Log Management and Analytics use cases
The following use cases show just some of the ways you can use Log Management and Analytics to leverage your log data.
Observe cloud network traffic with logs
In this use case, you need to use VPC Flow logs to monitor and analyze incoming HTTP(S) traffic to your Virtual Private Cloud (VPC) in Amazon Web Services (AWS).
Use logs in context to troubleshoot issues
In this use case, you need to do proactive health and performance check of the apps running on maintained cluster and learns about errors in logs that are caused by another component.
Investigate security incidents in Kubernetes clusters 
Incident response
In this use case, you work with Security Investigator 
to analyze unauthorized requests in your Kubernetes audit logs. See how you can manage and reuse the evidence gathered during the investigation, navigate between executed queries while maintaining investigation in context, and get a detailed overview of your results in the original format.
Analyze AWS CloudTrail logs
Incident response
In this use case, you work with Security Investigator to analyze CloudTrail event data, monitor and identify your AWS account activity against security threats and potential deviations from normal activities.
Detect threats against your AWS Secrets
Incident response
In this use case, you work with Security Investigator to monitor and identify potential threats against your AWS Secrets by analyzing CloudTrail logs.
Run instant queries to debug intrusions 
Incident response
In this use case, once you set up a workflow that notifies you when an attack occurs, determines what is affected, and enriches the data with context, you can immediately respond to discoveries and perform further investigations on logs by running a sequence of DQL queries in Notebooks tailored to the attack type.
Resolve team dependencies
In this use case, you create a Log Analysis Dashboard that takes care of identifying bugs from logs, as well as grouping, triaging, and distributing to a bug tracker that clarifies ambiguous responsibilities and interdependencies.
Real-time advanced observability with logs and DQL
In this use case, you want to observe mission-critical information over time found in your logs that are sent using log ingest API.