Vendor blueprint · prerelease
Splunk Machine Data Lake
Announced September 8, 2025 at .conf25; alpha confirmed February 2026; no GA date public. Splunk's response to lakehouse-native security: a schema-less, AI-ready landing zone inside Splunk Cloud / Enterprise, plus Borderless Real-Time Search federating across S3, Snowflake (GA July 2026), and (announced, unshipped) Iceberg, Delta Lake, and Azure.
What ships today
Cisco Time Series Foundation Model: 250M params, Apache 2.0 open weights, decoder-only multiresolution, 16.12% MASE improvement on observability data. Trained on 300B+ data points. Runs anywhere via PyTorch. PyPI package cisco-tsm.
What doesn't ship yet
Machine Data Lake itself (alpha, no GA date). Federated Search for S3 re-architected (alpha). Snowflake federation (GA target July 2026). Iceberg, Delta Lake, Azure (announced, unshipped). Borderless Real-Time Search engine architecture undisclosed in public docs.
What it changes for architects
The lakehouse pivot is real but pre-shipped. Query plane still routes through Splunk Cloud / Enterprise. Splunk co-founded OCSF and the Cisco TSM is open-source — ecosystem alignment is genuine. The catalog and query-plane control remain Splunk's.
The honest critique
Forrester flagged the timing gap publicly: "competing platforms already deliver these offerings." No public pricing meter. No named beta customers (Singapore Airlines is a general Splunk reference, not an MDL reference). Decision today: wait vs. run the benchmark yourself.
Sources: Cisco/Splunk press release (2025-09-08) · Forrester .conf25 recap · Splunk "Complete Guide to Data Management" · arXiv 2511.19841 (Cisco Time Series Model) · GitHub splunk/cisco-time-series-model