Mapping the custom strings to correct one in logging

Hi all,
We are sending logs to our logs receiver from Zscaler proxy. Most of the field names are appearing correctly, except few of them.
For example- dst=%s{sip} is correctly mapped and the IP address appears in the titled filed.
But, cn1=%d{riskscore} cn1Label=riskscore , these 2 should have been like- riskscore=%d{riskscore}
I tried changing this mapping in the loging format, but then the value of cn1 goes blank. Currently the logging is creating 2 fields in destination logging server, where one field is containing only riskscore and other field is containing the value of riskscore. I want the value of riskscore to come in the field of riskscore.
Can someone plz explain how to do it correctly !!!

Thanks in advance