From a9bf2b6f08e1254b1ac45e78421356371bf8adde Mon Sep 17 00:00:00 2001
From: nin9s <strrrn@gmail.com>
Date: Fri, 22 Feb 2019 19:08:10 +0100
Subject: [PATCH] added comment: filebeat 6.6.0 above: change input_type to
 type

---
 etc/filebeat/filebeat.yml | 2 ++
 logstash/patterns/dns     | 5 +++++
 2 files changed, 7 insertions(+)
 create mode 100644 logstash/patterns/dns

diff --git a/etc/filebeat/filebeat.yml b/etc/filebeat/filebeat.yml
index 4088a59..2fa25b1 100644
--- a/etc/filebeat/filebeat.yml
+++ b/etc/filebeat/filebeat.yml
@@ -3,6 +3,8 @@ filebeat:
    -
      paths:
         - /var/log/pihole.log
+     
+     # filebeat 6.6.0 above: change input_type to type
      input_type: log
  registry_file: /var/lib/filebeat/registry
  
diff --git a/logstash/patterns/dns b/logstash/patterns/dns
new file mode 100644
index 0000000..4542562
--- /dev/null
+++ b/logstash/patterns/dns
@@ -0,0 +1,5 @@
+HOSTNAMEPTR \b(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[\._0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)
+NODATA NODATA-[[:word:]]+
+SRV _+.+\S
+FQDN \b(?:[\w-][\w-]{0,62})(?:\.(?:[\w-][\w-]{0,62}))*(\.?|\b)
+DNSMASQPREFIX %{SYSLOGTIMESTAMP:date} %{SYSLOGPROG}: %{INT:logrow} %{IP:source_host}\/%{POSINT:source_port}
\ No newline at end of file
-- 
GitLab