Ownership note: Splunk is a wholly-owned subsidiary of (acquired March 2024) Cisco (819/A). Its boycott tier is inherited from Cisco - purchasing it funds the parent. This dossier records the brand’s own direct footprint (a wholly-owned Splunk Israel R&D subsidiary (Splunk Services Israel Ltd, Netanya)); the headline tier reflects Cisco’s complicity (Cisco’s deep Israeli R&D operations and technology footprint).

BDS-1000 Dossier - Splunk Inc

Key Findings

Economic: Splunk maintains an active Israeli operating subsidiary (Splunk Services Israel Ltd., Netanya, registration 516040250) and the IDF is described in Israel Defense (January 2019, attributed IDF source) as “one of Splunk’s major clients in Israel,” with the IDF maintaining “an extensive range of agreements” with Splunk for data extraction and operational effectiveness.¹²

Digital: The Ministry of Energy of the State of Israel is a documented Splunk customer, deploying Splunk Enterprise with machine learning to protect national power-plant and operational-technology environments, presented by Ministry staff at Splunk’s .conf conference.³⁴

Political: Splunk published a named corporate statement pledging to suspend business with Russia and Belarus and offer free security tools to Ukrainian government entities following Russia’s 2022 invasion - no equivalent statement was issued in response to the October 2023 conflict in Gaza.⁵

Not found: No verified direct contract between Splunk and the Israeli Ministry of Defence was identified in any public source; Splunk is absent from the UN OHCHR settlement database and the BDS Movement’s primary campaign target list.

Target Profile

Field	Detail
Company Name	Splunk Inc. (now a wholly owned subsidiary of Cisco Systems, Inc.)
Jurisdiction	Incorporated in Delaware, United States
Headquarters	250 Brannan Street, San Francisco, California, USA
Sector	Enterprise software - SIEM, security orchestration and automation (SOAR), IT and application observability
Ownership	Wholly owned subsidiary of Cisco Systems, Inc. (acquired ~US$28 billion; completed 18 March 2024); formerly NASDAQ: SPLK
Key Executives / Governance	Founded 2003 by Michael Baum, Rob Das, and Erik Swan; governance now under Cisco Systems, Inc. parent
Israeli-Nexus Summary	Splunk maintains an active Israeli operating subsidiary (Splunk Services Israel Ltd., Netanya), distributes products through Israeli channel partners including E & M Computing, and has been identified by Israeli defence-trade press - with an attributed IDF source - as serving the Israel Defence Forces alongside civilian government customers; no verified direct contracts with Israeli state security bodies were identified in public records, and no organised BDS campaign specifically targeting Splunk was documented.

Key Facts:

Formerly NASDAQ: SPLK; delisted March 2024.
Acquired by Cisco Systems, Inc. for approximately US$28 billion; deal announced 21 September 2023; completed 18 March 2024.

Executive Summary

Splunk Inc. is a San Francisco–headquartered enterprise software company that builds and sells platforms for searching, monitoring, and analysing machine-generated data - primarily its SIEM (Security Information and Event Management), SOAR (security orchestration, automation and response), and observability products. The company operated as an independent NASDAQ-listed corporation from its 2012 IPO until Cisco Systems completed its approximately US$28 billion acquisition on 18 March 2024, after which Splunk became a wholly owned Cisco subsidiary operating under the Splunk brand.

The documented Israel/Palestine nexus is real but bounded. Splunk maintains an active Israeli operating subsidiary (Splunk Services Israel Ltd., registered in Netanya) and distributes its products through Israeli channel partners, most notably E & M Computing Ltd, which was named Splunk’s 2023 EMEA Marketing Partner of the Year. Israeli defence-trade publication Israel Defense reported in January 2019 - citing an attributed IDF source - that the IDF is “one of Splunk’s major clients in Israel” and that Splunk maintained “extensive range of agreements” with the IDF for data-extraction and operational-effectiveness purposes. The Ministry of Energy of the State of Israel is a separately documented Splunk customer, using Splunk Enterprise with machine learning to protect national power-plant and operational-technology environments; this deployment was presented by Ministry staff at Splunk’s .conf user conference. As of the 2019 trade-press report, Splunk served approximately 200 Israeli clients. Splunk also integrates with Israeli-origin security vendors (Check Point, CyberArk, Palo Alto/Cortex XSOAR) in a standard interoperability relationship - data flows into Splunk from those tools, not the reverse.

What is not supported by evidence is equally important. No verified direct contract between Splunk and the Israeli Ministry of Defence, the Israel Prison Service, or any Israeli intelligence agency was identified in any public source. No military-grade, tactical, or mil-spec variant of any Splunk product was documented. No Splunk entry appears in the UN Human Rights Council settlement database, the Who Profits database, or the BDS Movement’s primary campaign target list. No organised boycott, divestment, or institutional exclusion campaign specifically targeting Splunk was identified. No evidence of Splunk operations in West Bank settlements, the Golan Heights, or East Jerusalem was found. The Military domain returned zero evidence of any defence-sector involvement in the Israeli context.

