Logentries hits the perfect sweet-spot for us in terms of functionality, pricing, support, and management. Its app is intuitive and its query language (LEQL) is powerful, yet easy to use for simple cases.
Some great features they have are the inactivity alerts and anomaly alerts. Anomaly alerts are great, especially for cases like "Alert me when the number of HTTP 404 errors goes up by 50% relative to my total traffic"
Their support is quick and knowledgable. I've personally filed over 15 support tickets and they have always promptly answered.
I wish Logentries had a more fully featured API for creating alerts and tags. They've told me this is in the works, but it has been over 6 months.
Queries over longer periods of time can seem to never resolve and time out especially if there are a lot of entries.
Their application lacks advanced administrative features such as restricting specific users to specific streams, or even having defined roles for users. For a smaller organization, this is fine, but can be a blocker for larger teams.
Take a look at other vendors and see what meets your exact needs, but Logentries provides a good balance of price and features.
We really needed something that:
* Could aggregate streams from multiple VMs
* Wasn't prohibitively expensive
* Had inactivity alerting
* Had an API to program against
Our developers enjoy using the web UI for querying and we strongly rely on their alerts for anomaly and inactivity reporting.