Here is part of two raw log messages

"memberOf=CN=AU-SG NAT_ClientReadyApp,OU=UniversalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=AU-SG APC_DKGS_Users,OU=UniversalGroups,OU=Groups,DC=us,DC=tworld,DC=tmgs,DC=com|CN=AU-SG Citrix XenDesktop DTS Users,OU=GlobalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=AU-SG GHY Users,OU=GlobalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com"

"memberOf=CN=AU-SG NAT_ClientReadyApp,OU=UniversalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=AU-SG APC_DKGS_Users,OU=UniversalGroups,OU=Groups,DC=us,DC=tworld,DC=tmgs,DC=com|CN=AU-SG Citrix XenDesktop DTS Users,OU=GlobalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=AU-SG GHY Users,OU=GlobalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com|CN=AU-SG Desktop DTS Users,OU=GlobalGroups,OU=Groups,DC=au,DC=tworld,DC=GHY,DC=com"

I was want extract a multivalued field with by getting all the values of CNs and search time ( preferably in SPL)
For the first message "memberOf" field should be
memberOf= AU-SG NAT_ClientReadyApp
AU-SG APC_DKGS_Users
AU-SG Citrix XenDesktop DTS Users

For the second message, "memberOf" field should be
memberOf= AU-SG NAT_ClientReadyApp
AU-SG APC_DKGS_Users
AU-SG Citrix XenDesktop DTS Users
AU-SG Desktop DTS Users