…….
[EPOEvents].[AnalyzerVersion] as [product_version],
[EPOEvents].[AnalyzerEngineVersion] as [engine_version],
[EPOEvents].[AnalyzerEngineVersion] as [dat_version],
[EPOProdPropsView_VIRUSCAN].[datver] as [vse_dat_version],
…….
Splunk reference:
http://docs.splunk.com/Documentation/AddOns/released/McAfeeEPO/ConfigureDBConnectv2inputs

Questions:
1) it should not be "AnalyzerEngineVersion" as dat_version, it should be "AnalyzerDATVersion"
So it should be
…….
[EPOEvents].[AnalyzerVersion] as [product_version],
[EPOEvents].[AnalyzerEngineVersion] as [engine_version],
[EPOEvents].[AnalyzerDATVersion] as [dat_version],
[EPOProdPropsView_VIRUSCAN].[datver] as [vse_dat_version],
…….

2) which field is exactly the latest virus signature of each client machine??

refer to https://answers.splunk.com/answers/560951/signature-version-seams-to-use-wrong-field.html
vse_dat_version is the signature version field?