The resulting BRS of 427 / Tier C (High) is driven primarily by the Economic score of 5.89 - reflecting Splunk’s documented Israeli operating subsidiary, engineering workforce, channel-partner revenue, and named government/defence customer relationships - with secondary contribution from Digital (2.69), reflecting the IDF customer relationship and Israeli-origin integration ecosystem. Military contributed 0.00 and Political contributed 2.00. The tier reflects a company with a genuine, documented Israeli commercial presence and named government/defence customer relationships, but one whose evidence record does not support allegations of direct weapons-systems involvement, settlement infrastructure supply, or targeted BDS campaign activation.

Timeline of Relevant Events

Date	Event	Source
2003	Splunk Inc. founded in San Francisco, California by Michael Baum, Rob Das, and Erik Swan	Political⁶
Pre-2012	In-Q-Tel (the U.S. Intelligence Community’s strategic investment arm) makes an investment in Splunk prior to its IPO; documented in Splunk’s S-1 registration statement	Political⁵
April 2012	Splunk completes IPO on NASDAQ (ticker SPLK)	Political⁶
2019	Israeli defence-trade publication Israel Defense reports (25 January 2019) that the IDF is “one of Splunk’s major clients in Israel,” citing an attributed IDF source; reports Splunk served approximately 200 Israeli clients through integrators including EMET Computing	Digital², Economic¹
2019	Splunk achieves FedRAMP authorization for its Government and Public Sector product suite	Military⁷
2019	Ministry of Energy of the State of Israel presents Splunk deployment for national critical energy infrastructure and OT security at Splunk .conf conference	Digital⁴, Economic⁸³
2020	Splunk Inc. lists an Israel-jurisdiction subsidiary in Exhibit 21.1 of its SEC Form 10-K (FY2020 filing cycle)	Economic⁹
2022	Splunk publishes named corporate blog post pledging to suspend business with Russia and Belarus and offer free security monitoring tools to Ukrainian government entities - establishing documented precedent for crisis-driven corporate resource mobilization on geopolitical grounds	Political⁵
2022	Splunk lists an Israel-jurisdiction subsidiary in Exhibit 21.1 of its SEC Form 10-K (FY2022 filing cycle)	Economic⁹
2023	E & M Computing Ltd named Splunk’s 2023 EMEA Marketing Partner of the Year	Economic⁷
21 September 2023	Cisco Systems announces definitive agreement to acquire Splunk for approximately US$28 billion	Military¹⁰, Economic¹¹
18 March 2024	Cisco completes acquisition of Splunk; Splunk delisted from NASDAQ and becomes a wholly owned Cisco subsidiary	Military¹², Economic¹³
2025–2026	Splunk Services Israel Ltd. remains active in Israeli Registrar of Companies records (last annual report filed 2026); Splunk job postings continue to list roles in Tel Aviv, Herzliya, Netanya, Petah Tikva, Ramat Gan, and Lod	Economic¹⁴¹⁵

Corporate Overview

Structure and Ownership

Splunk Inc. was incorporated in Delaware and headquartered in San Francisco, California. It completed its IPO on NASDAQ (ticker SPLK) in April 2012. On 18 March 2024, Cisco Systems, Inc. (NASDAQ: CSCO, incorporated in Delaware, headquartered in San Jose, California) completed its acquisition of Splunk for approximately US$28 billion in cash (US$157 per share) - the largest acquisition in Cisco’s history. Splunk now operates as a wholly owned Cisco subsidiary and continues to market products under the Splunk brand. The independent Splunk board was dissolved upon acquisition close; all governance and ownership structures are now subsumed within Cisco’s corporate structure.

Prior to the acquisition, Splunk’s largest disclosed shareholders were major U.S.-domiciled asset managers (Vanguard, BlackRock) holding diversified index portfolios. No controlling Israeli ownership stake, Israeli sovereign-fund holding, or Israeli institutional governance influence over Splunk was identified in any public filing.

Israeli Entities and Franchise Relationships

Splunk Services Israel Ltd. (Hebrew: ספלאנק סרוויסס ישראל) is registered in the Israeli Registrar of Companies under registration number 516040250, with a registered seat at HaMelacha 32, Netanya, Israel. The entity appears in North Data’s aggregated Israeli registry records and was listed as active with registry updates through 2025–2026. Splunk Inc. listed an Israel-jurisdiction subsidiary in the Exhibit 21.1 subsidiary lists attached to its SEC Form 10-K annual reports for the FY2020 and FY2022 filing cycles. The subsidiary’s last annual report to the Israeli registry was recorded as filed in 2026, indicating it remained active under Cisco ownership.

Channel partner: E & M Computing Ltd (part of the Tel Aviv–listed EMET Group) is listed in Splunk’s official partner directory as an Israel-based partner and was named Splunk’s 2023 EMEA Marketing Partner of the Year. Splunk has been operating in Israel through integrators including EMET Computing for a number of years prior to the acquisition.

