I'm looking to start correlating logs across different systems and event types. The ability to track an event across multiple devices device types (network gear to windows to Linux to software) is becoming more important not only for troubleshooting but also from the NIST 800-171/CMMC verification levels. This means we are going to need improvements to identifying the column and data that's saved to the database so we can easily add correlation between different types of logs and information. This is probably a huge undertaking but it's the future of SIEM.
Agree with cross log correlation as we must meet CMMC level 3 certification. This would be a huge feature if we could get this added within the next 6-12 months.