Jason Ish

> Documentation-wise, I really like the log output comparison that goes along with the upgrading note. Should we also update https://docs.suricata.io/en/latest/output/eve/eve-json-format.html#event-type-dns ? Fixed in the new PR: https://github.com/OISF/suricata/pull/11439

Do you see new "built-in" app-layers going through this API? Or still using a static assignment?

> > Do you see new "built-in" app-layers going through this API? Or still using a static assignment? > > > > still static... Any particular reason? It would be...

Looks good, and from the Redis docs seems like a good addition. I'd like to test it myself, but that might be a week or 2.

Need some Redis tips here. Even after I stop Suricata and do something like `edis-cli XRANGE suricata - +` I keep getting the same results? Whats the usual process to...

> I think that's what `XTRIM` is for. https://redis.io/docs/latest/commands/xtrim/ The idea generally is to have streams behave like Kafka, where multiple clients get a view on historical data as well....

To confirm, as I don't think it was mentioned in the commit.. The C version was correct already?

Thanks, what I think I'm going to do is merge this info my DNS v3 logging work (PR: https://github.com/OISF/suricata/pull/11283).

> and we would obviously like the alerts in EVE output A use the same options as all the app-layer logging in output A My question is, do we? My...

@satta Can you share what was missing from the alert metadata that you are after? It always worth considering whats in our default, and it it could be made better...