Israel Splunk User Group is an officially listed Splunk regional user group within Splunk’s EMEA community structure, with past events hosted at corporate venues including Cisco TLV (Tel Aviv) and AWS, and volunteer leaders affiliated with Israeli integrators Govil and Bynet.

Parent Company (Cisco) Israeli Footprint

Cisco maintains a substantial, long-standing R&D and operational presence in Israel - reported R&D centres in Netanya, Caesarea, Jerusalem, and Tel Aviv employing around 500 people, built through more than a dozen Israeli acquisitions over prior decades (including NDS in 2012 for approximately US$5 billion and Leaba Semiconductor in 2016 for approximately US$320 million). Cisco’s Israel Development Center is in Netanya, the same city as Splunk Services Israel Ltd.’s registered address. No public disclosure was identified confirming whether Splunk-branded engineering or product-development work is conducted from Cisco’s Israeli offices. Cisco-level Israeli exposure is attributed to Cisco, not to Splunk, except where directly evidenced.

Splunk Acquisitions

Splunk’s published acquisitions list (SignalFx, Phantom Cyber, Plumbr, TruSTAR, Flowmill, TwinWave, Omnition, Streamlio, Rigor, VictorOps, SnapAttack, and others) records no acquisition identified in public sources as an Israeli-domiciled company. The documented headquarters of these targets are in the US and Europe. No public evidence was identified of Splunk acquiring an Israeli-origin technology company.

Domain Summaries

Military: Military

Mechanism of Involvement

The Military audit examined nine categories of potential military involvement: direct defence contracting and procurement; dual-use products and tactical variants; heavy machinery, construction, and infrastructure; supply chain integration with defence primes; logistical sustainment and base services; munitions and weapons systems; export licensing and regulatory history; and civil society scrutiny and documented investigations.

No public evidence identified of any verified contract, tender award, framework agreement, or memorandum of understanding between Splunk and the Israeli Ministry of Defence (IMOD), the Israel Defence Forces (IDF), the Israel Prison Service, the Israel Border Police, or any other Israeli state security body. No Splunk entry was identified in SIBAT public export directories, Israeli defence exhibition catalogues, or Israeli defence procurement registries. Splunk’s product classification as enterprise software places it outside the categories of defence materiel that ordinarily appear in such directories.

No public evidence identified that Splunk manufactures or markets ruggedised, tactical, mil-spec, or otherwise defence-grade hardware variants of its products. Splunk’s core products - Enterprise Security (SIEM), SOAR, and Observability Cloud - are general-purpose enterprise tools available commercially to any qualifying organisation. While Splunk does operate a dedicated Government and Public Sector product suite with FedRAMP and DoD Impact Level authorisations serving US DoD and intelligence community agency clients, no Israeli-specific tactical, mil-spec, or contract-modified variant of any Splunk product was identified.

Not applicable by product category for heavy machinery, construction, and infrastructure: Splunk does not manufacture heavy machinery, construction equipment, vehicles, physical infrastructure components, or any related materiel. No Splunk product or service was identified in settlement construction, the separation barrier, military installations, or occupied territories in any physical infrastructure capacity.

No public evidence identified of any verified supply relationship between Splunk and Israeli defence prime contractors including Elbit Systems, Israel Aerospace Industries (IAI), Rafael Advanced Defense Systems, or Israel Military Industries (IMI/Elbit Land). Splunk produces software and data analytics platforms, not the physical components - optical systems, electronic sub-assemblies, propulsion and guidance modules, armour, or structural materials - that characterise defence prime supply chains.

No public evidence identified of Splunk holding contracts to provide catering, transport, fuel, waste management, facilities maintenance, telecommunications infrastructure, or other support services to IDF bases, military training facilities, detention centres, or security installations.

No public evidence identified that Splunk is involved in the manufacture of small arms, artillery, armoured vehicles, tactical drones, naval vessels, or any lethal platform. No Splunk role in the manufacture, integration, maintenance, or component supply of Iron Dome, David’s Sling, Arrow missile defence, F-35 fighter aircraft, main battle tanks, warships, or ballistic missile systems was identified. The SIPRI Arms Transfers Database contains no record of Splunk as a supplying entity in this context.

No public evidence identified of any government decision - in any jurisdiction - to grant, deny, suspend, or revoke an export licence for Splunk products specifically to Israeli military or security end-users. No investigation, citation, enforcement action, or administrative penalty related to Splunk’s compliance with arms embargoes, export control regimes, or sanctions affecting defence trade with Israel was identified.

Counter-Arguments and Evidence Limits

Splunk’s strongest defence in the Military domain is the complete absence of documented military involvement across all nine audit categories. The company is a civilian enterprise software firm whose products - SIEM, SOAR, and observability tools - are general-purpose analytics and security operations tools with broad civilian application. No purpose-built, military-specified, or contract-modified product publicly associated with Israeli state security bodies was identified. Splunk’s US government contracting activity is concentrated in the US federal sector under FedRAMP authorisation, with no equivalent Israeli government procurement relationship documented in any public source.

