I've found that it's great for a sort of RAD tool, but the functionality ends there because licensing and scalability are so expensive. The other problem is that it's so generally purposed that it reaches a point where integration with existing sort of FCAPS compliant setups is more of a chore than anything. Best put, it sort of reminds me of a Oracle Application Express for logs. I can do most anything with it quickly to get a good handle on things, but in the end I'm going to take those ideas and make something better with them.
I use Splunk, and am a big fan of everything except the cost. It works well, but it gets very expensive, very quickly when you grow beyond the 500MB/day free limit. I'm basically only collecting very limited usage log type information, because of that limit.
It's not just the size limit that's a problem in Splunk, the user accounting is only in the paid version - the free version is completely open for anybody to browse and it's up to you to secure it.
Granular access controls are nice under certain scenarios, but adding a basic ACL isn't hard. "Can use Splunk" and "Can't use Splunk" is enough control for me at the moment, fortunately.