If so, how are you all using it? I want to use it more than just a log collector or troubleshooting server/application events. I want to use it review security information and events. Review advanced persistent threats. Majority of my environment is 2008/2012 with a lot of Sharepoint and IIS applications. Few network devices (L2 and L3 switches). SQL clusters.
Just curious how you all are using it and things that I could do to make the implementation better. Just haven't gotten much out of it yet.