Thank you! First time hearing of it. I just looked it up, it looks similar to Azure sentinel? Is it really cheaper than on-prem splunk?

Good query language (rollup,piping,stats,etc...),visualization and rich function set (eval and stats functions in splunk) is a minimum requirement for me. Tried Kibana,Graylog,Sentinel and a few others I can't mention here.