so i heard that suricata is capable of flow aggregation and session reassembly to help with data aggregation.
can i ask for help in how exactly to configure suricata to do this? or if its pre built in, how to test if it works?
Please read the documentation at Suricata User Guide — Suricata 7.0.1-dev documentation and see the sections about flows and reassembly. What aggregation do you have in mind in detail?
You will get a lot of data from Suricata like flow events but might have to do some more aggregation at post processing.