The audit notes a material evidence gap: Israeli defence procurement is classified and not publicly searchable, meaning any indirect deployment of Splunk products through U.S. government-to-government arrangements or unnamed sub-contracts would not appear in public records. The IDF customer relationship documented in Digital (see below) is the most directionally significant finding, but its specific scope - whether it constitutes a direct contract, a framework agreement, or an indirect channel relationship - is not resolved by the available public record.

Named Entities and Evidence Map

Entity	Role	Evidence Status
Israeli Ministry of Defence (IMOD)	Potential direct customer	No public evidence identified
Israel Defence Forces (IDF)	Potential direct customer	IDF sourcing relationship reported by Israel Defense (2019) with attributed IDF source; specific contract type unverified
Elbit Systems, IAI, Rafael, IMI	Potential supply-chain integration	No public evidence identified
SIBAT / Israeli defence procurement registries	Regulatory/listing bodies	No Splunk entry identified
SIPRI Arms Transfers Database	International registry	No Splunk record identified

Digital: Digital

Mechanism of Involvement

The Digital audit examined Splunk’s digital and technology relationships with Israeli state bodies, Israeli-origin technology integration, surveillance and biometrics technology, cloud infrastructure, defence and intelligence sector technology, AI and algorithmic systems, and R&D footprint in Israel.

IDF customer relationship (directionally significant): Israeli defence-trade publication Israel Defense reported on 25 January 2019 that “the Israeli military (IDF) is one of Splunk’s major clients in Israel,” and quoted an IDF source stating that “the IDF maintains an extensive range of agreements with suppliers in the field of data extraction, including the Splunk Company, for the benefit of improving the operational effectiveness of the IDF.”² The report stated Splunk operated in Israel through integrators including EMET Computing, served “some 200 clients” in the country, and “is currently preparing to establish a local sales office.” The article additionally discussed potential military data-fusion applications of the platform and referenced Israeli military command/fire systems including “TZAYAD (Digital Land Army)” and “Fire Weaver”; this latter portion is the publication’s characterisation of potential use cases, not a documented Splunk contract for those systems. This is the most directionally significant Digital finding: a named trade-press report, with an attributed IDF-source statement, identifying the IDF as a major Splunk customer.

Israeli-Origin Technology Integration Partners: Splunk’s platform functions as a central SIEM, SOAR, and observability system into which third-party security tools feed log telemetry. Several Israeli-origin or Israeli co-founded security vendors maintain published integrations with Splunk. The “Check Point App for Splunk” and the “Splunk Add-on for Check Point Log Exporter” forward Check Point firewall, threat-prevention, and SmartEvent logs into Splunk. The “Splunk Add-on for CyberArk” pulls privileged-access, vault, and Privileged Threat Analytics events into Splunk. The “Demisto Add-on for Splunk” (latest version released 21 October 2025) pushes incidents and events between Splunk and Cortex XSOAR (XSOAR was acquired from Israeli-founded Demisto in March 2019). In each case the direction is the partner’s product forwarding data into Splunk - an interoperability relationship, not Splunk providing technology to any Israeli entity. No public evidence was identified that any Israeli-origin software is embedded in Splunk’s own product code, core cloud data pipeline, or licensed at the OEM level.

Israeli State Customer - Ministry of Energy: Splunk conference material (.conf19) documents Israel’s Ministry of Energy applying Splunk Enterprise with machine learning to protect critical energy infrastructure and operational-technology (OT) environments across the country’s power plants, presented as a national security-posture monitoring deployment. This is a civilian ministry analytics/critical-infrastructure deployment.

Local Israeli Entity and Sales Presence: Splunk Services Israel Ltd. is recorded in the Israeli Registrar of Companies under registration number 516040250, located at HaMelacha 32, Netanya, and listed as active with registry updates through 2025. Splunk has advertised a “Regional Sales Manager, Israel” role on its careers portal, and LinkedIn lists multiple Splunk job postings in the Tel Aviv District.

Cloud Infrastructure: Splunk Cloud Platform is a SaaS offering whose data may be stored in available AWS, Microsoft Azure, or Google Cloud regions; no Israel region is named. AWS, Azure, and Google Cloud are US-entity providers, not Israeli-origin. No public evidence was identified that Splunk routes customer data through any Israel-based cloud region or contracts dedicated colocation/data-centre capacity within Israel. Project Nimbus is the Israeli-government cloud contract awarded to AWS and Google Cloud; Splunk is a software platform that runs atop cloud infrastructure and is not a Nimbus prime contractor. No public evidence was identified of Splunk holding a direct sub-contract, named work order, or stated role within Project Nimbus.

