Suricata

The suricata_exporter translating from Suricata's dump-counters JSON output to Prometheus metrics expects all entries in the "threads" object to map thread names per interface to further JSON objects containing stats for individual threads.

    "threads": {
      "W#01-bond1": {
        "capture": {
          "kernel_packets": 27888,
          "kernel_drops": 0,
          "errors": 0,

With Suricata 7.0.3 (and possibly others), when a VLAN tagged interface is used, the parent interface contains a map where the children are the VLAN Tags:

{
  "W#01-bond1": {
    "30": {
      "capture": {
        "kernel_packets": 247478455,
        "kernel_drops": 186199,
       ...

These inconsistent structure is problematic for a successful decoding in all the cases. A better approach would be to have this form:

{
  "W#01-bond1.30": {
    "capture": {
      "kernel_packets": 247478455,
      "kernel_drops": 186199,
     ...

as per the command ip output:

45: bond1.30@bond1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000

A related issue exists in the suricata_exporter repo:
https://github.com/corelight/suricata_exporter/issues/12