I am using Splunk for Blue Coat and I have determined what fields need to be and what order they are in but when I put the list into the transforms.conf file and run a search some fields are left off.

FIELDS = "date", "time", "time_taken", "c_ip", "src_user", "user_group", "x_exception_id", "filter_result", "category", "http_referrer", "sc_status", "http_method", "action", "http_content_type", "uri_scheme", "dest_host", "dest_port", "uri_path", "uri_query", "uri_extension", "http_user_agent", "dvc_ip", "cs_bytes", "sc_bytes", "x_virus_id", "x_bc_app_name", "x_bc_app_op"

The problems occur at sc_status. This field does not pull into search for some reason. When I try and add it to by selected fields it shows up in the selected field list but not in the available fields list. I thought their might be some issues with aliases bc this field had an alias in the props.conf file so I commented it out but that did not fix the issue. Does anyone know whats going on here? -Thanks in advance.

Sample Event - Each line correlates to a field:

2013-01-30 
22:15:07 
698 
10.100.10.100 
USER
- 
- 
OBSERVED 
"Web Advertisements"
 -  
 200 
 TCP_NC_MISS 
 GET 
 text/html;%20charset=UTF-8 
 http 
 googleads.g.doubleclick.net 
 80 
 /pagead/ads 
 ?client=....Huge Long Query String...
 www.kpdirection.com 
 - 
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko)  Chrome/24.0.1312.56 Safari/537.17" 
101.111.11.10 
515 
1120 
- 
"none" 
"none"