Skip to content
elasticsearch, logstash and kibana configuration for pi-hole visualiziation
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates Feb 24, 2019
dnsmasq.d Add files via upload Feb 22, 2019
etc/filebeat c+p error fixed Mar 30, 2019
logstash c+p error fixed Mar 30, 2019
.whitesource Initial WhiteSource configuration file Apr 21, 2019
CODE_OF_CONDUCT.md
LICENSE Initial commit Feb 18, 2019
README.md Update README.md Mar 31, 2019
dash.PNG Add files via upload Feb 18, 2019
elk-hole.json Update elk-hole.json Feb 21, 2019
elk-hole.zip

README.md

elk-hole

elasticsearch, logstash and kibana configuration for pi-hole visualization

show, search, filter and customize pi-hole statistics ... the elk way

please note, this is still work in progress, so please let me know if I've left anything unclear/incorrect which definitely could be the case!

requirements:

working installation of:

  1. logstash (tested with "6.5.0")
  2. elasticsearch (tested with "6.5.0")
  3. kibana (tested with "6.5.0")
  4. filebeat on pi-hole (tested with "1.3.1")

-> installation of the elk stack - refer to https://wiki.kaldenhoven.org/display/LIN/Elastic+Stack+on+Ubuntu+16.04+with+AdoptOpenJDK or https://www.elastic.co/ for details.

this repo provides the relevant files and configuration for sending the pi-hole logs via filebeat directly to logstash/elasticsearch. We will then visualize the logs in kibana with a custom dashboard.

The result will look like this:

alt text

HOW TO USE

LOGSTASH HOST

  1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash)
  2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
  3. copy "dns" to "/etc/logstash/patterns/"
  4. restart logstash

PI-HOLE

  1. copy "/etc/filebeat/filebeat.yml" to your filebeat installation at the pi-hole instance
  2. customize "LOGSTASHHOST:5141" to match your logstash hostname/ip
  3. restart filebeat
  4. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
  5. restart pi-hole

KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH)

  1. import "elk-hole.json" into kibana: management - saved objects - import
  2. optionally reload kibanas field list

You should then be able to see your new dashboard and visualizations.

a huge "thank you" to skaldenhoven who contributed quiet some nice details to the configuration and parsing logic as well as troubleshooting and testing!

You can’t perform that action at this time.