rockfish stats
Parse EVE JSON and show statistics without writing output (dry run).
Overview
The stats command reads Suricata EVE JSON and displays event type counts
and basic statistics. Useful for inspecting log files before ingestion.
Usage
rockfish stats -i <INPUT> [OPTIONS]
Options
| Option | Default | Description |
|---|---|---|
-i, --input | required | Input EVE JSON file (use - for stdin) |
--show | 0 | Show first N events |
Examples
# Show event type distribution
rockfish stats -i /var/log/suricata/eve.json
# Show first 10 events
rockfish stats -i eve.json --show 10
# From stdin
cat eve.json | rockfish stats -i -