I have my own recipe for an infrastructure code where I integrate Fluent Bit with Kubernetes. It scrapes the logs off of all the member nodes of Kubernetes and then it chips that to an input on Graylog. That way, when developers want to troubleshoot an application but don't want to use anything Kubernetes CLI-related, they can jump straight to Graylog. They can type the name and the type of deployment that they're looking for and get all of the logs pulled into one place. Essentially I use this solution to give developers a way to look at all the logs in an aggregated form. It's very helpful.
I also use the solution to extract and quantify data and metrics from the logs. For example, let's say you're running the wallet application and you want to make sure that you are getting the minimum 404's when somebody is trying to make a payment. You can essentially extract the code on Graylog and it will give you a really nice view of how often your wallet times out, or overall performance. If you're looking specifically from a security standpoint, if the application is seeing something that should not be seen, you have a way to log that.
I also use it for building charts and live logging. Also, the pipelines allow you to take a raw log, create something out of it, and transform it into something else, so I use that for streams, presentations, metrics, and health checks from an app runtime standpoint.
Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps. One time, I created a geo map based on IP addresses accessing a website. The web server generates logs based on who's accessing the application, and we were able to extract the IPs from the logs and even create a chart on Graylog to map out exactly what countries the requests were coming from. Graylog is amazing. It's a beast.