Hello again Everyone!
Todays post will be discussing creating a network-wide ad blocker out of your Pi device and getting that data into Splunk for monitoring.
It pretty cool setting this up and blocking ads as well as possibly increasing network performance and bandwidth usage. I found this to be a fun tutorial. For the sake of time, I will note I found the setup for Pi Hole here: https://pimylifeup.com/raspberry-pi-pi-hole/
They did a great job explaining everything and it was super easy to setup on my Pi but
basically it's just running:
on your Pi device and then going through the configuration steps.
It has a decent web interface but as a Splunker I prefer putting things in Splunk, it's much easier to customize layouts and formats.
Here's the Pi-hole dashboard:
Not bad but we can make something cooler in Splunk. there's an app on Splunkbase called "Pi-hole app for Splunk" https://splunkbase.splunk.com/app/4116/
Its easy to install and can even be done from the UI interface:
Once installed you simple need to create the input on the Pi forwarder to monitor the pihole.log file.
Once that's done, restart the forwarder and go check out your new dashboard!
Then you can do any tweaking of searches and dashboards as necessary!
Hope you find this to be as fun a project as I did. Have a great week! Todd