You are correct, and this is the key part - what % of organizations have money, skills and people to build a robust enough capability around threat hunting, for example?
I’ve been super lucky to meet various orgs and their security in all geographies and many industries and my gut feeling is 1 out of 10 teams.
Security Onion does an amazing job at collecting and correlating, especially for an open source product. The traditional trade of with Open Source is there - a bit of up front effort for longer term value.
There are viable products around human threat hunting which would be impossible without a 'collect all the data' component.