\n
Mobile World Congress (MWC) Barcelona is one of the most demanding environments for network and security operations. With thousands of attendees,\u00a0unmanaged\u00a0devices, and applications interacting in real time, operational visibility and threat detection must function flawlessly.<\/p>\n
For the 2nd<\/sup>\u00a0year,\u00a0the\u00a0Cisco\u00a0team\u00a0leveraged\u00a0Splunk,\u00a0in addition\u00a0to its other security\u00a0products,\u00a0to deliver a unified Security Operations Center (SOC) and Network Operations Center (NOC) experience. Together, we used\u00a0Splunk as the central data platform and integrating telemetry across a broad set of Cisco technologies.<\/p>\nWhat made this deployment particularly notable was not just the breadth of integrations, but the speed and flexibility with which we operationalized the environment.<\/p>\n
\n
People\u00a0getting the Cisco booth in preparation for Mobile World Congress 2026<\/figcaption><\/figure>\n<\/div>\nAt the core of the deployment was Splunk Cloud, acting as the single pane of glass for both SOC and NOC workflows.<\/p>\n
We ingested data from multiple Cisco platforms, including:<\/p>\n
\n
The SOC and NOC area at Mobile World Congress 2026\u00a0<\/figcaption><\/figure>\n<\/div>\nThis architecture allowed us to converge traditionally siloed operational domains into a single analytics layer, enabling faster correlation between network events and security incidents.<\/p>\n
\n
Clockwise from the upper left quadrant: Firepower in Security Cloud Control, Splunk Cloud dashboard for MWC, Splunk Enterprise Security Mission Control and Cisco XDR.<\/figcaption><\/figure>\n<\/div>\nBuilding NOC Dashboards in an Afternoon<\/h2>\n One of the most impactful outcomes was how quickly we were able to deliver operational visibility following various requests from other teams present at the event.<\/p>\n
Using Splunk\u2019s data platform and visualization capabilities, we were able to build a fully functional NOC dashboard in just a few hours. The dashboard provided:<\/p>\n
\nReal-time network\u00a0usage\u00a0and availability<\/li>\n Client connectivity metrics across wireless and wired environments<\/li>\n Application\u00a0usage\u00a0indicators<\/li>\n<\/ul>\nBecause all telemetry was\u00a0collected\u00a0within Splunk, creating meaningful\u00a0dashboards\u00a0required minimal transformation work. This highlights a key advantage of using a unified data platform: once ingestion is solved, insights\u00a0can\u00a0follow quickly.<\/p>\n
\n
One of the\u00a0dashboards\u00a0built using Splunk to track Cisco Spaces users across the venue.<\/figcaption><\/figure>\n<\/div>\nBridging SOC and NOC: From Visibility to Context<\/h2>\n Traditionally, SOC and NOC teams\u00a0operate\u00a0in parallel, often using separate tools and datasets. At MWC, we intentionally broke down that barrier.<\/p>\n
By leveraging Splunk as the common platform:<\/p>\n
\nNOC events (e.g., latency spikes,\u00a0usage trends) could be correlated with<\/li>\n SOC signals (e.g., anomalous traffic patterns, threat detections)<\/li>\n<\/ul>\nThis convergence enabled faster root cause analysis and reduced mean time to resolution (MTTR), particularly in scenarios where performance issues\u00a0or traffic anomalies\u00a0had potential security implications.<\/p>\n
A First: Deploying the Cisco 6160 Firewall in a Public Event<\/h2>\n A standout aspect of this deployment was the use of the\u00a0Cisco\u00a0Secure Firewall\u00a06160<\/strong>\u2014marking its first deployment in a public event environment.<\/p>\nBringing this data into Splunk\u00a0required\u00a0a bit of engineering:<\/p>\n
Data Pipeline Design<\/em><\/h3>\nBecause of the scale and performance characteristics of the\u00a0firewall, we implemented a structured ingestion pipeline:<\/p>\n
\nRSYSLOG Server<\/strong>\n\nActed as the initial log aggregator\u00a0source for the\u00a0firewall<\/li>\n Handled high-throughput syslog ingestion from the 6160<\/li>\n Provided buffering and normalization capabilities<\/li>\n Saved data on the file system, providing another layer of redundancy<\/li>\n<\/ul>\n<\/li>\n Splunk Heavy Forwarder<\/strong>\u00a0(HF)<\/strong>\n\nConsumed logs from\u00a0files produced by\u00a0RSYSLOG<\/li>\n Applied parsing, filtering, and metadata enrichment<\/li>\n Forwarded\u00a0processed data securely to Splunk Cloud\u00a0using the S2S protocol<\/li>\n<\/ul>\n<\/li>\n Splunk Cloud<\/strong>\n
![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>![\"Cisco](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/04\/1-MWC2026CiscoBoothSetup-1024x768.webp\")
![\"MWC](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/04\/2-MWC2026S-NOC-1024x576.webp\")
![\"MWC](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/04\/3-MWC2026SOCdashboards-1024x576.webp\")
![\"MWC](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/04\/4-MWC2026CiscoSpacesDashboard-1024x452.webp\")
![\"MWC](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/04\/5-MWC2026BlogDiagramCC-1024x422.webp\")