diff --git a/etc/filebeat/filebeat.yml b/etc/filebeat/filebeat.yml
index 4088a59bdff796c51ce4027d57b87700e3e132ab..2fa25b193f0724d3b488e1fc03444dfc7255c79d 100644
--- a/etc/filebeat/filebeat.yml
+++ b/etc/filebeat/filebeat.yml
@@ -3,6 +3,8 @@ filebeat:
    -
      paths:
         - /var/log/pihole.log
+     
+     # filebeat 6.6.0 above: change input_type to type
      input_type: log
  registry_file: /var/lib/filebeat/registry
  
diff --git a/logstash/patterns/dns b/logstash/patterns/dns
new file mode 100644
index 0000000000000000000000000000000000000000..4542562f9bd5c26f77897e6d1b4459081ad9bc21
--- /dev/null
+++ b/logstash/patterns/dns
@@ -0,0 +1,5 @@
+HOSTNAMEPTR \b(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)
+NODATA NODATA-[[:word:]]+
+SRV _+.+\S
+FQDN \b(?:[\w-][\w-]{0,62})(?:\.(?:[\w-][\w-]{0,62}))*(\.?|\b)
+DNSMASQPREFIX %{SYSLOGTIMESTAMP:date} %{SYSLOGPROG}: %{INT:logrow} %{IP:source_host}\/%{POSINT:source_port}
\ No newline at end of file