This is a really great new feature!
Please also add support to the director console.
Anyway, the key-value-pair mode doesn’t seem to work with the “comma” delimiter.
It would also be great to have a “regex” log type option, where you can specify the key-value parsing yourself.
Thanks a lot Markus for your feedback 
@Basudev Raut could you please help out here? :)
Hello Markus,
We acknowledge the issue with “comma” delimiter in key-value-pair mode and have already worked out on the fix. The fix will very soon be available in the new release.
Regarding its support in the director console, we are working things out with the Director team and looking forward to have some answer or integration in near future.
Furthermore, we have currently supported standard delimiters only. Adding a “regex” log type with ‘regex as delimiter’ capability will add more complexity to the Universal Normalizer as we will be unable to predict the possible values as regex from user. This uncertainty will prevent us from proper testing of the Universal Normalizer in key-value mode. Moreover, in some cases like pipe ( | ) user may add only the symbol ‘|’ as delimiter but it would require for some characters as such to be escaped in the regex like ’\|’. Such unexpected usage will result in creating Compiled Normalizers that would not behave as expected. For all such reasons we have only added standard delimiters as of now.
I hope this resolves your query.
---
Best Regards,
Sameer Kattel,
Associate Security Analytics Engineer,
Security Research Department
Hi @markus.nebel@8com.de, we are glad to share that the points you brought to our attention has been addressed in the new 5.0.1 release. Please see the details here:https://servicedesk.logpoint.com/hc/en-us/articles/8874831748253
