Log Analytics: Investigation is not Monitoring is not Dashboard (SpectX)
These three log processing tasks play an important role in enterprise security. The most difficult part is the investigation, involving archived or non-centrally managed log data. We are never fully prepared - some log data is missing, or the format is too complex. Maybe the logs were even poisoned? How to succeed without copying / exporting everything for “advanced” grep/awk/python/hive magic?