Pi-hole
Plugin: go.d.plugin Module: pihole
Overview
This collector monitors Pi-hole instances using Pi-hole API 6.0.
It collects DNS query statistics including total queries, blocked domains, query types, resolution status, and client information.
Note: This collector is not compatible with Pi-hole versions earlier than v6.0.
This collector is supported on all platforms.
This collector supports collecting metrics from multiple instances of this integration, including remote instances.
Default Behavior
Auto-Detection
By default, it detects Pi-hole instances running on:
- localhost that are listening on port 80
- within Docker containers
Note that the Pi-hole API 6.0 requires a password. While Netdata can automatically detect Pi-hole instances and create data collection jobs, these jobs will fail unless you provide the necessary credentials.
Limits
The default configuration for this integration does not impose any limits on data collection.
Performance Impact
The default configuration for this integration is not expected to impose a significant performance impact on the system.
Metrics
Metrics grouped by scope.
The scope defines the instance that the metric belongs to. An instance is uniquely identified by a set of labels.
Per Pi-hole instance
These metrics refer to the entire monitored application.
This scope has no labels.
Metrics:
| Metric | Dimensions | Unit |
|---|---|---|
| pihole.dns_queries_total | queries | queries/s |
| pihole.dns_queries_blocked_percent | blocked | percent |
| pihole.dns_queries_by_destination | cached, blocked, forwarded | queries/s |
| pihole.dns_queries_by_type | A, AAA, ANY, SRV, SOA, PTR, TXT, NAPTR, MX, DS, RRSIG, DNSKEY, NS, SVCB, HTTPS, OTHER | queries/s |
| pihole.dns_queries_by_status | UNKNOWN, GRAVITY, FORWARDED, CACHE, REGEX, DENYLIST, EXTERNAL_BLOCKED_IP, EXTERNAL_BLOCKED_NULL, EXTERNAL_BLOCKED_NXRA, GRAVITY_CNAME, REGEX_CNAME, DENYLIST_CNAME, RETRIED, RETRIED_DNSSEC, IN_PROGRESS, DBBUSY, SPECIAL_DOMAIN, CACHE_STALE, EXTERNAL_BLOCKED_EDE15 | queries/s |
| pihole.dns_replies_by_status | UNKNOWN, NODATA, NXDOMAIN, CNAME, IP, DOMAIN, RRNAME, SERVFAIL, REFUSED, NOTIMP, DNSSEC, NONE, OTHER | replies/s |
| pihole.active_clients | active | clients |
| pihole.gravity_list_blocked_domains | blocked | domains |
| pihole.gravity_list_last_update_time_ago | last_update_ago | seconds |
Alerts
The following alerts are available:
| Alert name | On metric | Description |
|---|---|---|
| pihole_gravity_list_last_update | pihole.gravity_list_last_update_time_ago | gravity.list (blocklist) file last update time |
Setup
Prerequisites
Pi-hole v6.0 or newer
This collector requires Pi-hole v6.0 or newer as it uses the Pi-hole API 6.0.
Authentication credentials
Pi-hole administrator password is required for API authentication. Make sure to configure this in the collector settings even when using auto-detection.
Configuration
File
The configuration file name for this integration is go.d/pihole.conf.
You can edit the configuration file using the edit-config script from the
Netdata config directory.
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config go.d/pihole.conf
Options
The following options can be defined globally: update_every, autodetection_retry.
Config options
| Name | Description | Default | Required |
|---|---|---|---|
| update_every | Data collection frequency. | 1 | no |
| autodetection_retry | Recheck interval in seconds. Zero means no recheck will be scheduled. | 0 | no |
| url | Server URL. | http://127.0.0.1 | yes |
| timeout | HTTP request timeout. | 1 | no |
| username | Username for basic HTTP authentication. | no | |
| password | Password for basic HTTP authentication. | yes | |
| proxy_url | Proxy URL. | no | |
| proxy_username | Username for proxy basic HTTP authentication. | no | |
| proxy_password | Password for proxy basic HTTP authentication. | no | |
| method | HTTP request method. | GET | no |
| body | HTTP request body. | no | |
| headers | HTTP request headers. | no | |
| not_follow_redirects | Redirect handling policy. Controls whether the client follows redirects. | no | no |
| tls_skip_verify | Server certificate chain and hostname validation policy. Controls whether the client performs this check. | no | no |
| tls_ca | Certification authority that the client uses when verifying the server's certificates. | no | |
| tls_cert | Client TLS certificate. | no | |
| tls_key | Client TLS key. | no |
Examples
Basic
A basic example configuration.
Config
jobs:
- name: local
url: http://127.0.0.1
password: Gv7#pQm9Xy
HTTPS with self-signed certificate
Remote instance with enabled HTTPS and self-signed certificate.
Config
jobs:
- name: local
url: https://203.0.113.11
tls_skip_verify: yes
password: bT4@zK1wVr
Multi-instance
Note: When you define multiple jobs, their names must be unique.
Collecting metrics from local and remote instances.
Config
jobs:
- name: local
url: http://127.0.0.1
password: Gv7#pQm9Xy
- name: remote
url: http://203.0.113.10
password: bT4@zK1wVr
Troubleshooting
Debug Mode
Important: Debug mode is not supported for data collection jobs created via the UI using the Dyncfg feature.
To troubleshoot issues with the pihole collector, run the go.d.plugin with the debug option enabled. The output
should give you clues as to why the collector isn't working.
Navigate to the
plugins.ddirectory, usually at/usr/libexec/netdata/plugins.d/. If that's not the case on your system, opennetdata.confand look for thepluginssetting under[directories].cd /usr/libexec/netdata/plugins.d/Switch to the
netdatauser.sudo -u netdata -sRun the
go.d.pluginto debug the collector:./go.d.plugin -d -m pihole
Getting Logs
If you're encountering problems with the pihole collector, follow these steps to retrieve logs and identify potential issues:
- Run the command specific to your system (systemd, non-systemd, or Docker container).
- Examine the output for any warnings or error messages that might indicate issues. These messages should provide clues about the root cause of the problem.
System with systemd
Use the following command to view logs generated since the last Netdata service restart:
journalctl _SYSTEMD_INVOCATION_ID="$(systemctl show --value --property=InvocationID netdata)" --namespace=netdata --grep pihole
System without systemd
Locate the collector log file, typically at /var/log/netdata/collector.log, and use grep to filter for collector's name:
grep pihole /var/log/netdata/collector.log
Note: This method shows logs from all restarts. Focus on the latest entries for troubleshooting current issues.
Docker Container
If your Netdata runs in a Docker container named "netdata" (replace if different), use this command:
docker logs netdata 2>&1 | grep pihole
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.