Thanks for the question! Let me take a guess here. I’m sure it’ll be followed up by several of our expert users in the community.
Graylog’s processing pipelines allow you to modify and manipulate log messages as they are received. Can can create a multi-value field in Graylog, but you need to use the pipeline’s rules to split a single field into multiple fields using the split rule function. The split rule splits the field value by a specified delimiter (in this case, a comma). For example, let m = split(“,\t”, to_string($message.message));
Here’s an example from a community post:
I hope this helps.