From f6135cf803f89c47848e283c9a3ca9f3af24dd81 Mon Sep 17 00:00:00 2001 From: 9S <strrrn@gmail.com> Date: Thu, 19 Sep 2019 11:43:03 +0200 Subject: [PATCH] Update README.md --- README.md | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index e8a90c1..6732588 100644 --- a/README.md +++ b/README.md @@ -35,17 +35,17 @@ The result will look like this: 1. copy "/conf.d/20-dns-syslog.conf" to your logstash folder (usually /etc/logstash/) 1.1 if you have other files in this folder make sure to properly edit the input/output/filter sections to avoid matching our filebeat dns logs in these files which may be processed earlier. For testing purposes you can name your conf files like so: +``` /conf.d/20-dns-syslog.conf - /conf.d/30-other1.conf - /conf.d/40-other2.conf - +``` This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the beginning. 2. customize "ELASTICSEARCHHOST:PORT" in the output section at the bottom of the file -3. copy "dns" to "/etc/logstash/patterns/" +3. copy "dns" to: +```/etc/logstash/patterns/``` create the folder if it does not exist 4. restart logstash @@ -56,12 +56,15 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin 8. copy 99-pihole-log-facility.conf to /etc/dnsmasq.d/ 9. this is very important: restart pi-hole and ensure filebeat is sending logs to logstash before proceeding 10. You can verify this by: -11. at your filebeat instance: "filebeat test output" - it should say "ok" on every step. +11. at your filebeat instance: +```filebeat test output``` +it should say "ok" on every step. 12. again: the following steps will not work correctly if sending data to logstash here is not successfull! ### KIBANA HOST (CAN BE THE SAME AS LOGSTASH AND ELASTICSEARCH) -13. create the index pattern: Management -> Index patterns -> Create index pattern +13. create the index pattern: +```Management -> Index patterns -> Create index pattern``` 14. type logstash-syslog-dns - it shound find one index 15. click next step and select @timezone 16. Create index pattern @@ -69,15 +72,16 @@ This makes sure that /conf.d/20-dns-syslog.conf is beeing processed at the begin 18. click the curved arrows on the top left 19. import suitable "json/elk-hole *.json" for your version into kibana: management - saved objects - import 20. optionally select the correct index pattern: logstash-syslog-dns* -21. delete any existing template matching our index name: DELETE /_template/logstash-syslog-dns* -22. import the template: paste the content of "logstash-syslog-dns-index.template_ELK7.x.json" into kibanas dev tools console +21. delete any existing template matching our index name: +```DELETE /_template/logstash-syslog-dns*``` +22. import the template: paste the content of: +```logstash-syslog-dns-index.template_ELK7.x.json +into kibanas dev tools console 23. click the green triangle in the upper right of the pasted content (first line). Output should be: - +``` { - - "acknowledged" : true - + "acknowledged" : true } - +``` You should then be able to see your new dashboard and visualizations. -- GitLab