How do I dynamically create multi value fields in Cribl?
For example, I would like to take the following and send it as a multi value event in Splunk:
cs19=00:40:03:05:79:e1;00:40:03:05:79:d1;00:40:03:05:7a:25;00:40:03:05:7a:89;00:40:03:05:79:f1;00:40:03:05:7a:4d;00:40:03:05:79:cd;00:40:03:05:79:dd;00:40:03:05:7a:51;00:40:03:05:79:fd;00:40:03:05:78:c9;00:40:03:05:78:f1;00:40:03:05:79:0d;00:40:03:05:79:2d;00:0a:f7:fb:77:58;64:00:6a:7c:65:48;64:00:6a:7c:6d:26;64:00:6a:7c:66:d5;64:00:6a:7c:5f:66;14:18:77:6b:31:01;00:40:03:05:78:cd;64:00:6a:7c:65:b4;00:40:03:05:79:05;64:00:6a:7c:66:f2;00:40:03:05:7a:91;00:40:03:05:7a:69;00:40:03:05:79:75;00:40:03:05:79:25;00:40:03:05:7a:09;00:40:03:05:79:35;64:00:6a:7c:6d:ce;64:00:6a:7c:6b:79;14:18:77:6b:63:81
For example, this sample event can come in with anywhere from 1 to 50 different MAC addresses.