Security teams rarely migrate a SIEM because everything is working perfectly. Most QRadar estates that reach the point of review show the same signs. Log ingestion has grown beyond original estimates.