Oke seems this a config suricata accepts and connects to the socket but also creates all json files, great only Telegraf does not log any suricata stats yet.
#Stats via Telegraf
- eve-log:
enabled: yes
filetype: unix_stream
filename: /var/run/telegraf/suricata-stats.sock
types:
- stats:
threads: yes
#Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: /data/sensor_data/suricata/eve.json
#Enable for multi-threaded eve.json output; output files are amended with
#an identifier, e.g., eve.9.json
#threaded: false
threaded: true