I am having problems with the pipelines not processing the messages... I believe it has to do with the format of the messages that I am forwarding from pihole... my messages are currently forwarding in the following format (with rsyslog):

full_message:
<190>Oct 21 13:08:15 pi-1 pihole Oct 21 13:08:15 dnsmasq[581]: query[A] example.google.com from XXX.XXX.XXX.XXX

However when I look at the screen shot from the original post (https://jalogisch.de/2017/der-eigene-dns-resolver-zuhause/) the format of the message is different and I am wondering if this is causing a problem with the pipeline processing...

I don't want to start tweaking all the grok patterns if its the message format that is wrong. could you share the rsyslog template / fowarding conf that you are using to confirm this or not.

I am currently using the following for rsyslog forwarding...

. action(type="omfwd" target="xxx.xxx.xxx.xxx" port="1514" protocol="udp"
action.resumeRetryCount="100"
queue.type="linkedList" queue.size="10000")

module(load="imfile" PollingInterval="10")

input(type="imfile" File="/var/log/pihole.log"
StateFile="/var/run/pihole.log.state"
Tag="pihole"
Severity="info"
Facility="local7")

I'm running Graylog 4.1 and PiHole 5.3.1 and latest syslog-ng.

Seems to me most things are broken based on syslog-ng adding fields now and pinhole log formats have changed slightly so the grok patterns don't work (so most other stuff breaks as the pipelines don't function.

Is this just me?
Do you have plans to update this before I spend hours fixing grok patterns?

I'm new to Graylog so be patient as I learn. I installed Graylog last week and have successfully ingested log data from Windows, Linux and my Firewall. I downloaded and installed this Content Pack and without issue began ingesting data... but nothing on the Dashboard. I'm running Graylog 4.0.7 and PiHole 5.3.1 Is there something I'm missing in the Extractor or Dashboard that I should have edited? Or should it have worked "out of the box?"