplines today. So then bring on the newer capabilities around GenAI and the powered LLMs, where we have been really focused is building AI into the core workflows in how individuals get their jobs done. And what's super exciting about that and then joining forces with Cisco, we can ultimately accelerate those efforts and ultimately apply more technology, more capability, leveraging broader datasets, which we think will ultimately be the true power in what outcomes can get delivered from AI. So AI built-in, in our applications environments and in the platform itself, all again well integrated into the product capabilities that we have. We started delivering about 1.5 years ago on new LLM-based GenAI capabilities, and we'll be rolling out a set of capabilities over the course of the next couple of years as well. We have many things under development there. Now one of the unique aspects of Splunk is we philosophically believe that given the volume of machine data that organizations are capturing, that they need to be able to have access to that data from Splunk anywhere that, that data exists across a multicloud hybrid environment. And when I say multicloud, we see customers wanting data to live in multiple clouds, so Amazon, Azure, GCP. And we also see a tremendous amount of requirement for on-premise, self-managed capabilities where data may live. And one of the interesting and important facets of Splunk is that we're able to allow customers to leave their data wherever that data may be and get the power of Splunk, but leaving it in the most cost-effective place and the most strategic place based on the kind of data that has been captured. So today, for example, you can have Splunk running in AWS, accessing data that lives inside of Splunk itself or in Amazon S3 or in ASL or in a Splunk instance on-premise. And so bringing that data together and performing analytics across a multicloud hybrid environment gives a customer a tremendous amount of power and a tremendous amount of visibility in what has become an incredibly complex environment. And if you were to go back, I don't know, 5, 7 years, I think there was a world where everyone thought everything would be centralized. And frankly, our competitors in this world think in a centralized -- they get a centralized view. And frankly, that's a view of the past. And where we have continued to differentiate is to provide this level of flexibility that helps customers strategically think about where that data needs to live. Simple example. So as we see more privacy lives emerge across borders. So I was recently talking to a customer that was building out a separate application stack in India because of privacy rules. They want to leave their entire application stack there. They want to be able to run Splunk globally in a single security operation center that access that data that lives in India, and bring it together with a single set of analytics across the globe. And that is something that Splunk can uniquely do. And in a world where we're seeing new regulations every day, and the challenge is about where data can live have never been more complicated. And with regulators taking a bigger role about data residency and data retention, Splunk gets customers all the flexibility necessary to get the visibility they need to ultimately drive their resilience that's critical for their environment. Now one of the interesting elements is that across security and observability is we see an amazing amount of data overlap, meaning if you have siloed solutions for security and observability, you end up collecting the same data twice, and the expense and the cost of that is just not viable. And so bringing all of this machine data together in a single platform that enables you to get the visibility you need both from a security perspective, but an observability perspective is absolutely critical. And I just want to give you a sense for the magnitude and scale of data that we see. I was recently with the CIO of a very large brand that -- and they have a -- they've built a very impactful digital footprint broadly across their enterprise. They ingest 24 petabytes, and I'm not confused about the term. It's petabytes, not terabytes, 24 petabytes a day. And that's the data that they use: one, to understand their security posture; and two, they need to understand every aspect of every application because it needs to be up and running 24/7 without a glitch. Any application disruption has a direct impact on the bottom line. And so it's that data ingestion that spans both security and observability, and being able to do it at true scale is something that has differentiated Splunk for a very, very long time. Now one of the things that we're very proud of is the fact that we've been recognized as a leader by both Gartner -- by Gartner in both security and observability. So we have been recognized as a leader in the upper right quadrant of the respective Magic Quadrant on the security side, for the security information and event management or SIEM Magic Quadrant and then recognized also as a leader in the Gartner Magic Quadrant for APM. So APM, application performance management and observability. And we're super proud of this. I think it's meaningful for customers where they're getting the best in both of the categories, both in best in security and observability, but again, all based on single platform, getting leverage from all that data. Now if you look at our customer base today, we are basically the underpinning of many of the world's most largest complex operations. And when I spend time with our customers, we are basically the mission-critical component that exists to help drive resilience in these large organizations. And what we often see is customers will start with us on the security side. They'll see the value of the common data platform. They'll deploy us more broadly to help drive application