Security analysts often spend large amounts of time reviewing logs from systems attempting to locate the proverbial needle in a haystack. With the sheer volume of logs, LCE provides several methods of focusing the analysis process, beginning with which systems are sending logs, grouping logs by event type, and also by normalizing logs. This dashboard facilitates the initial log analysis and provides a starting point for practitioners to use in the hunt for compromised systems.