Using the output assistant, and configuring the base of my search (i.e. sourcetype="wineventlog:security"), I see results showing up in CEF format but the "Splunk Fields" section is always blank. I tried in both IE and FireFox just to ensure it wasn't a browser rendering issue. Any ideas or is it still possible to use fields that I know exist? The drag and drop portion is not working because of this.
I've been able to glean the following search terms to modify the CEF output: