I’m interested in this use case too.
Looking at the comments in suricata.yaml it appears possible:
# A regex to filter output. Can be overridden in an output section.
# Defaults to empty (no filter).
#
# This value is overridden by the SC_LOG_OP_FILTER env var.
default-output-filter:
But I’ve been unable to get it to work for . Can we actually do this / am I misunderstanding something? Thanks.