Hello,
I'm assuming that you've enabled log forwarding in accordance with this article:
Enable log forwarding - SolarWinds Worldwide, LLC. Help and Support
That said, LEM can't add foreign fields to the native "syslog" of Windows Security and Event logs because Windows logs aren't syslog. They're XML, and LEM's raw logs are just forwarding that XML as a text blob to your next device. I don't know what QRadar expects, but if it's looking for fancy XML formatting, that's not going to be forwarded by LEM because LEM never sees that fancy XML. Either the LEM Agent normalizes the XML for the alerts database or it stores the text version for raw logs.