Why is my field extraction not working properly between two log files?

Hello, I want to extract a field with the field extractor in Splunk. But when I extract these logs on log 1, I will get my field I want : "HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account" But on log 2, I won't get the field. How can I fix this? Log 1: 2016 Oct 30 19:13:08 (AAV) 145.46.122.14->syscheck-registry Rule: 596 (level 5) -> 'Registry Integrity Checksum Changed Again (3rd time)' Integrity checksum changed for: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account' Old md5sum was: '27511968a811898f0d7f1fed393d31d7' New md5sum is : '5876c6ae278cce7ff2108d8396e10ddc' Old sha1sum was: 'd94f9ea544b6b04caabc80d5bbe6b94854ae3406' New sha1sum is : 'b46d17a3ddc54b5d03464374514398a1835f857e' Log 2: 2016 Oct 29 06:53:09 (AAB) 145.46.40.146->syscheck-registry Rule: 594 (level 5) -> 'Registry Integrity Checksum Changed' Integrity checksum changed for: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tomcat' Old md5sum was: '3288a8f072b45b2fa9d879b2ba0fe453' New md5sum is : 'ff17914ec4722e9b7d3scdb508c5d55d' Old sha1sum was: '4d6b33e40721s837cd8de090ef0468b6b20a1f3b' New sha1sum is : '270dca37b8681ca739de4493b704333fb3be86a3'