visibility, application performance and ensure ultimate digital resilience across all of that. And then once they experience the platform, we'll also see them extend the platform to drive additional value across their broad IT operation. And collectively, today, we're super proud of our customers and engagement that we have, but you can think of us as really the underpinning of many of the largest, most complex organizations in the world. And one of the things, frankly, who's excited about coming together with Cisco, Cisco has always been a large customer of Splunk, driving both on the security side as well as more broadly on the observability side. So I'm going to take a minute now and talk about each of the application areas, starting with security. So today, our customers use us to power their security operations center or SOC. And this is where organizations are driving detections, investigations and response. And the value that customers see today is material. So 99% faster incident detection, investigation and response. Our ability when alerts go off to reduce alert noise, we see as much as 90% improvement in alert noise, meaning you're getting lots of events happening. How do you synthesize through those and focus on the ones that have the biggest risk and the most impact? And then ultimately, driving the next set of outcomes using our orchestration and automation, we can drive a 5x faster response time when events happen and there's a necessary response. Because when there is an event that happens, the faster you respond ultimately can be the difference between whether you have a breach or not. And so that's our focus. And where we see continued value as every large organization, a mid-sized organization is running a security operations center. They need a platform that allows them to operate in an effective way. And Splunk is the best-in-class platform, and we've been recognized for many, many years as a leader in this particular area. And we're continuing the pace of innovation to continue to differentiate ourselves. And one of the things I'm excited about here as an example is the power of AI and where we're seeing the opportunity to build AI directly into the workflow, so that person sitting in the SOC is getting the benefit of AI in terms of you can basically ask the question of what actually -- do event summarization, what actually happened and be able to then discern like what are the next steps, get a recommendation from AIs, what are the next steps to investigate? And ultimately, leveraging AI to drive the automation of any remediation that might be required. So there's a lot of incredible innovation that we've been building into the product to not only take -- not to stop the leadership position we have, but continue to extend ourselves in the future. And this only gets better in partnership with our colleagues at Cisco. There's so much more that we can do in this area. Now if you look at the capabilities that we're delivering, we think about threat detection, investigation and response as core to our capabilities. Within that, we have the ability to do detailed threat analysis. We recently added a capability called the Splunk Attack Analyzer that allows a person in the SOC to understand whether some threat is actually malicious or not and analyze all aspects of that threat. Our SOAR solution, you'll see acronyms here, and I'll try to keep the acronyms to a minimum. That is Splunk orchestration automation solution that really then allows someone in the SOC to run a set of playbooks that automate a set of steps. So Sami was infected. I need to take Sami off the network and I need to remediate his laptop. Like you can do much of this in an automated way, and the SOAR solution is a vehicle to drive that automation. And then Splunk UBA is User Behavior Analytics. So it's understanding the behavior of a user and whether that user has been compromised in some way. And all of this, again, based on our core platform, these capabilities [ level our ] core platform, and they leverage all of the rich analytics that exist from our core platform. So that's a very high-level view of our capabilities. But the other thing that has always been unique to Splunk is we've represented a very neutral position in the industry, in the market where the ability to bring data in from every company and every competitor, et cetera. So what you'll commonly see in our customers is data coming in from CrowdStrike, from Palo Alto, from Zscaler, from the broad application environments, whether it's SAP, ServiceNow, all the proprietary application. All of those connectors exist within Splunk so you can easily ingest that data that then perform analytics on it and then drive the detection, investigation and response on top of that rich dataset. And with Cisco, that only gets better because we can now leverage the broad datasets that exist within Cisco, that rich network data, endpoint data, device data, all of which will ultimately deliver better outcomes to our security users. And when we step back and we think about that potential and the tailwind that comes from being part of Cisco, we basically can add -- Cisco brings user, cloud and breach protection to our overall unified Threat Detection, Investigation and Response. So the power of TDIR just gets that much better. The visibility we have will be second to none because of the volume of data that exists within Cisco. And in addition to that, Cisco has some very unique security capabilities like the Talos threat research, being able to bring threat intel directly into our environment that we're super excited about. That broad team is well respected in the industry, and we think our detections only get better with that. And then the ability to tech lateral movement, the -- being able to analyze network cloud endpoint telemetry to the tech lateral movement, we should be better than anybody