AI/ML Capabilities: Splunk integrates machine-learning capabilities into its platform, including the Splunk Machine Learning Toolkit and AI-assisted anomaly detection within Splunk Enterprise Security, as general-purpose analytical tools. The Israel Ministry of Energy deployment used Splunk’s machine-learning capabilities for critical-infrastructure/OT security analytics. No public evidence was identified that Splunk’s AI/ML capabilities have been provisioned to Israeli military or intelligence bodies under named bespoke agreements. No public evidence identified that Splunk’s AI/ML models are trained on civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the Occupied Palestinian Territories.

Offensive Cyber and Weapons Systems: No public evidence identified. Splunk does not develop, sell, or license offensive cyber capability, exploit tooling, or systems designed to produce targeting decisions; its product line is defensive and observability-oriented.

Counter-Arguments and Evidence Limits

Splunk’s strongest defence in the Digital domain rests on several grounds. First, the IDF customer relationship, while documented in a named trade-press report with an attributed IDF source, is not corroborated by a disclosed contract, procurement notice, or SEC filing. The specific nature and scope of the IDF relationship - whether it constitutes a direct contract, a framework agreement, an indirect channel relationship through integrators, or a commercial software licence for general-purpose use - is not resolved by the available public record. Second, the Israeli-origin integration relationships (Check Point, CyberArk, Cortex XSOAR) are standard interoperability partnerships in which data flows into Splunk from those tools; they do not represent Splunk providing technology to Israeli entities. Third, Splunk’s products are defensive and observability-oriented, not designed for offensive cyber operations or weapons-system integration. Fourth, the Ministry of Energy deployment is explicitly a civilian critical-infrastructure use case, not a military or intelligence application.

The audit identifies material evidence gaps: sub-contractor and ISV relationships below the AWS/Google prime level in Project Nimbus are not publicly disclosed, so embedding of Splunk software within Nimbus-scoped infrastructure can be neither confirmed nor excluded. Israeli defence procurement is classified, limiting visibility into any indirect deployment through U.S. government-to-government arrangements. Post-acquisition, the extent to which Splunk technology is being deployed within Cisco’s Israeli operational relationships is not separately disclosed.

Named Entities and Evidence Map

Entity	Role	Evidence Status
Israel Defence Forces (IDF)	Named customer	Documented by Israel Defense (2019) with attributed IDF source; specific contract type unverified
Ministry of Energy of the State of Israel	Named customer	Documented at .conf19 by Ministry staff; civilian critical-infrastructure deployment
Check Point Software Technologies	Integration partner	Published Splunkbase integrations; data flows into Splunk
CyberArk Software	Integration partner	Published Splunkbase add-on; data flows into Splunk
Palo Alto Networks / Cortex XSOAR	Integration partner	Published Demisto add-on (updated October 2025); data flows into Splunk
Project Nimbus (AWS/Google)	Israeli state cloud	Splunk not a prime contractor; sub-contractor role unconfirmed and unexcluded
Splunk Services Israel Ltd.	Local operating entity	Active in Israeli Registrar of Companies (516040250, Netanya)

Economic: Economic

Mechanism of Involvement

The Economic audit examined supply chain and sourcing relationships, product origin and labelling, investment and capital exposure, operational presence and market activity, corporate structure and foundational ties, and profit repatriation and economic contribution.

Israeli Operating Subsidiary: Splunk maintains a wholly-owned Israeli operating subsidiary, Splunk Services Israel Ltd (Israeli company registration number 516040250), with a registered seat at Hamelacha 32, Netanya, Israel. The entity appears in the Israeli Registrar of Companies record aggregated by North Data, and Splunk Inc. listed an Israel-jurisdiction subsidiary in the Exhibit 21.1 subsidiary lists attached to its SEC Form 10-K annual reports for the FY2020 and FY2022 filing cycles. The subsidiary’s last annual report to the Israeli registry was recorded as filed in 2026, indicating it remained active under Cisco ownership. The investment takes the form of office and personnel costs (an operating/engineering and go-to-market presence) rather than factories, logistics hubs, or real-estate holdings beyond standard leases.

Engineering Workforce in Israel: Splunk maintains an engineering and security-research workforce in Israel. Current and recent Splunk job postings list roles in Tel Aviv, Herzliya, Netanya, Petah Tikva, Ramat Gan, and Lod, spanning developer, DevOps, security-research, detection/automation, and SOC functions. No specific Israel headcount figure is disclosed in any Splunk or Cisco filing.

Channel Partner Revenue: Splunk’s products have been distributed in Israel through local channel partners rather than direct Splunk sales. Israeli defence-trade press reported in January 2019 that Splunk “has been operating in Israel for a number of years through such integrators as EMET Computing” and at that time served approximately 200 local clients. The Israeli partner is E & M Computing Ltd, which appears in Splunk’s official partner directory as an Israel-based partner and was named Splunk’s 2023 EMEA Marketing Partner of the Year.

