From 984c69b5d68f596ef680328dcfdd2dcd68c4c4c4 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 5 Mar 2026 09:48:05 +0100
Subject: [PATCH] doc: be more precise for decompress transforms

Ticket: 7846
(cherry picked from commit 1e0f344ab71f8f6305ce620c8010a157e67099bd)
---
 doc/userguide/rules/transforms.rst | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/userguide/rules/transforms.rst b/doc/userguide/rules/transforms.rst
index 4bb7915170..3b961a4407 100644
--- a/doc/userguide/rules/transforms.rst
+++ b/doc/userguide/rules/transforms.rst
@@ -401,6 +401,7 @@ gunzip
 Takes the buffer, applies gunzip decompression.
 
 This transform takes an optional argument which is a comma-separated list of key-values.
+Key and value are separated by a space.
 The only key being interperted is ``max-size``, which is the max output size.
 Default for max-size is 1024.
 If the decompressed data were to be larger than max-size,
@@ -413,7 +414,7 @@ Example::
     alert http any any -> any any (msg:"from_base64 + gunzip";
             http.uri; content:"/gzb64?value="; fast_pattern;
             from_base64: offset 13 ;
-            gunzip; content:"This is compressed then base64-encoded"; startswith; endswith;
+            gunzip: max-size 1024; content:"This is compressed then base64-encoded"; startswith; endswith;
             sid:2; rev:1;)
 
 zlib_deflate
@@ -422,6 +423,7 @@ zlib_deflate
 Takes the buffer, applies zlib decompression.
 
 This transform takes an optional argument which is a comma-separated list of key-values.
+Key and value are separated by a space.
 The only key being interperted is ``max-size``, which is the max output size.
 Default for max-size is 1024.
 If the decompressed data were to be larger than max-size,