bringing that data into Splunk and being able to do that analysis. And then we get the richness of the Talos threat intel. All of that collectively is frankly tailwind for us, where we have no product overlap, we just see positive additive momentum from the combination with Cisco. And as we look -- if you think about it from a schematic point of view, how do we fit, we basically plug the Cisco pieces into our environment. So you'll see represented at the lower part of the screen in blue, the Cisco product line, so user protection, broad suite, cloud protection and other broad suite and breach protection, along with the firewall and network security, bringing all of that richness of data into the Splunk platform, where we can then provide analytics and analysis on all that data. We're super excited about this, and you're going to see a series of announcements and capabilities coming to market that represent the collaboration that we're doing with the broad Cisco team. We're super enthusiastic about this, and we feel like -- and I've been describing this as our integration strategy is a strong ground game, meaning we want to incrementally deliver really important capabilities that are meaningful to customers and do it in an incremental way, not a big bang integration approach, but something that's truly incremental over delivering value all the time. Now let's take a pause and look at observability and the capabilities there. We're really focused on helping IT and engineering teams to deliver better digital services. And so helping organizations find, fix problems faster, improve reliability and build exceptional customer experiences. And again, what are we focused on? Well, we're focused on reducing alert time. These systems are oftentimes noisy, disk is filling up. What do I do about that? Is that something I need to respond to right now? Application behavior slowdown. Is there some problem on the system? So that ability to understand what alerts to prioritize and make sure that you're responding in a way that you avoid overall downtime. And then the thing that is most important is our customers see an 83% reduction in mean time to resolve, meaning you find fix faster than without these kinds of capabilities. And we're seeing developer productivity continue to improve in this with these kinds of capabilities. Now if you look broadly across our product line, we bring together the best of infrastructure monitoring, application performance monitoring, Real User Monitoring. So what is Sami's performance today? Like those kinds of capabilities are super important. Synthetic Monitoring, meaning be able to set synthetic users to understand what their -- what the user experience would be so that you can proactively prevent any form of issues and then combining that with AI apps, service monitoring and event intelligence. And all of this, again, sits on top of our rich platform where you can drive broad analytics. And so this only gets better with Cisco. Cisco has been heavily invested in this market with market-leading capabilities. I am super excited about bringing AppD as a market-leading application monitoring solution into our overall suite. We will have best-in-class customer managed on-prem combined with best-in-class cloud, and this really will ultimately drive down time to detect and time to respond. And ultimately, customers will see a significant savings in money as a result of this. We think this combination is one that is second to none in the market, and we're super excited coming together with Cisco and the outcomes that we can drive as a result of it. And when we look at the overall capabilities combining Cisco's assets with ours, we bring together unique capabilities that come from the Cisco product line like business applications intelligence, understanding application risk from a security perspective, many capabilities that we aspire to have and we now have coming together with Cisco and bringing it all together into a single suite. Again, we're going to run the same play here, where we're going to run a strong ground game, meaning you will see incremental improvements in integrations right out of the gate. And we feel like the richness of data that comes from Cisco, bringing that into our environment, helping our customers understand network performance and overall infrastructure performance, again, we think we'll be well differentiated in the market. It can drive great value for our customers. So all of this we feel like we're in a position to deliver one-of-a-kind customer value. We're that much more powerful because of the acquisition of Cisco and coming together into a single set of suites all focused on digital resilience. And the real magic of unifying security and observability is really helping our customers overcome super complex problems. It allows them to optimize their investments. One of the things that I continually see when I talk to customers is they have a sprawl of tools. I was recently added very large complex Fortune 500 company, and they told me they had 167 monitoring tools. It's crazy. It's like you need to simplify, you need to have a single solution that allows you to see across that broad digital footprint and drive the outcomes that ultimately deliver digital resilience. And that's ultimately what we're focused on, and these capabilities have a bottom line impact to companies because these applications have to be running, all the time up and running and driving revenue for the business. And we think coming together with Cisco only accelerates all of the efforts that we've been on as a company independently. And so the power of Splunk plus Cisco really will help organizations revolutionize the way they think about digital resilience, and we're super excited to be part of the Cisco family and the value that we can drive for our joint customers. And with that, Sami, I'll turn it back to you.