Named Government and Defence Customers: The Israel Defence Forces (IDF) is described in Israeli defence-trade press as one of Splunk’s major clients in Israel; an IDF source confirmed it “maintains an extensive range of agreements with suppliers in the field of data extraction, including the Splunk Company, for the benefit of improving the operational effectiveness of the IDF.” The Ministry of Energy of the State of Israel is a named Splunk customer, using Splunk Enterprise with machine learning to monitor and protect national power-plant operations and critical energy infrastructure; the deployment was presented by Ministry of Energy staff at Splunk’s .conf user conference and featured in Splunk public-sector materials.

Acquisition by Cisco: On 18 March 2024, Cisco Systems, Inc. completed its acquisition of Splunk for approximately US$28 billion at US$157 per share in cash. As a result, all Splunk assets - including the Israeli subsidiary and personnel - became part of Cisco’s corporate structure. Cisco independently maintains a long-established and substantial Israel footprint (R&D centres in Netanya, Caesarea, Jerusalem, and Tel Aviv, built partly through some thirteen Israeli company acquisitions), but that Cisco-level exposure is distinct from Splunk’s own footprint and outside the direct scope of this Splunk-targeted audit.

No Physical Goods Supply Chain: Splunk is an enterprise software and data-analytics company; its core product is a platform for searching, monitoring, and analysing machine-generated data, delivered as a SaaS offering or on-premises software licence. This business model has no physical-goods supply chain, so agricultural/manufactured-goods sourcing categories are structurally inapplicable. No commercial relationship between Splunk and any Israeli agricultural, manufacturing, or commodity exporter was identified. No settlement-origin products, labelling obligations, or regulatory citations related to physical goods were identified.

Economic Contribution to Israel: Splunk’s documented economic contribution to Israel runs through (a) local employment and operating spend via Splunk Services Israel Ltd, (b) software-licence and services revenue paid by Israeli customers including Israeli government and defence bodies and approximately 200 commercial clients as of 2019, and (c) channel revenue routed through the Israeli partner E & M Computing. No Israeli government, industry-authority, or academic source designating Splunk a key employer, sector anchor, or critical-infrastructure provider within the Israeli economy was identified.

Counter-Arguments and Evidence Limits

Splunk’s strongest economic defence rests on the nature of its Israeli presence as a standard commercial operating subsidiary and sales/channel operation - the kind of presence any multinational enterprise software company maintains in a major technology market. The Israeli subsidiary represents office and personnel costs, not factories, real-estate holdings, or extractive operations. Splunk’s revenue from Israeli customers - while documented in aggregate - is not isolated as a strategic or material revenue geography in any Splunk or Cisco filing; Israel is framed in Splunk’s own materials primarily as an engineering and customer market within EMEA rather than a headline strategic territory.

The absence of physical goods operations means Splunk is not subject to settlement-labelling regimes, origin-compliance frameworks, or the supply-chain due diligence instruments that apply to companies trading in physical merchandise. The AFSC Investigate database (which draws on Who Profits research) returned no Splunk company entry, consistent with Splunk’s classification as a software company without physical presence in settlement areas.

The audit notes that the IDF customer relationship, while documented, is not quantified in revenue terms; the specific scope of Israeli government/defence revenue as a proportion of Splunk’s total business is unknown. Post-acquisition, Splunk profit flows are consolidated into Cisco Systems, Inc. (U.S.), and no mechanism was identified by which Splunk profits flow into Israel through Israeli-domiciled ownership or profit-sharing.

Named Entities and Evidence Map

Entity	Role	Evidence Status
Splunk Services Israel Ltd.	Israeli operating subsidiary	Active in Israeli Registrar of Companies (516040250, Netanya); listed in Splunk 10-K Exhibit 21.1 (FY2020, FY2022)
E & M Computing Ltd	Channel partner	Listed in Splunk partner directory; 2023 EMEA Marketing Partner of the Year
Israel Defence Forces (IDF)	Named customer	Documented by Israel Defense (2019) with attributed IDF source
Ministry of Energy of the State of Israel	Named customer	Documented at .conf19 by Ministry staff
Cisco Systems, Inc.	Parent company	Completed US$28B acquisition 18 March 2024

Political: Political

Mechanism of Involvement

The Political audit examined corporate communications and public stance, operations in occupied or contested territories, internal governance and content policies, brand heritage and state partnerships, and lobbying, advocacy, financing, and logistics.

Corporate Communications - Absence of Statement: Splunk issued no public corporate statement specifically addressing the Israel-Palestine conflict, the October 2023 Hamas attack on Israel, or the subsequent Israeli military operations in Gaza at any point during its existence as an independent company (through 18 March 2024). Neither the Splunk newsroom archive nor its corporate social responsibility pages contain any Middle East conflict language. Post-acquisition, no standalone Splunk statement on the conflict has emerged from Cisco’s newsroom in Splunk’s name.

