Home
elk-hole provides the relevant files and configuration to easily visualize pi-holes/dnsmasq statistics via the popular elasticstack.
- logstash (currently tested up to version "7.1.0")
- elasticsearch (currently tested up to version with "7.1.0")
- kibana (currently tested up to version "7.1.0")
- filebeat on pi-hole (tested with "1.3.1" & "7.1.1")
-> installation of the elk stack - refer to https://www.elastic.co/ for details.
this repo provides the relevant files and configuration for sending the pi-hole logs via filebeat directly to logstash/elasticsearch. We will then visualize the logs in kibana with a custom dashboard.
The result will look like this:
- copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash/)
- customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file
- copy "dns" to "/etc/logstash/patterns/"
- restart logstash
- copy "/etc/filebeat/filebeat.yml" to your filebeat installation at the pi-hole instance
- customize "LOGSTASHHOST:5141" to match your logstash hostname/ip
- restart filebeat
- copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/
- restart pi-hole
- import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import
- delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns*
- import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console
- optionally reload kibanas field list
You should then be able to see your new dashboard and visualizations.