Update migrate-splunk-to-azure-monitor-logs.md

Author: guywi-ms

articles/azure-monitor/logs/migrate-splunk-to-azure-monitor-logs.md

@@ -37,10 +37,11 @@ The benefits of migrating to Azure Monitor include:
 
 ## Compare offerings 
 
-|Splunk offering|Azure offering|
-|---|---|
-|Splunk Observability|[Azure Monitor](../overview.md) is an end-to-end solution for collecting, analyzing, and acting on telemetry from your cloud, multicloud, and on-premises environments, built over a powerful data ingestion pipeline that's shared with Microsoft Sentinel. Azure Monitor offers enterprises a comprehensive solution for monitoring cloud, hybrid, and on-premises environments, with [network isolation](../logs/private-link-security.md), [resilience features and protection from data center failures](../logs/availability-zones.md), [reporting](../overview.md#insights), and [alerts and response](../overview.md#respond) capabilities.|
-|Splunk Security|[Microsoft Sentinel](../../sentinel/overview.md) is a cloud-native solution that runs over the Azure Monitor platform to provide intelligent security analytics and threat intelligence across the enterprise.|
+|Splunk offering||Azure offering|
+|---|---|---|
+|Splunk Platform|Splunk Cloud Platform<br>Splunk Enterprise|[Azure Monitor Logs](../logs/data-platform-logs.md) is a centralized software as a service (SaaS) platform for collecting, analyzing, and acting on telemetry data generated by Azure and non-Azure resources and applications.|
+|Splunk Observability|Splunk Infrastructure Monitoring<br>Splunk Application Performance Monitoring<br>Splunk IT Service Intelligence|[Azure Monitor](../overview.md) is an end-to-end solution for collecting, analyzing, and acting on telemetry from your cloud, multicloud, and on-premises environments, built over a powerful data ingestion pipeline that's shared with Microsoft Sentinel. Azure Monitor offers enterprises a comprehensive solution for monitoring cloud, hybrid, and on-premises environments, with [network isolation](../logs/private-link-security.md), [resilience features and protection from data center failures](../logs/availability-zones.md), [reporting](../overview.md#insights), and [alerts and response](../overview.md#respond) capabilities.<br>Azure Monitor's built-in features include:<br>🔹[Azure Monitor Insights](../insights/insights-overview.md) - ready-to-use, curated monitoring experiences with pre-configured data inputs, searches, alerts, and visualizations. <br>🔹[Application Insights](../app/app-insights-overview.md) - provides Application Performance Management (APM) for live web applications.<br>🔹[Azure Monitor AIOps and built-in machine learning capabilities](../logs/aiops-machine-learning.md) - provide insights and help you troubleshoot issues and automate data-driven tasks, such as predicting capacity usage and autoscaling, identifying and analyzing application performance issues, and detecting anomalous behaviors in virtual machines, containers, and other resources.<br>These features are free of installation fees.|
+|Splunk Security|Splunk Enterprise Security<br>Splunk Mission Control<br>Splunk SOAR|[Microsoft Sentinel](../../sentinel/overview.md) is a cloud-native solution that runs over the Azure Monitor platform to provide intelligent security analytics and threat intelligence across the enterprise.|
 
 ## Introduction to key concepts
 
@@ -57,6 +58,7 @@ The benefits of migrating to Azure Monitor include:
 |[Kusto Query Language (KQL)](/azure/kusto/query/)|Splunk Search Processing Language (SPL)|Azure Monitor Logs uses a large subset of KQL that's suitable for simple log queries but also includes advanced functionality such as aggregations, joins, and smart analytics. Use the [Splunk to Kusto Query Language map](/azure/data-explorer/kusto/query/splunk-cheat-sheet) to translate your Splunk SPL knowledge to KQL. You can also [learn KQL with tutorials](../logs/get-started-queries.md) and [KQL training modules](/training/modules/analyze-logs-with-kql/). |
 |[Log Analytics](../logs/log-analytics-tutorial.md)|Splunk Web, Search app, Pivot tool|A tool in the Azure portal for editing and running log queries in Azure Monitor Logs. Log Analytics also provides a rich set of tools for exploring and visualizing data without using KQL.|
 |[Cost optimization](../../azure-monitor/best-practices-cost.md)|         |Azure Monitor provides [tools and best practices to help you understand, monitor, and optimize your costs](../../azure-monitor/best-practices-cost.md) based on your needs.|
+|Application Performance Monitoring|[Application Insights](../app/app-insights-overview.md) provides Application Performance Management (APM) for live web applications. This is a built-in feature of Azure Monitor that does not require a separate installation charge.|
 
 ## 1. Understand your current usage
 
@@ -103,10 +105,8 @@ This table lists Splunk artifacts and links to guidance for setting up the equiv
 |---|---|
 |Alerts|[Alert rules](../alerts/alerts-create-new-alert-rule.md)|
 |Alert actions|[Action groups](../alerts/action-groups.md)|
-|Application Performance Monitoring|[Application Insights](../app/app-insights-overview.md) provides Application Performance Management (APM) for live web applications. This is a built-in feature of Azure Monitor that does not require a separate installation charge.|
 |Infrastructure Monitoring|[Azure Monitor Insights](../insights/insights-overview.md) are a set of ready-to-use, curated monitoring experiences with pre-configured data inputs, searches, alerts, and visualizations to get you started analyzing data quickly and effectively. |
 |Dashboards|[Workbooks](../visualize/workbooks-overview.md)|
-|IT Service Intelligence|[Azure Monitor AIOps and built-in machine learning capabilities](../logs/aiops-machine-learning.md) provide insights and help you troubleshoot issues and automate data-driven tasks, such as predicting capacity usage and autoscaling, identifying and analyzing application performance issues, and detecting anomalous behaviors in virtual machines, containers, and other resources.|
 |Lookups|Azure Monitor provides various ways to enrich data, including:<br>- [Data collection rules](../essentials/data-collection-rule-overview.md), which let you send data from multiple sources to a Log Analytics workspace, and perform calculations and transformations before ingesting the data.<br>- KQL operators, such as the [join operator](/azure/data-explorer/kusto/query/joinoperator), which combines data from different tables, and the [externaldata operator](/azure/data-explorer/kusto/query/externaldata-operator?pivots=azuremonitor), which returns data from external storage.<br>- Integration with services, such as [Azure Machine Learning](../../machine-learning/overview-what-is-azure-machine-learning.md) or [Azure Event Hubs](../../event-hubs/event-hubs-about.md), to apply advanced machine learning and stream in additional data.|
 |Namespaces|You can grant or limit permission to artifacts in Azure Monitor based on [access control](../logs/manage-access.md) you define on your [Log Analytics workspace](../logs/log-analytics-workspace-overview.md) or [Azure resource groups](../../azure-resource-manager/management/manage-resource-groups-portal.md).|
 |Permissions|[Access management](../logs/manage-access.md)|