Balena Pi-Hole query logs to Splunk

amit3bcrec · March 10, 2022, 11:03pm

Hi All,

I am suing balena Pi-hole for my home office scenario, almost 30 devices using Pi-Hole as DNS which is configured automatically on them (no hard coding of DNS on individual device). I am very impressed with the clarity of the query log.
My question is - can we send the query logs to outside any tools like splunk in real-time ?

Thanks,
Amit

klutchell · April 4, 2022, 7:46pm

Hey @amit3bcrec, you’re looking for something like this?

It looks like we would need to add several things to the project, including but not limited to:

the splunk binary for ARM, or whichever platform we are targeting
inputs and outputs config files for splunk
install any splunk dependencies
set the splunkforwarder to start on container start, after Pi-hole

A better plan might be to run the splunk forwarder as it’s own container, to avoid conflicting with the Pi-hole installation and dependencies. We could put the logs on a shared volume or something like that.
https://docs.splunk.com/Documentation/Forwarder/8.2.5/Forwarder/DeployandrunauniversalforwarderinsideaDockercontainer

This is not a service I’ve used myself, so I’m not sure I’m the best candidate to ensure it’s working correctly. I’ve opened an issue on the balena-pihole repo in case anyone in the community is will to lend a hand and get us started.

github.com/klutchell/balena-pihole

feature request: Forward Pi-Hole Logs to Splunk

opened 07:40PM - 04 Apr 22 UTC

klutchell

enhancement help wanted

- https://forums.balena.io/t/balena-pi-hole-query-logs-to-splunk/354330/2 - htt…ps://satiex.net/infosec/guides/forward-pi-hole-logs-to-splunk/ It looks like we would need to add several things to the project, including but not limited to: 1. the splunk binary for ARM, or whichever platform we are targeting 2. inputs and outputs config files for splunk 3. install any splunk dependencies 4. set the splunkforwarder to start on container start, after Pi-hole A better plan might be to run the splunk forwarder as it's own container, to avoid conflicting with the Pi-hole installation and dependencies. We could put the logs on a shared volume or something like that. https://docs.splunk.com/Documentation/Forwarder/8.2.5/Forwarder/DeployandrunauniversalforwarderinsideaDockercontainer Putting this here for consideration, and looking for interest and/or volunteers.

Topic		Replies	Views
Splunk universal forwarder on Raspberry Pi 4 General	1	825	February 15, 2021
Pi-hole project using balenaOS - help with configuration Project help raspberrypi3 , pi-hole	8	2992	June 4, 2020
balenaPihole and Tailscale VPN Project help	1	264	January 12, 2024
Pihole in debian container on balenaOS Project help	5	1695	January 7, 2019
Pi-hole project using balenaOS - help with setup (possible piTFT error?) Product support raspberrypi3 , pi-hole	2	697	March 16, 2019

Balena Pi-Hole query logs to Splunk

Related topics