I have an xml file in a logging statement that I extracted 3 instances of the value . These values are correctly displayed in a table in separate columns.
The xml file will have 2 or 3 instances of the value: ****
This is the query:

source="messaging-service.log" sourcetype="hidden" "createMessage MsgSource" | xmlkv  | rex max_match=0 "\<purchCostReference\>(?P<segment>[^\<]+)" | eval Segment1 =  if(isnotnull(mvindex(segment, 0)), "FirstSegment", ""), Segment2 =  if(isnotnull(mvindex(segment, 1)), "SecondSegment", ""),  Segment3 =  if(isnotnull(mvindex(segment, 2)), "ThirdSegment", "")  | table purchCostReference, eventType, Segment1, Segment2, Segment3

I tried using the case statement but it only returns the first value, FirstSegment in the table.

sourcetype... | xmlkv  | rex max_match=0 "\<purchCostReference\>(?P<segment>[^\<]+)" | eval Segments =  case(isnotnull(mvindex(segment, 0)), "FirstSegment", isnotnull(mvindex(segment, 1)), "SecondSegment", isnotnull(mvindex(segment, 2)), "ThirdSegment") |  table purchCostReference, eventType, Segments | eventstats list(Segments) as Segments by purchCostReference, eventType | sort purchCostReference, eventType

I would like there to be 1 column, Segment and the FirstSegment, SecondSegment, ThirdSegment be listed in the column.
Is there any Splunk function that allows me to create a group called 'Segment' and add the variables, FirstSegment, SecondSegment, ThirdSegment to it?