suppress not working (Standalone 2.3.230,)

[cukal]

I added to /opt/so/saltstack/local/pillar/global.sls these lines:

thresholding:
  sids:
    2006445:
      - suppress:
          gen_id: 1
          track: by_source
          ip: 172.24.1.97

I execute sudo salt-call state.apply suricata, this results in /opt/so/conf/suricata/threshold.conf having this content:

suppress gen_id 1, sig_id 2006445, track by_source, ip 172.24.1.97

Yes, it starts with a single line, using :set list in vi shows it is a single $ hidden character, I presume a line end.
I execute sudo so-suricata-restart and execute the commands again on 172.24.1.97 that trigger rule 2006445 and I still get new alerts for 2006445 on the alerts page:

rule.gid: 1
event.module: suricata
rule.uuid: 2006445
source.ip: 172.24.1.97

I must be doing something wrong but I can't find out what...
Thanks for any help!

[cukal]

/opt/so/log/suricata/suricata.log showed:

21/4/2023 -- 13:39:00 - <Error> - [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string , track by_source, ip 172.23.51.235
21/4/2023 -- 13:39:00 - <Error> - [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string , track by_source, ip 172.24.1.97

Changed to:

          track: by_src

And now the alerts get suppressed.