Transforms.conf > pihole_default

Question

Transforms.conf > pihole_default

Closed this issue 4 years ago · 4 comments

Transforms.conf > pihole_default does not match query or response syntax in pihole 5.1.2.

could be updated to "dnsmasq[[^\]]*]:\s"

Nov 27 15:41:13 dnsmasq[16616]: query[AAAA] apps.splunk.com from 10.1.10.100
Nov 27 16:08:22 dnsmasq[16616]: reply api-global.us-east-1.origin.prodaa.netflix.com is 52.44.232.159

Answer 1 · 2020-12-06T20:07:33.000Z

The log format has changed.

Pre-5.2.x

Post-5.2.x

Answer 2 · 2020-12-06T20:37:51.000Z

can confirm that changing the props.conf with your fix worked for basic searching.

Testing Data Model Acceleration tonight.

[Edit] - src_ip and src_port does not extract correctly - opened separate issue; see link below

Answer 3 · 2020-12-08T03:35:03.000Z

Pasting same comment for each related issue:

Please check if log-queries=extra in /etc/dnsmasq.d/01-pihole.conf. If not, this could be the root cause of the issue. Anytime Pi-hole updates, it overwrites this file with updates. So if you have set this setting in the past, it would be erased during an update.

To fix, add log-queries=extra in /etc/dnsmasq.d/01-pihole.conf or follow the instructions at the top of the file and create a new file in the same directory with this change. Note: creating your own file to override this setting may cause issues during an update. removing the file and then re-adding it after the update will fix the issue.

Make sure to run pihole restardns after updating settings so the changes take affect.

Answer 4 · 2020-12-08T14:06:54.000Z

Great catch! that was the issue 100%