It’s less likely to annoy an entire industry of SQL users, while appealing to those who use Splunk and similar tools for incident response and ad-hoc analytics.
Whether they really need their own DB for event data… perhaps… but these days you want to get this kind of data into your data lake sooner rather than later. Perhaps it can help with that.
Honestly, for human friendly queries, I would have taken a Splunk-query like approach, like KQL: https://learn.microsoft.com/en-us/kusto/query/?view=microsoft-fabric
It’s less likely to annoy an entire industry of SQL users, while appealing to those who use Splunk and similar tools for incident response and ad-hoc analytics.
Whether they really need their own DB for event data… perhaps… but these days you want to get this kind of data into your data lake sooner rather than later. Perhaps it can help with that.