The absence of a statement is made analytically significant by the existence of a clear precedent. Following Russia’s February 2022 invasion of Ukraine, Splunk published a named, substantive corporate blog post under executive authorship, explicitly titled to signal solidarity with Ukraine, pledging to suspend business with Russia and Belarus and committing to offer free security monitoring tools to Ukrainian government entities. No equivalent statement - in tone, specificity, or material commitment - was issued in response to the October 2023 conflict in Gaza or Israel. Splunk’s broader public-stance record during its independent period shows willingness to address geopolitical and social issues selectively: statements on racial justice were issued during the 2020 Black Lives Matter period, and LGBTQ+ inclusion positions are documented in the Inclusion & Belonging report. The Middle East conflict represents a documented omission relative to this pattern.

In-Q-Tel Relationship: Splunk maintained a formal early-stage relationship with In-Q-Tel (IQT), the not-for-profit strategic investment arm of the U.S. Intelligence Community, which made an investment in Splunk prior to its 2012 IPO, as documented in Splunk’s S-1 registration statement. This represents a verified institutional tie to the U.S. intelligence community at the founding stage. No active ongoing IQT investment relationship post-IPO is confirmed in public records; the standard post-IPO transition to arms-length commercial customer relationship is the default assumption. The full scope of any intelligence community deployments of Splunk products - including whether those deployments involved sharing with allied intelligence services such as Israeli intelligence under Five Eyes-adjacent arrangements - is not publicly documented and constitutes a material evidence gap.

Operations in Occupied or Contested Territories: No public evidence was identified of Splunk maintaining offices, data centres, dealership networks, or subsidiary operations explicitly within Israeli settlements in the West Bank or other internationally recognized occupied territories. Splunk maintained a sales and engineering presence in Israel proper (Tel Aviv area) as part of its standard EMEA go-to-market operations. Splunk does not appear on the UN Human Rights Office database of businesses with activities in Israeli settlements (UN document A/HRC/43/71, published February 2020). A material caveat applies: the database has not been formally updated since February 2020, meaning companies that commenced settlement-area operations after that date would not appear in it regardless of current activity. Whether any channel partners within Splunk’s Israeli ecosystem operate in or service clients located within West Bank settlements is not determinable from available public records.

BDS and Civil Society Scrutiny: No public evidence was identified of organised BDS campaigns specifically targeting Splunk. Splunk does not appear on the BDS Movement’s official target list. The “No Tech for Apartheid” campaign has focused principally on Google, Amazon, Microsoft, and IBM; Splunk is not identified as a named target. No institutional divestment decision citing Splunk specifically in the context of Israeli military supply or occupation-related activity was identified. No corporate response - policy statements, contract terminations, or end-use monitoring commitments - in response to civil society pressure regarding any defence supply chain relationship with Israel was identified.

Lobbying and Political Contributions: OpenSecrets records confirm Splunk Inc. conducted registered U.S. federal lobbying, with reported annual expenditures in the range of hundreds of thousands of dollars in years preceding the Cisco acquisition. Disclosed lobbying focus areas include cybersecurity policy, data privacy legislation, federal procurement rules, and cloud computing regulation. No LDA filings by Splunk specifically referencing Israel-Palestine policy, anti-BDS legislation, sanctions legislation targeting the region, or Middle East trade policy were identified. Splunk is not identified as a member, funder, or leadership participant in AIPAC, the U.S.-Israel Business Alliance, or comparable Israel-focused advocacy organisations. No PAC contributions directed specifically toward candidates or political committees on the basis of Israel-Palestine policy positions were identified.

Donations to State-Aligned and Military Organisations: No material corporate donations or sponsorships in Splunk’s corporate name directed toward Israeli settlement organisations, parastatal bodies (e.g., Jewish National Fund - JNF), or military-welfare funds (e.g., Friends of the Israel Defense Forces - FIDF) were identified. No verifiable personal donations by CEO Gary Steele (2022–2024) or former CEO Doug Merritt (2015–2021) to FIDF, JNF, AIPAC, or comparable organisations were identified through available public records.

Crisis Asset Mobilisation - Comparative Record: Splunk’s 2022 Ukraine response - offering free security monitoring tools and pledging to suspend commercial operations with Russia and Belarus - establishes the company’s demonstrated capacity for crisis-driven resource mobilisation directed at a state party to an armed conflict. No equivalent mobilisation of free software licences, cloud infrastructure, personnel deployment, or logistics support directed toward Israeli state entities, the Israeli military, or state-aligned Israeli NGOs was identified during or after the October 2023 conflict, through Splunk’s acquisition date.

Counter-Arguments and Evidence Limits

Splunk’s strongest political defence rests on the complete absence of documented political advocacy, lobbying, or financial activity directed at the Israel-Palestine context. The company is not a member of AIPAC or any Israel-focused advocacy organisation; it has not lobbied on anti-BDS legislation; it has made no donations to FIDF, JNF, or comparable parastatal bodies; and it has not engaged in Brand Israel partnerships or state-aligned sponsorships. The absence from the UN settlement database, the Who Profits database, and the BDS Movement’s target list is consistent with Splunk’s characterisation as a standard commercial enterprise software company without targeted civil society opposition.

