First of all thanks for the reply...
Here I cannot able to use max_match with rex by which I can able to find out all the records in that line.

Hi WoodCock,

I can able to extract the information from the log using your answer which you posted with one of my colleague's question (the same question) with minor modification of query.

| rex field=_raw "(?.{3})(?.{2})(?.*)"
| eval FieldValue=substr(TempFieldValue,1,FieldValueLen)
| eval TempFieldValue=substr(TempFieldValue,1+FieldValueLen)
| eval subevent=(TransactionCode . ":::" . FieldValueLen . ":::" . FieldValue)

| rex field=TempFieldValue "(?.{3})(?.{2})(?.*)"
| eval TransactionCode=mvappend(TransactionCode, TempTransactionCode)
| eval FieldValueLen=mvappend(FieldValueLen, TempFieldValueLen)
| eval FieldValue2=substr(TempFieldValue,1,TempFieldValueLen)
| eval FieldValue=mvappend(FieldValue, FieldValue2)
| eval TempFieldValue=substr(TempFieldValue,1+TempFieldValueLen)
| eval subevent=mvappend(subevent, TempTransactionCode . ":::" . TempFieldValueLen . ":::" . FieldValue2)

| mvexpand subevent
| rex max_match=5 field=subevent "(?.?):::(?.?):::(?.*)"

| table TransactionCode FieldValueLen FieldValue

By repeating the Bold set of query i can able to extract all the information from the log.

Is there any way to auto iterate this query (loop)? So that i can able to extract "n" number of such records upto end of line which is more or less equal to max_match.

Because we could not get the first pass into a single rex command, the answer is "no". However, we can clean it up quite a bit by putting part or all of it into a macro, which is what I suggest that you do.

Sure will try that..Thanks

Don't forget to "Accept" an answer to close of the question (up-voting useful comments is also appreciated).