I have some fields within Splunk that are showing 1 to many values.

One log may have the following:

sig_names="value1,value2,value3"

And another log may have the following:

sig_names="value2,value3"

And one more log may have the following:

sig_names="value1"

Within Splunk, the following will be shown in the Field Extractions:

sig_names

__Values__ ------------------------- __Count__ ------- __%__
value1,value2,value3 --------  _34_ --------- _96%_
value2,value3  ----------------- _4_  -------------_2%_
value1--------------------------- _4_ -------------_2%_

I may have a regex for something like rex field=sigNames "(?P<sigName>[^\x2c]+)"

This returns multiple matches within a single field... each instance of value up until a comma.
But Splunk just matches the first capture and calls it a day. When I use a rex on that field, I get something like:

sigName

__Values__ ------------------------- __Count__ ------- __%__
value1 ---------------------------  _38_ -------- _98%_
value2 -------------------------- _4_  -------------_2%_

(notice how value3 is completely omitted as it never came first in any of the strings?)

In the end I want to get a count of EACH value1, EACH value2, and EACH value3 so I end up with something like:

sigName

__Values__ ------------------------- __Count__ ------- __%__
value1 ---------------------------  _21_ --------- _98%_
value2 -------------------------- _15_  -----------_2%_
value3 --------------------------- _6_  -----------_2%_

How do I extract multiple values from one field with an unknown amount of value instances using a regex?
(could have a single value with no comma following, or could have 5 values with a comma between each)