I looked into your stats.log again and the “tcp.insert_data_normal_fail” is really high. It could be related to this Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped - Suricata - Open Information Security Foundation so you could try 5.0.6 for comparison and report back to us.