I guess you did not use any tool to make the connection? We have an upcoming project that includes the integration of those two systems. But we'll be using a custom tool (it's called zigiops) so that everything will be handled and done in no time.
The events from SNOW appear to be very large and if you couldn't reduce the size of the events any more, you may want to check the length of raw events. Just in case the missing fields happens mostly from events larger than 10000 and which - those missing fields - appear more than 10k bytes into the events. Then try to tune maxchars under kv.
Use len function to get length
"your base search for SNOW data" | eval length = len(_raw)
maxchars = 10240 to be tuned according to raw event length if it happens to the events larger than 10240.