diff --git a/config/telegraf.conf b/config/telegraf.conf
index e1e8ca3..00b2900 100644
--- a/config/telegraf.conf
+++ b/config/telegraf.conf
@@ -47,9 +47,15 @@
   ]
   data_format = "influx"
 
-[[inputs.tail]]
-  data_format = "json"
-  files = ["/var/log/suricata/eve.json"]
-  name_override = "suricata"
-  tag_keys = ["event_type","src_ip","src_port","dest_ip","dest_port"]
-  json_string_fields = ["*"]
+[[inputs.suricata]]
+  ## Data sink for Suricata stats log.
+  # This is expected to be a filename of a
+  # unix socket to be created for listening.
+  source = "/tmp/suricata-stats.sock"
+
+  # Delimiter for flattening field keys, e.g. subitem "alert" of "detect"
+  # becomes "detect_alert" when delimiter is "_".
+  delimiter = "_"
+
+  # Detect alert logs
+  alerts = false