A former employer commissioned me to be the technical lead on a project to introduce a SIEM. Coincidentally, part of the project was to have a dashboard ("of what?" "security metrics." "Ok, but which ones?" "The important ones" and so on). Getting the SIEM up and running sand ready to ingest data was relatively straightforward. Getting other teams to generate logs in the expected format and forward them to the indexer on the timescale they originally agreed to, on the other hand... A SIEM without data is useless.