It would be nice to have the additional information included into the HEC events send to Splunk. At the moment only domain, entity_id and value are available.
Mostly I am missing the area, but also it would be nice to have the integration and device available.