diff --git a/README.md b/README.md index b26bcd9d880828a9515585d96236ffe8b9ffe413..e8a90c1d0ec476772bc3b84d1f676eeaef02e599 100644 --- a/README.md +++ b/README.md @@ -53,25 +53,25 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin 5. copy "/etc/filebeat/filebeat.yml" to your filebeat installation at the pi-hole instance 6. customize "LOGSTASHHOST:5141" to match your logstash hostname/ip 7. restart filebeat -9. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/ -10. this is very important: restart pi-hole and ensure filebeat is sending logs to logstash before proceeding -11. You can verify this by: -12. at your filebeat instance: "filebeat test output" - it should say "ok" on every step. -13. again: the following steps will not work correctly if sending data to logstash here is not successfull! +8. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/ +9. this is very important: restart pi-hole and ensure filebeat is sending logs to logstash before proceeding +10. You can verify this by: +11. at your filebeat instance: "filebeat test output" - it should say "ok" on every step. +12. again: the following steps will not work correctly if sending data to logstash here is not successfull! ### KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH) -14. create the index pattern: Management -> Index patterns -> Create index pattern -15. type logstash-syslog-dns - it shound find one index -16. click next step and select @timezone -17. Create index pattern -18. Once the index is created, verify that 79 fields are listed -19. click the curved arrows on the top left -20. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import -21. optionally select the correct index pattern: logstash-syslog-dns* -22. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns* -23. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console -24. click the green triangle in the upper right of the pasted content (first line). Output should be: +13. create the index pattern: Management -> Index patterns -> Create index pattern +14. type logstash-syslog-dns - it shound find one index +15. click next step and select @timezone +16. Create index pattern +17. Once the index is created, verify that 79 fields are listed +18. click the curved arrows on the top left +19. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import +20. optionally select the correct index pattern: logstash-syslog-dns* +21. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns* +22. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console +23. click the green triangle in the upper right of the pasted content (first line). Output should be: {