Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

what is the cause of ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex

FritzWittwer_ol
Contributor
‎10-10-2018 11:26 PM

I get this error messages for rather simple regexep

10-11-2018 07:48:27.818 +0200 ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex: (\S+\s+\S+\s+\S+)\s+(?\S+).\ss=(?\S+)\s.+\sx=(?\S+)\s+mod=(?\S+)\s+(?cmd=(env_from|data|msg).)
10-11-2018 07:48:27.818 +0200 ERROR regexExtractionProcessor - Regex for stanza SDCS-liveclone-firmenich-ls_reformat01 exceeded configured PCRE match limit. Consider raising the MATCH_LIMIT for the regex in props.conf

The transforms which contains this regexp is

[SDCS-liveclone-xxxxxxxx-ls_reformat01]
SOURCE_KEY = _raw
(env_from|data|msg).*)
REGEX = (\S+\s+\S+\s+\S+)\s+(?<host>\S+).*\ss=(\S+)\s.+\sx=(?\S+)\s+mod=(\S+)\s+(cmd=(env_from|data|msg).*)
DEST_KEY=_raw
FORMAT=$1 transaction_id=$2_$4 server=$2 session_id1=$3 session_id2=$4 mod=$5 $6

The match limit is 10'000 and the regexp is rather simple so i don't see a reason for this error.

Tags (1)
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...