# CONFIGURED BY ANSIBLE

# errors first and before flow
# multiple stats into one - contains drop invalid trunc_pkt
[PARSER]
    name   suricata_errors
    format regex
    regex  ^(?<suricata_errors>[^\s]*(drop|invalid|trunc_pkt|failed)[^\s]*)\s+\| Total\s+\| (?<value>\d+)$

# memuse before flow
# multiple stats into one - ends with memuse w/ or w/o \.
[PARSER]
    name   suricata_memuse
    format regex
    regex  ^(?<suricata_memuse>[^\s]+memuse)\s+\| Total\s+\| (?<value>\d+)$

# flow before packets
# multiple stats into one - contains flow
[PARSER]
    name   suricata_flow
    format regex
    regex  ^(?<suricata_flow>[^\s]*flow[^\s]*)\s+\| Total\s+\| (?<value>\d+)$

# bytes before packets
# multiple stats into one - contains bytes
[PARSER]
    name   suricata_bytes
    format regex
    regex  ^(?<suricata_bytes>[^\s]*bytes[^\s]*)\s+\| Total\s+\| (?<value>\d+)$

# multiple stats into one - contains pkts (not pkt) packets
[PARSER]
    name   suricata_packets
    format regex
    regex  ^(?<suricata_packets>[^\s]*(pkts|packets)[^\s]*)\s+\| Total\s+\| (?<value>\d+)$