you can use the mvindex() eval function on your multi-value lists, but you first need to convert it from a string to a mvlist, using either the makemv search command, the split() eval function, or by defining an additional REPORT extraction (that runs after the main one you already have) for each field that operates on the originallly extracted list and puts the values in a list with the MV_ADD option.

Update....

I finally got the regex going

REGEX = ^(?[^;]);(?[^;]);(?[^;]);(?[^;]);(?[^,]),(?[^;]);(?[^;]);(?[^,]),(?[^;]);(?[^;]);(?:(?[^;]);)?(?:(?[^;]);)?(?:(?[^;]*)$)?

but is there a way to use the Timers and Values fields as an array of values within those fields, so they can be referenced in such a way as Timers[3] or will I have to use rex during the search to make dynamic fields from the Timers field?

Update....
In transforms.conf, for Date onwards, I have

....;(?[^;]);(?:(?[^;]);)?(?:(?[^;]);)?(?:(?[^;]);)

I don't fully understand the regex, but I am never getting any 'Values' field found and in a line that has

1672,32,0,1640;0,0,1,1,42;

which represents 1672,32,0,1640 as Timers and 0,0,1,1,42 as Values and there are no Fields, Splunk says that 1672,32,0,1640 are Timers and 0,0,1,1,42 are Fields, but no Values, so can anyone say what's wrong with the regex above? In my original post I said that Values/Fields can be 1..n, but it's 0..n

Update....

After a bit of mistakes and fiddling with props.conf and transforms.conf in etc/system/local, I got the fields to be recognised, by setting a manual sourcetype=server_instr when adding data. However, I also need to be able to split the Timers, Values and Fields depending on certain criteria in the data, e.g. if Cmd=102, the if Value[0] == 3 then count of Timers = X, so how can I do this. I also want to search, e.g. Cmd=102 && Timer[4] > 3000. How can I do this?

In props.conf (just put it on all machines, forwarders, indexers, and search heads; look here if you really want the details) put:

props.conf:

[mynewsourcetype]
SHOULD_LINEMERGE = false
TIME_PREFIX=^(?:[^;]*;){7}
TIME_FORMAT=%Y-%m-%d %H:%M:%S.%3N
REPORT-mynewsourcetypefields = mynewsourcetypefields
KV_MODE = auto

transforms.conf could be one of multiple possible versions. Simple one is:

[mynewsourcetypefields]
DELIMS=";,"
FIELDS = Service,Cmd,Pid,Tid,Count1,Count2,UserName,UserId,DateTime

A more complete one is:

[mynewsourcetypefields]
REGEX = ^(?<Service>[^;]*);(?<Cmd>[^;]*);(?<Pid>[^;]*);(?<Tid>[^;]*)(?<Count1>[^,]*),(?<Count2>[^;]*);(?<UserName>[^,]*),(?<UserId>[^;]*);(?<DateTime>[^;]*);(?:(?<Timers>[^;]*);)?(?:(?<Values>[^;]*);)?