With hint by https://splunk-usergroups.slack.com/team/UB5DA9L02, it turns out that as the sourcetype is only known in the context of my application ics_analytics, in the service definition with SDK, I must indicate the application context with app= argument. Here is the corrected service definition:
service = client.connect(
port = '8089',
username = 'userid',
password = 'secrete',
once the sourcetype is properly declared to be known, the same code as above would be able to retrieve the field value of ENTRY.