Not all field and Graphs are filled with data,Not ...

zandhaas · ‎01-29-2019

I have installed the PI-Hole app on Splunk enterprise 7.2.3
Pi_Hole 4.1.1 (FTL 4.1.2) is running on an other Ubuntu Linux system with the Splunk Universal forwarder installed.

In the Splunk PI-Hole App is only see the below graphs on the home screen filled with data:
Blocked Requests by SRC
Top 10 Requested Domains
Top 10 Blocked Domains
Top Record Types

The other field are zero or say "No result found".

The "More PI-Hole" screen looks complete.

Do I need some extra configuration or are some searches not OK?

,I have installed your PI-Hole app on splunk enterprise version 7.2.3
On an other server I have installed PI-Hole version 4.1.1 and FTL version 4.1.2

The only graphs I get information in are:

Blocked Requests by SRC
Top 10 Requested Domains
Top 10 Blocked Domains
Top Record Types

All other files on the home screen are 0 or "No results found".

The "More PI-Hole" screen seems to be complete.

zandhaas · ‎01-30-2019

I did some investigations and i think it ha something to do with the "transaction_id" field
This field has no value while you use this to "dedup" the Pi-Hole records.

By the Way I use the input options like you described in the example.

[monitor:///var/log/]
whitelist = pihole.lo.+
disabled = false
sourcetype = pihole:log

zandhaas · ‎02-11-2019

Bump.... No one????

rgandersonjr · ‎02-15-2019

I also installed Pi-hole Visualizer, that works too. Want to get this one working as well.

Not all field and Graphs are filled with data,Not all fields / graphs are filled

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification