When you create field aliases cs_username = user in sourcetype cisco_wsa_squid and Username = user in sourcetype cisco_firewall and perform a search like sourcetype=cisco* user=*, do you receive results from both sourcetype?
I see results from one sourcetype cisco_wsa-squid.
You must consider the scope of effect of these field alias settings.
If the sharing settings are "private", you must be the user running the search.
If the sharing setting are "app", you must be inside the app context when running the search.
If the sharing settings are "global", then it should work everywhere for everyone.