> Splunk's language is good as well (but maybe they're just making up for it in good typeahead support).

Not just typeahead. A lot of Splunk's power comes from data transformations and filters.

  get_logs 
  | apply_transform 
  | merge with other logs (which can also be log|transform|filter|transform) 
  | apply more transforms 
  | filter 
  | expose as a specific structure (that is, transform)
  | filter more

This would be anywhere from pain to impossible with SQL.