Log forensics, the process of investigating security incidents using log data, has become more complex with the rise of cloud-native technologies. As organizations increasingly adopt these technologies to enhance competitiveness and agility, they face challenges in maintaining control and visibility over their expanding cloud environments. This lack of visibility can compromise application performance and security, prompting teams to rely on observability technologies. However, these technologies often present data in silos, leading to blind spots in security investigations. Dynatrace, a software intelligence platform, addresses these issues by offering deep visibility and understanding of applications and infrastructure, augmented by its data lakehouse, Grail. Grail retains data context without requiring upfront categorization, enabling precise and swift analysis of security events. By leveraging tools like Dynatrace Notebooks, Query Language (DQL), and Pattern Language (DPL), teams can perform effective log forensics, uncovering insights into malicious activities and improving their security posture. A case study involving Ludo Clinic demonstrates how these tools were used to detect and investigate a SQL injection attack and related suspicious activities, highlighting the efficacy of Dynatrace's solutions in identifying and addressing security threats.