The best way to extract these values is to group the desired field name and corresponding value, detached by the delimiter. To preserve the actual field name as closely as possible, a regular expression will help.

In your props.conf define a report

#props.conf
[answers-1372947346]
REPORT-get_perf_fields = get_perf_fields

In transforms.conf define the extraction method:

#transforms.conf
[get_perf_fields]
REGEX = ([a-zA-Z\(\)\%]+)\:([a-zA-Z0-9]+)
FORMAT = $1::$2
MV_ADD = true

This should automatically load the fields at search time. Note that the non-alphabetic characters will be replaced with an underscore character. That means ProcessUtilisation(%) will become ProcessUtilisation___.

PS: If you are unsure as to where to place the props.conf or transforms.conf files, open or create them under $SPLUNK_HOME/etc/apps/search/local/ in Linux/UNIX or %SPLUNK_HOME%\etc\apps\local in Windows.

I don't particularly, I'm new to splunk and trying to workout what's the best way to extract the data i want

Why would you want to change the separator to "=" that's already in use within the logging. In terms of the log itself, they have different structure relevance.

You don't necessarily need to. Use the field definition tool on sample data. Select the drop-down arrow against any sample log entry, take the "extract field" option, and follow through the dialogue. This will (attempt to) automatically created a regex for reliably locating your required field. You may need to refine the regex manually if the generated form pulls unexpected values from unintended records, but you have ample opportunity to refine and test.