Need more test cases but I ran into a situation on a Dell R840 with 4 sockets and 28 cores per with 256 GB memory that Suricata was not happy about having the default memcap setting and required it to be increase to 256mb. It doesn't appear that we can just set this across board though because on smaller hardware increasing the size seems to also crash suricata. I will need to do more research into what things need to be accounted for in order to make the changes.