Its seems that the data coming in to my Splunk Reporting server, is missing fields ...  you can see in the syslog example I have the ip and hostname info .. but in the splunk ib:ddns index datasource ... there are "" missing data .. I suspect the "field extractions" is not working correctly ... not sure where to fix this ??? Thanks in advance for any help.

2022-02-03 17:36:19 EST daemon INFO named[21748] update: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: updating zone 'corp.com/IN': deleting rrset at 'windowspc1.corp.com' A
2022-02-03 17:36:19 EST daemon INFO named[21748] update: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: updating zone 'corp.com/IN': deleting rrset at 'windowspc1.corp.com' AAAA
2022-02-03 17:36:19 EST daemon INFO named[21748] update-security: client @0x7f79ebb2a200 10.12.129.23#62527/key windowspc1\$.corp.com: signer "windowspc1\$.corp.com" approved
2022-02-03 17:36:19 EST daemon INFO named[21748] queries: client @0x7f7a14001190 10.12.129.23#58643 (windowspc1.corp.com): query: windowspc1.corp.com IN SOA + (10.220.158.21)
2022-02-03 17:35:56 EST daemon INFO named[21748] update: client @0x7f7a441cc080 10.12.129.23#61108/key windowspc1\$.corp.com: updating zone '10.in-addr.arpa/IN': adding an RR at '23.129.12.10.in-addr.arpa' PTR windowspc1.corp.com.