All right. Thank you, Gary. Thank you for running through all that detail. A lot of good details there. Before I get into the questions for you, just to give every attendee a note. [Operator Instructions] I will now kick it off with some of our preset questions.

So Gary, you went through a lot of really good details. One of the key things is that I think we all want to know is like what are you most excited about from a product perspective now that Splunk is part of Cisco?

Yes. So I'm super excited about a number of things. One is we have minimal product overlap. So collectively, we're better because we can bring our product lines together fast and move quickly to deliver customer value. So I look at, for example, in the security area, leveraging all the rich data and capability that Cisco has built over a long time and bringing that together with Splunk, I think, makes us second to none in helping drive this next-generation security operations center. And then on the observability side, there should be nobody better in the industry than helping customers understand their infrastructure, what's really happening and ultimately driving digital resilience. So I'm excited across both those product lines. And the third thing that I think is really meaningful is coming together with Cisco will accelerate our AI efforts. I think the richness of data that Cisco has, our ability to train on that data, I think we can deliver better outcomes as a result. So just feel really good and enthusiastic about what we can do together.

Great points for sure. I wanted to take the opportunity to take a step back on SIEM, SOAR and XDR. There are a lot of acronyms there. And at a high level, could you just simplify these three different pieces and how they fit all together?

You bet. So we do have acronym soup, so -- and I apologize for that, the people that aren't familiar with the security industry. But the thing that we end up with is a very rich set of products across everything that you want to do in a security operations center. So when we talk about XDR, this is a new capability that was launched by Cisco about 9 months ago, if I have that straight, Sami. And what you get from that and the value that we can deliver as part of that is rich detections, and bringing that broadly into Splunk just accelerates our ability to detect threats and improve posture. You combine that with SOAR, which is our automation solution. So SOAR, orchestration and automation, is that helps drive the speed of response. And where we are very enthusiastic is in combining with Cisco, our ability to apply AI to those problems, and it accelerates a lot of the efforts that we had underway. And if you look across the industry, what you see is it's really rare to see a vendor that is actually offering SIEM and XDR together. And I think this just will differentiate us further in the industry, accelerating and speeding detection, which is the name of the game in security. Super excited about it.

Got it. Thank you for going through that. We've talked with investors about how Splunk is more of a heavyweight solution and not a feature offering. Can you dig in a little bit more on how that positions Splunk relative to competitors? And maybe as a follow-up, who are you typically selling to within an organization?

Yes. So Splunk is really foundational in the security operations center. And so we're selling to the CISO, so the Chief Information Security Officer, who typically reports to the CEO or the -- maybe sometimes the Board, really depends on what the structure is. But CISO is really the lead decision-maker for the security org. And because Splunk is foundational, it literally is the foundation from which they drive their security operations, it is so critical. And I would say it's even more critical in today's regulatory world. So a simple example, the SEC passed a rule where you have 4 days to announce if you have a breach of -- that has materiality associated with it. And unless you have the visibility and insight that comes from something like Splunk, can you actually answer those questions and report to the SEC? And so it's becoming more and more important than it ever has. And we think this is so critical for organizations of any size, but in particular, publicly traded companies.

Yes, 4 days is not a long time.

Exactly. Or a period of time to actually understand what the heck happened.

That's right. That's right. And one of the things I found interesting as you were talking about Splunk's differentiators was this concept of full-fidelity ingestion at scale without sampling. Can you dig in a little deeper on what that means and why that's so important?

