Hi my data is comma delimited   , there  are 2 rows with a header. I'fd like the columns to be split by the comma into a more readable table. Thanks LOG_SEQ,LOG_DATE,LOG_PKG,LOG_PROC,LOG_ID,LOG_MSG,LOG_ADDL_MSG,LOG_MSG_TYPE,LOG_SQLERRM,LOG_SQLCODE,LOG_RECEIPT_TABLE_TYPE,LOG_RECEIPT_NUMBER,LOG_BATCH_NUMBER,LOG_RECORDS_ATTEMPTED,sOG_RECORDS_SUCCESSFUL,LOG_RECORDS_ERROR, 37205289,20250612,import_ddd,proposal_dataload (FAS),,GC Batch: 615 Rows Rejected 6,,W,,0,,,,0,0,0 37205306,20250612,hu_givecampus_import_HKS,proposal_dataload (HKS),,GC Batch: 615 - Nothing to process. Skipping DataLoader operation,,W,,0,,,,0,0,0 37205315,20250612,ddd,assignment_dataload (FAS),,GC Batch: 615 Rows Rejected 3,See harris.hu_gc_assignments_csv,W,,0,,,,0,0,0 I've tried a few things , currently I have :  <query>((index="splunkdata-dev") source="/d01/log/log_splunk_feed.log" )  | eval my_field_split = split(index, ",") , log_seq = mvindex(my_field_split, 0) , log_date = mvindex(my_field_split, 1) ,log_pkg= mvindex(my_field_split, 2) ,log_proc = mvindex(my_field_split, 3) ,log_msg = mvindex(my_field_split, 4) ,log_addl_msg= mvindex(my_field_split, 6) , log_msg_type = mvindex(my_field_split, 7) ,log_sqlerrm = mvindex(my_field_split, 😎 , log_sqlcode= mvindex(my_field_split, 9)  | table [|makeresults |  eval search ="log_seq log_date log_pkg log_proc log_id log_msg log_addl_msg log_msg_type log_sqlerrm log_sqlcode" | table search ] table   ... View more