Relevant telegraf.conf:
[[inputs.suricata]]
## Data sink for Suricata stats log.
# This is expected to be a filename of a
# unix socket to be created for listening.
source = "/tmp/stats.sock"
# Delimiter for flattening field keys, e.g. subitem "alert" of "detect"
# becomes "detect_alert" when delimiter is "_".
delimiter = "_"
- eve-log:
enabled: yes
filetype: unix_stream
filename: /tmp/stats.sock
types:
- stats:
totals: no # stats for all threads merged together
threads: yes # per thread stats
System info:
Ubuntu 20.04
Telegraf Docker Image 1.18.3
InfluxDB Docker Image 2.0.6
Suricata 6.0.2
Steps to reproduce:
- Configure Suricata to write threads statistics
- Start Telegraf to read from the corresponding socket
Expected behavior:
Metrics should be correctly read and taged with the corresponding thread
Actual behavior:
Telegraf shows the following error:
2021-06-04T10:11:30Z D! [inputs.suricata] Unsupported type []interface {} encountered
Additional info:
If Suricata is configured to write only total stats
[...]
totals: yes
threads: no
[...]
Metrics are correctly parsed and sent to InfluxDB.
Relevant telegraf.conf:
System info:
Ubuntu 20.04
Telegraf Docker Image 1.18.3
InfluxDB Docker Image 2.0.6
Suricata 6.0.2
Steps to reproduce:
Expected behavior:
Metrics should be correctly read and taged with the corresponding thread
Actual behavior:
Telegraf shows the following error:
2021-06-04T10:11:30Z D! [inputs.suricata] Unsupported type []interface {} encounteredAdditional info:
If Suricata is configured to write only total stats
Metrics are correctly parsed and sent to InfluxDB.