Here's another event missing firld names: Event ID 4627 which lists the group membership of a user when he logs on is missing field names.
2017 Feb 21 13:33:23 WinEvtLog: Security: AUDIT_SUCCESS(4627): Microsoft-Windows-Security-Auditing: (no user): no domain: Hostname: S-1-5-18 HOSTNAME$ DOMAN 0x3e7 S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX Username HOSTNAME 0x22d8dd8 7 1 1 <LF><CR> <TAB><TAB>%{S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXX} <TAB><TAB>%{S-1-1-0} <TAB><TAB>%{S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX} <TAB><TAB>%{S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXX} <TAB><TAB>%{S-1-5-32-562} <TAB><TAB>%{S-1-5-32-578} <TAB><TAB>%{S-1-5-32-556} <TAB><TAB>%{S-1-5-32-555} <TAB><TAB>%{S-1-5-32-545} <TAB><TAB>%{S-1-5-4} <TAB><TAB>%{S-1-2-1} <TAB><TAB>%{S-1-5-11} <TAB><TAB>%{S-1-5-15} <TAB><TAB>%{S-1-5-113} <TAB><TAB>%{S-1-2-0} <TAB><TAB>%{S-1-5-64-10} <TAB><TAB>%{S-1-16-8448}<SPACE> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.