Same thing. I've tried looking into search.log files of a search that succeeds in extracting "info.event_type" at search time and a search that does not - there is no mentioning of anything like "event_type" in either file, particularly I was expecting to see it in this line:
05-05-2020 12:10:09.484 INFO LocalCollector - Final required fields list = *,Message,_bkt,_cd,_raw,_si,_subsecond,action,bytes_in,bytes_out,category,clamav_action,crit,dest_host,duration,eventtype,host,http_user_agent,id,index,linecount,main_sig_ver,message,message_extended,msg,null,ossec_group,ossec_group_list,process,product_version,request_content_type,rule_number,severity,signature,signature_version,source,sourcetype,splunk_server,src_ip,status,type,uid,vendor_product,vendor_severity
The only place the field name is mentioned is in the results in buckets/ and /events dirs.
I've also thought that the following line is relevant to my problem, but it's just a coincidence between Splunk eventtypes and "info.event_type" field, I guess:
05-05-2020 12:10:09.574 WARN FastTyper - Eventtypes may be incomplete. Event length=152930 is more than maxlen=10000. Please consider increasing the maxlen value under [typer] stanza in limits.conf
... View more