You are working as a SOC analyst in a multinational company with multiple data centers...

Centralized logging is the foundation for enterprise-wide visibility and correlation. When logs remain local at each site, SOC analysts lose the ability to quickly pivot across systems, detect multi-stage attacks, and correlate signals (for example, an identity compromise at one location leading to lateral movement and exfiltration at another). Centralizing logs into a SIEM or log analytics platform standardizes ingestion, parsing, retention, and search, enabling consistent detections and faster triage. It also improves incident response by providing a single source of truth for timelines and scoping. Distributed logging and local logging keep data fragmented; even if collection exists, the lack of central correlation slows investigations and increases blind spots—exactly what the scenario describes. “Event tracing” is typically an internal diagnostic/telemetry method (often application or OS-level tracing) and is not the overarching architectural solution for aggregating logs across multiple sites. For SOC operations, centralized logging also supports governance and compliance by enforcing retention, access controls, and audit trails, and it enables consistent alerting and reporting across the entire environment.