Suricata Suppress Rules Not Working

I’m having issues passing the Suricata -T configuration test using this entry in the /etc/suricata/threshold.config file:
suppress gen_id 1, sig_id 2013028, track by_dst, ip
Specifically, I’m getting the error:
<Error> -- pcre2_match parse error, ret -1, string , track by_dst, ip ''
I’m using Suricata version 7.0.5.

Any help would be greatly appreciated.

Unfortunately I can’t reproduce this:

❯ cat threshold.config                                            
suppress gen_id 1, sig_id 2013028, track by_dst, ip

❯ ./src/suricata -v -c suricata.yaml -T -l . -S emerging-all.rules
Notice: suricata: This is Suricata version 7.0.5 RELEASE running in SYSTEM mode
Info: cpu: CPUs/cores online: 16
Info: suricata: Running suricata under test mode
Info: suricata: Setting engine mode to IDS mode by default
Info: exception-policy: master exception-policy set to: auto
Info: suricata: Preparing unexpected signal handling
Info: logopenfile: fast output device (regular) initialized: fast.log
Info: logopenfile: eve-log output device (regular) initialized: eve.json
Info: logopenfile: stats output device (regular) initialized: stats.log
Info: classification-config: Added "43" classification types from the classification file
Info: reference-config: Added "19" reference types from the reference.config file
Info: detect: 1 rule files processed. 35714 rules successfully loaded, 0 rules failed, 0
Info: threshold-config: Threshold config parsed: 1 rule(s) found
Info: detect: 35717 signatures processed. 0 are IP-only rules, 4862 are inspecting packet payload, 30824 inspect application layer, 0 are decoder event only
Notice: suricata: Configuration provided was successfully loaded. Exiting.

Can you share your full suricata.yaml and threshold.config?

Maybe it’s the quotes around ''

Hmmm. There are no quotes in the original config line

suppress gen_id 1, sig_id 2013028, track by_dst, ip

and I copied that one literally into my threshold.config.
I think the quotes are added in the error message.

Whoops, ya, I see it now.