but when I use "," it spliting the my value where "," appeared.

in my value I have commas I don't want to split by commas. I want to split by different field only.

Use a delimiter that doesn't appear in your fields, for example:

| eval nested_payload=mvzip(mvzip(flaw, solution,"#"),answer,"#")
| eval nested_payload=split(nested_payload,"#")

index=main sourcetype="ms.356"
| eval nested_payload=mvzip(flaw, solution, "--")
| mvexpand nested_payload
| eval flaw=mvindex(split(nested_payload,"--"),1)
| eval solution=mvindex(split(nested_payload,"--"),0)
| eval nested_payload=mvzip(answer, COE, "--")
| mvexpand nested_payload
| eval answer=mvindex(split(nested_payload,"--"),1)
| eval COE=mvindex(split(nested_payload,"--"),0)
| table flaw solution answer COE

when I use above SPL I get field separately but my flaw and answer field value are repeating. on the first value relating for all.

Please can you share an anonymised sample of the log you are trying to extract from?

Found 2 issues of Low severity.
CWE-209: Information Exposure Through an Error Message: tiles/error/errorUncaughtMessage.jsp:9
Details: <span> The application calls the javax.servlet.jsp.JspWriter.print() function, which may expose information about the application logic or other 
details such as the names and versions of the application container and associated components.  This information can be useful in executing other attacks 
and can also enable the attacker to target known vulnerabilities in application components. </span> <span>Ensure that error codes or other messages 
returned to end users are not overly verbose.  Sanitize all messages of any sensitive information that is not absolutely necessary.</span> 
<span>References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a></span>
https://downloads.veracode.com/securityscan/cwe/v4/java/209.html
CWE-245: J2EE Bad Practices: Direct Management of Connections: edu/ufl/osg/webmail/prefs/DBPrefsPlugIn.java:172
Details: <span>This call to getConnection() fails to use the J2EE container's resource management facilities as required by the J2EE standard.</span> 
<span>Request the connection from the container rather than attempting to access it directly.</span> <span>References: <a href="https://cwe.mitre.
org/data/definitions/245.html">CWE</a></span>
https://downloads.veracode.com/securityscan/cwe/v4/java/245.html​

Found 2 issues of Low severity.
CWE-209: Information Exposure Through an Error Message: tiles/error/errorUncaughtMessage.jsp:9
Details: <span> The application calls the javax.servlet.jsp.JspWriter.print() function, which may expose information about the application logic or other 
details such as the names and versions of the application container and associated components.  This information can be useful in executing other attacks 
and can also enable the attacker to target known vulnerabilities in application components. </span> <span>Ensure that error codes or other messages 
returned to end users are not overly verbose.  Sanitize all messages of any sensitive information that is not absolutely necessary.</span> 
<span>References: <a href="https://cwe.mitre.org/data/definitions/209.html">CWE</a></span>
https://downloads.veracode.com/securityscan/cwe/v4/java/209.html
CWE-245: J2EE Bad Practices: Direct Management of Connections: edu/ufl/osg/webmail/prefs/DBPrefsPlugIn.java:172
Details: <span>This call to getConnection() fails to use the J2EE container's resource management facilities as required by the J2EE standard.</span> 
<span>Request the connection from the container rather than attempting to access it directly.</span> <span>References: <a href="https://cwe.mitre.
org/data/definitions/245.html">CWE</a></span>
https://downloads.veracode.com/securityscan/cwe/v4/java/245.html

It is not clear from this which field is flaw, solution and answer. Please can you show the results of 

| table flaw solution answer

for these events?

Flaw field

The application calls the javax.servlet.jsp.JspWriter.print() function, which may expose information about the application logic or other 
details such as the names and versions of the application container and associated components.  This information can be useful in executing other attacks 
and can also enable the attacker to target known vulnerabilities in application components.

Solution field

Ensure that error codes or other messages 
returned to end users are not overly verbose.  Sanitize all messages of any sensitive information that is not absolutely necessary

Answer field

https://cwe.mitre.org/data/definitions/209.html

So, none of this text includes a hash (#) so use that as your delimiter on the mvzip and split commands (as I suggested earlier)

It still putting the field together. But when I use the Below SPL it is separating the fields as I want but first two felids are repeating first event field value. Why is this happening?

index=main sourcetype="ms.356"
| eval nested_payload=mvzip(flaw, solution, "--")
| mvexpand nested_payload
| eval flaw=mvindex(split(nested_payload,"--"),1)
| eval solution=mvindex(split(nested_payload,"--"),0)
| eval nested_payload=mvzip(answer, COE, "--")
| mvexpand nested_payload
| eval answer=mvindex(split(nested_payload,"--"),1)
| eval COE=mvindex(split(nested_payload,"--"),0)
| table flaw solution answer COE

Because that's how mvexpand works - it duplicates all the fields not being expanded.

I am trying to accomplish here is getting all the event value in same row. when I you the table command ther is no row separation each event. Is there any way I can accomplish without using mvzip or mvexpand. and field also need to be searchable form dashboard.

Something like this?

| eval joined=mvappend(flaw,solution,answer)
| eval joined=mvjoin(joined,"
")

which query I use this?

index=main sourcetype="ms.356"
| eval joined=mvappend(flaw,solution,answer,COE)
| eval joined=mvjoin(joined,"
")