• Todd Waller

Splunk - Pi Hole and Network-wide Ad Blocking

Hello again Everyone!

Todays post will be discussing creating a network-wide ad blocker out of your Pi device and getting that data into Splunk for monitoring.

It pretty cool setting this up and blocking ads as well as possibly increasing network performance and bandwidth usage. I found this to be a fun tutorial. For the sake of time, I will note I found the setup for Pi Hole here:

They did a great job explaining everything and it was super easy to setup on my Pi but

basically it's just running:

on your Pi device and then going through the configuration steps.

It has a decent web interface but as a Splunker I prefer putting things in Splunk, it's much easier to customize layouts and formats.

Here's the Pi-hole dashboard:

Not bad but we can make something cooler in Splunk. there's an app on Splunkbase called "Pi-hole app for Splunk"

Its easy to install and can even be done from the UI interface:

Once installed you simple need to create the input on the Pi forwarder to monitor the pihole.log file.

Once that's done, restart the forwarder and go check out your new dashboard!

Then you can do any tweaking of searches and dashboards as necessary!

Hope you find this to be as fun a project as I did. Have a great week! Todd

420 views0 comments

Recent Posts

See All

Do you need to dedup when using stats?

I had to do some casual counting of sourcetypes today. In the process I was trying to decide if I needed to dedup before going to stats. It seemed to me a dedup would, in theory, pass less data to sta

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a