Most, but not all of the field extractions, lookups, and aliases created in the TA-DNSServer-NT6 app are viewable when looking through the Search and Reporting application, but not when searching through the Enterprise Security application.
The TA-DNSServer-NT6 sharing is set to Global (everyone-read,admin-write)
Unsure why only a handful of Lookups generated fields are viewable through ES, but everything is viewable through Search&Reporting.
I'm guessing this is some kind of bug with how Enterprise Security ingests applications, if I copy the props and transforms from TA-DNSServer-NT6/local and place them in SplunkEnterpriseSecuritySuite/local then I get all the field extractions, etc that I'm expecting.