Hello && Welcome Hank,
One of the first things to think about when a message comes in is how to break it up into it’s parts so you can act on those parts rather than on the whole message. It’s important to note that some Inputs such as Beats will automatically break out some basic fields for you )
Right in your Input section you can work on creating Extractors that have a variety of ways to break out the data including regex, GROK, key=value… al of that will be in the docs. Graylog also provides processing in a rule format inside a Processing Pipeline… you can do pretty much the same as using an extractor so the choice is up to you. When you think of Processing Pipelines consider that inputs feed streams, streams feed pipelines, pipelines contain rules for action at the end of which the details stored into Elasticsearch. Once you have the fields separated properly you can use Alerts set up with e-mail to notify your team.
That’s the high level view with some links to documentation where needed. If you run into more specific problems, post them here with relevant details (How to ask questions and Tips on Questions)