Log line:

eventDate="2014-03-24 14:42:00.945" eventType="adam.test" eventDevice="test.client" dstip="44.184.5.99" srcip="44.184.5.99" domain="value6" domain="value9" ver="5" dstport="5" srcport="4" user="value4" proto="value8"

Search:

eventType="adam.test" | eval domain1=mvindex(domain,1)

Result? Everything but no domain1 field.

I am trying to search by second or first "domain" field value eval'ing it into domain1 - no luck.