You bet. So one of the things that is complicated in this world is driving observability and resilience for applications that run at high, high scale. So it's everything from peaks in Black Friday, like we literally run separate shifts on Black Friday because we want to make sure we're here for our customers. These are really big days where application performance across our retail customers get stretched. And so what is really, really important on those days where the application performance is getting stretched is that the developers can see every single transaction that fires across that entire environment. And a lot of solutions can't keep up because it's too high at scale, and so they sample, meaning they only take a fraction of the transactions. They just sample. And so when there's an event and you're sampling, you actually might not be able to see what happened. And so one of the things that has always been a strong differentiator for Splunk is at scale. So at peak, we capture every transaction and allow our customers to understand what the heck is going on if there is some of that when they reach high scale. And it is so important.

Okay. And then maybe for everybody to get an idea on scale, you made the petabyte reference earlier, which is quite a large number compared to what typically everyone's used to hearing.

I want to -- and by the way, that's not an uncommon thing. I mean we have -- I was with a CIO of a large -- I'd say, a medium-sized Internet property, they were doing 12 petabytes a day. It's like this is not an uncommon circumstance. And the reason there's so much data is because digital footprints have grown so much over the last few years.

That's right. That's right. I wanted to touch a little bit on ThousandEyes. And ThousandEyes provides visibility across the Internet and cloud and is integrated into Cisco's product portfolio, including Catalyst and Meraki Switching, Webex, Cisco Security, AppD, et cetera. And I'm wondering if you could share how that would be integrated to Splunk's products as well.

Yes. And we'll bring the richness of all that data and insight into Splunk from a security perspective and observability perspective and into the core platform, because the insight that ThousandEyes delivers is second to none, and that is so critical to think about application performance. If you -- you're obviously dependent upon the network to deliver that digital experience. And so ThousandEyes really enables customers to fully understand what is happening within their network, and that data is invaluable for us. And so we will drive integration across our full product line.

Great. Great. You talked a lot about the importance of serving customers on-premise in the cloud. We're in hybrid or multicloud environments. I'm wondering if you could expand a little bit on your deployment options. Do you need to have a separate cloud contract and a separate term license contract if you operate in a hybrid cloud environment? And how does federated search play in there?

Yes. So basically, what we do is meet customers where they are in their cloud journey. And so our ability to install in an on-premise world because they still have a big data center and -- but they still have -- they've made a lot of progress towards the cloud, being able to operate across that environment is super strategic and really important and then be able to see across it. So Splunk can talk to Splunk across that broad environment, meaning you have data on-premise in Splunk and you have data in the cloud, you can look across those environments and get all the power of Splunk without centralizing your data. And then added to that, as we discussed in the presentation, is you couple that with federated search, you can go to third-party data sources. So if a customer is saying, "Hey, I'm going to take all my access data," meaning when did Gary log on, when did Sami log on and stick all that data in S3, you can get access to that through federated search without ingesting all that into Splunk. And so you get the power of Splunk without having to centralize all your data into a single place.

Got it. Got it. Thank you for going through that. I want to shift gears to pricing. And I've heard you -- I wanted to just cover the general topic.

Yes.

I've heard you talk before about your workload-based pricing. Can you tell us a little bit more about that?

Yes. So workload-based pricing simply takes into account the workload required to deliver analytics results. And so one of the interesting and powerful aspects of this pricing model is you're only paying for the value that we're delivering. And if you go back in time, Splunk had an ingest-based pricing model, meaning we -- you paid a toll as you brought data into Splunk. And what we found over time was that customers wanted to amass lots of data. They weren't always doing analytics on it, but they wanted it to run. Maybe for regulatory reasons, maybe for other reasons, but they were paying a toll even though they weren't actually getting value from it every day. And so our workload pricing really unlocks the power of we're tying our pricing model directly to the value that we're delivering to you. And that's been really well received for customers, and we're in this ongoing transition from getting all of our customers off of ingest and into workload. And that will take some time, but we're making great progress.

Great. I wanted to go back to the topic of AI. And I'd love to hear your thoughts on how you think Splunk will accelerate the AI vision at Cisco.

