I've written about Namespaces here before - https://medium.com/@thatsiemguy/auditing-chronicle-siem-namespaces-743e37ab48e0

but tldr - they're for solving overlapping IP address ranges

Usefull for managing overlapping ip addresses and have a fast way to find the geo source

@cmmartin_google We have multiple Cloud vendors and there is IP overlap acorss distinct environments, so I see the point there.

Can you describe more about "Certain Chronicle SIEM integrations apply Namespaces tags dynamically, such as GCP_CLOUDAUDIT?"
Does this suggest some log source parsers will use tags even if you don't set them up?

That's right, for GCP it uses the Project name as a Namespace. For AWS I believe it does the same (with whatever the AWS equivalent of a Project is)

We have huge #s of projects across GCP and AWS so using project related info may be too numerous.

So far I've not seen any logs with tags yet - so maybe we have tagging "not turned on" if there is such a thing?