precursor --stats emits a run summary JSON object to stderr.
This is designed for automation and dashboards while keeping payload records on stdout.
cat payloads.b64 \
| precursor -p patterns/new -m base64 -t -d --similarity-mode lzjd --stats \
1>/tmp/records.ndjson 2>/tmp/stats.jsonInspect:
jq '.' /tmp/stats.json---PRECURSOR_STATISTICS---: marker string.Input: input volume and size metrics.Match: pattern and hash generation metrics.Compare: distance summary when enough pairwise comparisons exist.Environment: run-time settings snapshot.
Count: total payload candidates processed.Unique: unique payloads byxxh3_64_sum.AvgSize,MinSize,MaxSize,P95Size,TotalSize: size distribution.
Patterns: number of compiled pattern expressions.TotalMatches: total named-capture hits.Matches: per-tag hit counts.HashesGenerated: similarity hashes generated for matched payloads.- Size fields summarize only matched payloads.
Similarities,AvgDistance,MinDistance,MaxDistance,P95Distance.- May be
null/empty when insufficient pairwise distances are available.- Practical rule: provide at least 3 matched payloads to reliably populate this section.
- Includes version and run-time selections:
SimilarityModeRegexEngineInputModeHashFunctionDistanceThreshold- protocol inference options and Sigma count.
- Historical field names such as
tlsh_similaritiesin record output remain for compatibility, even when runninglzjdorfbhash. HashFunctionreflects TLSH algorithm selection argument and is retained for compatibility; non-TLSH modes still report the selected similarity mode explicitly viaSimilarityMode.
Total input and throughput:
jq '{count: .Input.Count, total: .Input.TotalSize, rate: .Environment.ProcessingRate}' /tmp/stats.jsonMost frequent tags:
jq '.Match.Matches | sort_by(.Matches) | reverse | .[:10]' /tmp/stats.jsonDistance snapshot:
jq '.Compare' /tmp/stats.json