So the thing that I am very excited about is being able to leverage the vast and rich datasets that exist across Cisco that encompass the network data, device data, identity data, endpoint data, all that collectively will drive better outcomes across our security and observability product lines. In addition, just the broad opportunity to collaborate and get the power of a stronger, massive people focused on AI, I think, will ultimately help us. Now philosophically, I think we're very much aligned with the way Cisco has been thinking about it, but we're focused on domain-specific outcomes. So really thinking about how AI can deliver amazing security and observability results and then building it into the workflow of how people get their job done to improve overall outcomes every day. And then we also philosophically believe in human in the loop, meaning you're not going to let AI go reconfigure your network with how is someone actually reviewing those results and making sure that's what you really want to do. So I think we're also philosophically aligned, and I think that makes a huge difference.

Got it. Got it. I wanted to now take in some questions from the chat box that came in and hopefully, we can go through some of those before I hit one of the last one or two questions that I prepared for you, Gary. First question that came through is what's the potential impact of AI and large language models on Splunk Processing Language or SPL?

Yes. It's a really good question. So we -- 1.5 years ago or so, we launched an assistant for SPL, meaning you could enter English language and the SPL system will generate the proprietary SPL language. So if you're wondering what SPL is, that is the Splunk Processing Language, that is how you do data analytics in our environment. And you have to have knowledge to do that. And so one of the things that's super exciting about this AI assistant, it really just lowers that bar of what it takes to get value from Splunk. And what you will see then is the use of natural language throughout our products, both on the security and on the observability side, where users will be able to actually leverage natural language to have SPL generated on their behalf. And so we're really focused on making it easier for less trained users to get great value from Splunk.

Got it. Got it. Thank you for going through that. One question about the competitive environment. Security vendors have talked about customers moving new data, running alongside Splunk and sometimes displacing or replacing Splunk entirely with their data lakes. How is the competitive environment changing? And how is Splunk defending its turf?

Yes. No, great question. I think if you look historically, Splunk moved from ingest pricing to workload pricing. And I think we had a set of customers concerned, frankly, about the ingest-based pricing model because of the volumes of data that they saw and they didn't feel it's sustainable. So they were moving some workloads outside of Splunk. And so I think the pricing model is an inhibitor. We obviously have fixed that. And we haven't moved everybody, but we're in the process of moving customers into that workload pricing model. And I think the other reality too is most of our competitors -- frankly, all of our competitors have a centralized view. And I think our federated distributed model is one that is super unique. And it provides the power for customers to control strategically how much they're spending on storage. And so if they want to put data in S3 because it's cheaper, more power to them, and they still get the power of Splunk. So these are new capabilities and new flexibility that historically we didn't have. And so I think we, at times, allow customers to go other places because they needed options. And now we are delivering a lot more flexibility. The other thing that we've done, which is super important, is we're processing data on the edge for our customers now. So through our ingest actions and edge processor, we're able to preprocess data before it comes to Splunk or goes to the ultimate destination. Why is that important? Well, you look at Cisco firewall logs, they're super voluminous. And it doesn't mean that's bad, it's just you don't need all that data for all that telemetry. So you can process down that data and so that you're not storing and spending money on things that you don't need to spend money on. This was something we historically -- people went to our competitors to get access to those kinds of capabilities. Those are part of the product now. So we've made very good advances in some of these areas where we weren't as flexible in the past, and we're really providing a rich set of capabilities to help customers solve these problems and provide them the options that they need to drive and manage the cost of this overall complex environment.

Got it. Got it. One question that is going to be tied to some earlier comments about pricing. How many -- and this is, Gary, by all means, only answer if you're comfortable that we've talked about at public disclosure. How many customers are on ingest pricing versus workload-based pricing at this point? And what is the unit of measure for workload-based pricing?

Yes. Great question. I don't think we've actually published that number, but the way to think about it is that almost all of our cloud-based customers have workload pricing. So if you look at our published quarters over the last couple of years, you're kind of in that 60% range of customers going to cloud. And then you have some on-prem customers or term license customers that have workload as well. But the vast majority, you can just always think that cloud customers are going to be on workload.

Got it.

And then the metric, going to the second part of the question, Sami, is there's a concept of an [ SPC ]. It's basically, that's the unit of measure that customers buy and subscribe to and is part of our subscription business. And then SVC is the unit of compute measure.

