Optimization #6001
openinvestigate: optional/configurable stats log verbosity
Description
Some events from our stats can get quite verbose, especially considering that many of the counters
are often zero.
It is probably a good idea to allow users to hide counters that are zero, but there may be some that should be logged even if when zero, as that value also carries a value.
Proper investigate this, and how to implement what we decide on.
Related to this: should we allow the possibility of enabling or disabling specific counters/events via unix socket?
Updated by Juliana Fajardini Reichow about 1 year ago
Related to this, a comment by Jason in a PR:
"It would be nice to have such an option to apply to all outputted stats. I've done this in some event visualization code code, and hide all zero values makes it much more pleasant to look at. But may introduce reporting challenges for some databases. Elastic can handle this fine, as well as some more advanced SQL though." (https://github.com/OISF/suricata/pull/8735#issuecomment-1520499634)