Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

where can i set max_match option ?

rakesh_498115
Motivator
‎02-12-2013 10:17 AM

Hi ..

For all the regular expression fields created using rex command , there is option called max_match to match all the occurrences of the rex field. Can i know where we will define this option ..to reflect to all the rex fields..

In my props.conf..
i have something like this

EXTRACT-myapps:(?[^<]*)<

So for this field ProductName i want to increase the max_match count or i need to keep max_match = 0 to match all the occurences possible....
Query used with max_match :

sourcetype="myapps" | rex max_match=0 "(?[^<]*)<" | top ProductName

If i give it query its working but i need to know whether i can give in my conf files..please help..

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

jonuwz
Influencer
‎02-12-2013 10:26 AM

You can't.

You need to move the extraction to transforms.conf, and specify MV_ADD=true

I dont think you can specify a max_matches, it'll just find them all.

docs

View solution in original post

Reply
Solved! Jump to solution
Solution

jonuwz
Influencer
‎02-12-2013 10:26 AM

You can't.

You need to move the extraction to transforms.conf, and specify MV_ADD=true

I dont think you can specify a max_matches, it'll just find them all.

docs

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎02-15-2013 12:34 PM

yeah its really.. 🙂

0 Karma
Reply
Solved! Jump to solution

jonuwz
Influencer
‎02-15-2013 11:08 AM

good man. the world of transform opens up a world of possibilities

0 Karma
Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎02-15-2013 10:55 AM

Thanks jonuwz..I finally managed to get it...:)

0 Karma
Reply
Solved! Jump to solution

jonuwz
Influencer
‎02-12-2013 11:06 AM

You try it, and if you get stuck, post what you tried, and why it didn't work.

Reply
Solved! Jump to solution

rakesh_498115
Motivator
‎02-12-2013 10:52 AM

oh..in that case can you transform my rex above to transforms.conf pls..

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Your Splunk App Development: New Tools & Support

UCC FrameworkAdd-on Builder has been around for quite some time. It helps build Splunk apps faster, but it ...

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...