Hi,

You could write the regex to match the field values to capture the commands in your newly extracted field. See below,

| makeresults 
| eval commands="vi,cd,hello,world"
| makemv delim="," commands
| mvexpand commands
| rex field=commands "(?<abc>.*)"
| eval contains_command=if(match(abc,"vi|cd"),"Yes","No")

Here I have extracted field abc from field commands and then I used eval and simple regex using match function to identify the commands in field abc
If it's there then I will see result as yes and no respectively.