I have installed the PI-Hole app on Splunk enterprise 7.2.3
Pi_Hole 4.1.1 (FTL 4.1.2) is running on an other Ubuntu Linux system with the Splunk Universal forwarder installed.
In the Splunk PI-Hole App is only see the below graphs on the home screen filled with data:
Blocked Requests by SRC
Top 10 Requested Domains
Top 10 Blocked Domains
Top Record Types
The other field are zero or say "No result found".
The "More PI-Hole" screen looks complete.
Do I need some extra configuration or are some searches not OK?
,I have installed your PI-Hole app on splunk enterprise version 7.2.3
On an other server I have installed PI-Hole version 4.1.1 and FTL version 4.1.2
The only graphs I get information in are:
Blocked Requests by SRC
Top 10 Requested Domains
Top 10 Blocked Domains
Top Record Types
All other files on the home screen are 0 or "No results found".
The "More PI-Hole" screen seems to be complete.
I did some investigations and i think it ha something to do with the "transaction_id" field
This field has no value while you use this to "dedup" the Pi-Hole records.
By the Way I use the input options like you described in the example.
[monitor:///var/log/]
whitelist = pihole.lo.+
disabled = false
sourcetype = pihole:log
Bump.... No one????
I also installed Pi-hole Visualizer, that works too. Want to get this one working as well.