Want to use the stats info to do anomaly detection. Would be much easier if I could trigger a reset on the system rather than trying to do deltas in elasticsearch.
Have not been able to find a way to reset the counters transmitted in the stats events.
Hi Dave,
Welcome to the community!
You can include deltas for the statistics – see the following section in suricata.yaml
- stats:
totals: yes # stats for all threads merged together
threads: no # per thread stats
deltas: yes # include delta values
When deltas are enabled – they’re off by default – additional statistics will be included. The suffix _delta will be added. E.g., there will be a statistic for ethernet and ethernet_delta
Hope this helps.