We are adding a new feature to our product to send data in key value pairs into Splunk using the new 6.3 Http Event Collector. We want our data in Splunk to be easily usable by customers as they build Splunk dashboards.

We have some values that change infrequently. Should we be sending the value that changes infrequently with each event we send to Splunk, or just when it actually changes? Or should we send that value only when it changes?

2015-11-09 16:00:00.000 sentbytes=1000 receivedbytes=50 signalstrength=good
2015-11-09 16:00:05.000 sentbytes=10 receivedbytes=750 signalstrength=good
2015-11-09 16:00:10.000 sentbytes=109 receivedbytes=0 signalstrength=good
2015-11-09 16:00:15.000 sentbytes=244 receivedbytes=987 signalstrength=poor

or

2015-11-09 16:00:00.000 sentbytes=1000 receivedbytes=50 signalstrength=good
2015-11-09 16:00:05.000 sentbytes=10 receivedbytes=750 
2015-11-09 16:00:10.000 sentbytes=109 receivedbytes=0
2015-11-09 16:00:15.000 sentbytes=244 receivedbytes=987 signalstrength=poor