Suricata

Stats are currently a mix of observations, like packet counts or flow counts and stats meant to give insights into how suricata is doing internally. Best example of the latter is the flow.mgr.* set of stats. To avoid confusion we may want to somehow split this or at least make it clearer that these are different classes of info.

As an example: the flow.tcp and flow.udp count the number of tcp flows and udp flows, but comparing these with flow.mgr.flows_checked makes little sense, as the latter is just an indication of how busy the flow manager is keeping itself. A flow may be checked multiple times by the flow manager.