The In-Q-Tel relationship, while a verified institutional tie to the U.S. intelligence community, is a pre-IPO investment with no confirmed ongoing relationship post-IPO. The audit does not impute transitive guilt: Cisco’s separate Israeli activities are not attributed to Splunk except where directly evidenced.

The most analytically significant gap in Splunk’s political record is the absence of a statement on the October 2023 conflict, set against the clear precedent of the Ukraine statement. This is a documented omission, not a positive finding of hostile intent, and the audit does not treat silence as evidence of complicity in the absence of a stated position.

Named Entities and Evidence Map

Entity	Role	Evidence Status
In-Q-Tel	Early investor	Pre-IPO investment documented in Splunk S-1; no confirmed ongoing relationship post-IPO
UN HRC Settlement Database (A/HRC/43/71)	Regulatory listing	Splunk not listed; database not updated since February 2020
BDS Movement	Campaign target	Splunk not on official target list; no organised campaign identified
No Tech for Apartheid	Campaign	Splunk not a named target
FIDF, JNF, AIPAC	Advocacy/donation targets	No Splunk corporate or executive donations identified

BDS-1000 Score (V4)

Domain	I	M	P	V-Domain Score
Military	0.50	0.50	0.50	0.00
Digital	5.50	4.00	6.00	2.69
Economic	7.50	5.50	7.50	5.89
Political	2.00	7.00	7.00	2.00

V_MAX: 5.89 Sum_OTHERS: 4.69
BRS Score: 427 Tier: C (High)

What drives the score and tier: The BRS of 427 is driven primarily by Economic (5.89), which reflects Splunk’s documented Israeli operating subsidiary (Splunk Services Israel Ltd., Netanya), its engineering workforce distributed across central-Israel locations, its channel-partner revenue through E & M Computing (Splunk’s 2023 EMEA Marketing Partner of the Year), and its named government and defence customer relationships - the IDF confirmed as a major client by an attributed IDF source in Israeli defence-trade press, and the Ministry of Energy confirmed as a customer at Splunk’s .conf conference. Digital (2.69) contributes secondarily, reflecting the IDF customer relationship, the Israeli-origin integration ecosystem (Check Point, CyberArk, Cortex XSOAR), and Splunk’s local Israeli sales entity. Political (2.00) reflects the In-Q-Tel pre-IPO relationship and the documented absence of a corporate statement on the October 2023 conflict despite a clear Ukraine-precedent. Military (0.00) reflects the complete absence of documented military involvement across all nine audit categories.

The tier C (High) reflects a company with a genuine, documented Israeli commercial footprint and named government/defence customer relationships, but one whose evidence record does not support allegations of direct weapons-systems involvement, settlement infrastructure supply, or targeted BDS campaign activation.

Method note: Scores are scale-free products of Impact (activity type, 0–10), Magnitude (scale, 0–10), and Proximity (directness, 0–10), computed from evidence-only findings in the four domain audits. V-Domain = I × M × P / 100. BRS = V_MAX × (100 + Sum_OTHERS). Human vetting reduced scores where allegations did not withstand verification; divested or exited operations were discounted; wrong-entity attributions were removed.

Methodology Note

Evidence-only basis: All factual claims in this dossier trace directly to findings in the four domain audits (Military, Digital, Economic, Political). No independent research beyond the audit record was conducted. Where the audits found nothing, “No public evidence identified” is used verbatim.
Scale-free scoring: Impact (I) measures the gravity of the activity type; Magnitude (M) measures scale and scope; Proximity (P) measures directness of involvement. V-Domain = I × M × P / 100. BRS = V_MAX × (100 + Sum_OTHERS). This formulation gives V_MAX - the single highest domain score - disproportionate weight, reflecting that a company deeply involved in one domain scores higher than one shallowly involved across many.
Temporal rule: Divested or exited operations were discounted. Splunk’s acquisition by Cisco (March 2024) is recorded as a structural change; the Israeli subsidiary’s post-acquisition status is noted as active per 2026 registry filings.
Entity attribution: No transitive guilt is imputed. Cisco’s separate Israeli R&D footprint and government-contract operations are noted as context but attributed to Cisco, not Splunk, except where directly evidenced. Israeli-origin integration partners (Check Point, CyberArk, Cortex XSOAR) are documented as interoperability relationships in which data flows into Splunk, not Splunk providing technology to Israeli entities.
Settlement operation dual-counting: Where a settlement-area operation would simultaneously constitute economic presence (Economic) and political complicity (Political), both are scored. No Splunk settlement-area operations were identified in the audit record.
“No public evidence identified”: This phrase is used wherever audit checks returned null results, including for SIBAT registries, SIPRI databases, UN settlement databases, Who Profits, BDS target lists, export enforcement records, and named contract databases. It reflects the absence of public evidence, not a determination of absence of activity.
Human vetting: During the human vetting process that produced these V4 scores, several companies’ scores were reduced or zeroed where allegations did not withstand verification. This dossier upholds exactly that standard: the evidence record is compiled faithfully, including exculpatory findings, and no soft claim is hardened.