I have created a database lookup and have changed the maximum matches in the lookup defintion to 100, but only 1 match is being returned. I am using DB Connect 1.1.2 with an Oracle database.
You need to set max_matches in the corresponding stanza in both transforms.conf and dblookup.conf. Have you restarted Splunk after making those changes?
Hi, I have a lookup whose maximum match is 249. I've set the "max_matches" to 300 but the maximum it returns is only 99. Is it the limit? Are there any other settings I need to modify? Any help would be appreciated.
You need to set max_matches in the corresponding stanza in both transforms.conf and dblookup.conf. Have you restarted Splunk after making those changes?
Hi. Yes, the subject of editing dblookup.conf and transforms.conf files to create a lookup that returns more than the default number of one match is covered here:
I did not edit the config files. I only made the change in the Lookup definitions via Splunk web. Adding max_matches to dblookup.conf fixed the issue. Is it documented anywhere that you need to make changes to this file as well? Thanks!
