It's likely not a problem with the fields in the flow record but with the sources of data being exported. Flow matching works best when all the exporters are sending the same fields. You presented a flow record but not all exporters (including firewalls) offer configurable flow records.
You said you have one router and two firewalls exporting.
You did mention the models of firewalls. That said not all firewalls send flow data the same. Cisco's ASA exports NSEL, which while in a NetFlow format sends flow data based on the firewalls function and configuration. For example, NSEL uses a fixed export format that will include username if authentication is configured on the firewall. It will also include data about any IP address translations if NAT is configured.
Other firewalls have their own export characteristics.
A couple of suggestions.
Try disabling flow export from the Core Firewall. It may be redundant with what the core router is exporting.
Try enabling export from an aggregation router. Another idea might be to enable flow from either a remote access concentrator (firewall?) or wireless LAN controller (or router that connects either of those devices to the core) that bring remote access users into the network.
Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.