Got it. Got it. A much higher-level question. And you've kind of already touched on a customer example that might fall under this category. And the question is, how can Splunk add value to service providers? Maybe I think your prior example was more to do with maybe a cloud or Internet or e-commerce-type company. But what about more traditional cable, telco, if any kind of comments you can...

We have many customers in those categories, and we are basically underpinning those systems to the delivery of capabilities that they're delivering to their customers. So giving them the visibility, so helping them secure that environment, but also then giving them the visibility that they need to deliver all of those broad capabilities, whether it's on the cable side or service provider side.

Got it. Got it. One other question to do more with the Cisco and Splunk together is, can you just talk about how long it will take to enhance the Splunk portfolio with the data you can adjust from the Cisco side? And does it enable a new product set or enhance the existing product set?

Great question. So the data side of things is underway today, and we're going to deliver incrementally on that. You'll hear more about that at Cisco Live, which is scheduled for the first week of June. And we'll have an Investor Day, where we'll have more detail, but you're going to hear more about those capabilities right out of the gate because we're making progress on it right now. And then the first part of the question is, does it enhance existing product line? I think what you're going to see initially is enhancing existing product line. So straightforward things. We're going to take the rich Talos threat intel that exists within Cisco today and bring that into Splunk. That enhances the experience for a Splunk user. It's a good thing. But over time, we see the potential of new products, new capabilities that would have separate economic value. But that will take a little bit more time, obviously.

Yes, understandably so. These are two big, very capable companies coming together. One other question I wanted to get into is, okay, well, we kind of tied to long-term vision and strategy to making sure I'm going through and hitting the right kind of questions. One kind of question I'm not really sure if we can answer today is, are there any data privacy issues with new Cisco and Splunk customers leveraging data access across networks? So as the two datasets start running in parallel, could there potentially be data privacy issues?

Yes. No, this is something we are very focused on. And so we work directly with our customers and reflect in our customers whether they want us to use their data or don't want to use their data. It's up to the customer. So we're not -- we don't have the right to go use someone's data unless they give us permission.

Got it. We did get one question on how will Cisco or how Splunk integrate AppDynamics into the product. You can make some comments, Gary, or I could kind of...

No. I think we're super excited about it because basically, AppDynamics gives us, gives Splunk best-in-class traditional application monitoring. And we were -- our focus had not been on-premise more traditional applications, and AppDynamics gives us that capability. So bringing together AppDynamics in the Splunk Observability Cloud, we think is super powerful. How do we make that integration happen? We will -- we're putting AppDynamics onto the Splunk platform. So the richness of logs that comes from Splunk will be directly integrated into AppDynamics. And so that experience, that experience gets better. And we then can see across the multicloud hybrid environment that most customers have. So we think this is a great advantage, and super excited about it.

Great. Great. So we've gone through a lot of the Q&A questions at least that were submitted to the chat box. I have one question for you. And then Gary, we can -- we'll go into some closing remarks. So finally, it feels like there are a lot of opportunities for growth that is Splunk as part of Cisco. How do you view these opportunities in the near term and then further out?

Yes. Again, we want to demonstrate that collectively between Splunk and Cisco, we can deliver value for our customers. And we're focused on those incremental deliveries that will have meaningful outcome and better results for our security users as well as our observability users. And then collectively, over the long term, we believe that amazing innovation can happen between the two companies, and we can deliver new capabilities that ultimately drive consistent, durable long-term growth in our business. So just super enthusiastic about this, and we feel great about the future.

Great. Great. And with that, it's a great point to end on. Just for everyone who's tuning in, we'll be hosting the Cisco Investor Day in June, on June 4 at the Cisco Live event. You'll be hearing from Gary and many other executive leadership team members like Chuck, JD, Scott and a couple of other members. Please let us know if you want to tune in to that. And with that, Gary, again and the Splunk team who helped to prepare for this presentation, thank you very much for the time, and thank you all for also tuning in with us.

Thank you so much. Thank you, Sami. Appreciate it.

Absolutely.

Have a great day.

Great. Bye.