I am using Splunk version 6.1.3 and Squid App 0.2v.
My props.conf contain:

[squid]
TIME_FORMAT = %s.%3N
MAX_TIMESTAMP_LOOKAHEAD = 15
KV_MODE = none
SHOULD_LINEMERGE = false
REPORT-squid = squid

My transforms.conf contain:

[squid]
REGEX = ^\d+\.\d+\s+(\d+)\s+([0-9\.]*)\s+([^/]+)/(\d+)\s+(\d+)\s+(\w+)\s+((?:([^:]*)://)?([^/:]+):?(\d+)?(/?[^ ]*))\s+(\S+)\s+([^/]+)/([^ ]+)\s+(.*)$
FORMAT = duration::$1 clientip::$2 action::$3 http_status::$4 bytes::$5 method::$6 uri::$7 proto::$8 uri_host::$9 uri_port::$10 uri_path::$11 username::$12 hierarchy::$13 server_ip::$14 content_type::$15

I am receiving squid logs at UDP 514. Sourcetype is manually set to "squid" (I just wrote squid in the field)
When I try search sourcetype="squid", things goes fine and I have results, but if I put command sourcetype="squid" action="*" , I do not have any results.
When I run squid app, there are no results too. Job inspector shows me this information:

This search has completed, but did not match any events. The terms specified in the highlighted portion of the search and this part is highlighted:

search sourcetype="squid" action="*" | eval reqcount=1

and

The following messages were returned by the search subsystem:

DEBUG: base lispy: [ AND sourcetype::squid ]
DEBUG: search context: user="admin", app="SplunkforSquid", bs-pathname="/opt/splunk/etc"

As a test, I tried to change sourcetype to "syslog" and run search

"*search sourcetype="syslog" action="**" 

.. and It gave me results, but when I tried to put search like:

*search sourcetype="syslog" clientip="*" uri_host="*" uri_path="*"*

.. I didn`t get any results. There are no clientip, uri_host or uri_path fields extracted, or even indexed.

Can you help me with this problem?