Pi-hole logging and visualization for the elasticsearch stack

prdtn · May 29, 2020, 2:52pm

Are you using a Debian based distro? There is a chance your system is not using systemd. Did you try to start the service via init.d?

tbonnesen · May 29, 2020, 9:58pm

I ended up moving my pihole from rasberry pi to an Ubuntu VM on my media server. I am able to get almost everything to work using the files under the json folder from the elk-hole-master download so I appreciate your hard work to put the instruction and files together. The only problem I am seeing now is when I load up the dashboard the dns heat map says "Could not locate that index-pattern-field (id: geoip.location)"

prdtn · May 30, 2020, 7:18am

Sounds like you need to re-index. Usually the geoip fields are appearing afterwards.
You may want to have a look at Elasticsearch/Logstash/Kibana 7.6.1 · Issue #31 · nin9s/elk-hole · GitHub where other folks had this issue.

Don't forget to refresh the index pattern fields too

tbonnesen · May 30, 2020, 4:01pm

That did the trick! Thank you! Any other related projects that have additional dashboards you would recommend?

prdtn · May 31, 2020, 10:58am

You mean apart from pihole? Depends on what you want to monitor. Do you have something special in mind?

tbonnesen · May 31, 2020, 3:04pm

More so if there are other elk-stack pihole projects that have additional kibana dashboards that can be imported. For example, a dashboard that focuses on ip location data. It could include the dns heat map on this dashboard. Add a visualization graph that shows the countries used by each client. A pie graph of top countries of the ip location. Also the ability drill down into the data and focus on an individual client and see the ips and domain names with the location. Might not exist but something I would be interesting in helping to create as I learn more about ELK-Stack.

prdtn · May 31, 2020, 6:20pm

This could be (al least partly) already by accomplished with the current dashboard but you are of course more than welcome to contribute additional views/dashboards.

You could start of with your vision and share in the github repo via issue or pull request.

Also, if you ever have an idea on how to "fix" the problem how we can accurately count the total NON blocked requests every hint is also much appreciated. There is an open issue in the repo if you are curios about the details. In short it has to do with the CNAMEs and if there is a blocked domain behind a CNAME or not.

Also, there may be scenarios where your filter something in kibana and don't get data for all the graphs. This simply has to do with the fact that not every log lines has a correlation to every information available in other log lines. Hints also welcome here