Total Queries in Dashboard

n9nes · May 23, 2018, 1:17pm

This question may sound a bit crazy but I have a reason asking this
What exactly counts for the green field "Total Queries" in the dashboard? I'm wondering if PTR queries are excluded as I have a separate ELK stack which collects and displays the pihole log like the internal dashboard does. However, if I include PTR I get a LOT more total queries in my elk stack during the same period of time, so:

What is piholes filter for counting the queries?

PS: For sure there is the possibility that my logstash configuration is faulty or incorrectly filtered ...

Thanks for your help - you're all doing a great job!

BR
André

RamSet · May 23, 2018, 4:43pm

Only the DNS requests (A* queries). rDNS is not accounted for.

https://github.com/pi-hole/AdminLTE/blob/master/scripts/pi-hole/php/data.php#L556

RamSet · May 24, 2018, 2:45pm

I stand corrected. The above code is legacy.

FTL is listening to a lot more:

DL6ER · May 25, 2018, 8:02am

The displayed number is the number of queries in the Query Log. The query log contains only A and AAAA records. I coded a potential improvement. @n9nes please check if you'd find this sufficient:

github.com/pi-hole/AdminLTE

Display new dns_queries_all_types value (if available)

pi-hole:devel ← pi-hole:tweak/dashboard/dns_queries_all_types

opened 08:01AM - 25 May 18 UTC

DL6ER

+6 -1

Signed-off-by: DL6ER <dl6er@dl6er.de> **By submitting this pull request, I co…nfirm the following:** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/AdminLTE/blob/master/CONTRIBUTING.md), as well as this entire template. - [X] I have made only one major change in my proposed changes. - [X] I have commented my proposed changes within the code. - [X] I have tested my proposed changes. - [X] I am willing to help maintain this change if there are issues with it later. - [X] I give this submission freely and claim no ownership. - [X] It is compatible with the [EUPL 1.2 license](https://opensource.org/licenses/EUPL-1.1) - [X] I have squashed any insignificant commits. ([`git rebase`](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html)) - [X] I have Signed Off all commits. ([`git commit --signoff`](https://git-scm.com/docs/git-commit#git-commit---signoff)) --- **What does this PR aim to accomplish?:** Display new dns_queries_all_types value (if available) and clarify what the displayed counter means ![untitled_5](https://user-images.githubusercontent.com/16748619/40533264-783c3d58-6002-11e8-941f-4ccde3cdf26a.png) **How does this PR accomplish the above?:** We add the title for the `<div>` container if the statistics returned by *FTL*DNS contained the `dns_queries_all_types` counter (introduced in https://github.com/pi-hole/FTL/pull/291) If this field is not available, then we only display the static text `only A + AAAA queries` (without further details) **What documentation changes (if any) are needed to support this PR?:** `{A detailed list of any necessary changes}` > * `{Please delete this quoted section when opening your pull request}` > * You must follow the template instructions. Failure to do so will result in your issue being closed. > * Please respect that Pi-hole is developed by volunteers, who can only reply in their spare time. > * Detail helps us understand an issue quicker, but please ensure it's relevant.

n9nes · May 25, 2018, 1:20pm

yes thats sufficient in my case as I actually dont really need this query counter. It was just out of couriosity as I was wondering why my ELK stack is displaying so many more (all query types) queries.

But in my personal oppinion it would be more transparent to display all query types instead of only A and AAAA for the people actually using the pihole dashboard

however, thanks @RamSet and @DL6ER

DL6ER · May 27, 2018, 1:27pm

@jacob.salmela @DanSchaper What do you say? Should the counter on the dashboard be

only A & AAAA and hence correspond 1:1 to the number of entries in the query log, or
all query types (may be a larger number if something is making many PTRs in the internal network)?

I can see this being questioned based on the wording "DNS queries today".

jacob.salmela · May 27, 2018, 2:26pm

This was my first thought. I could an all query types as an advanced option to enable, but I think the current behavior is what is expected and makes the most sense.

DanSchaper · May 27, 2018, 3:49pm

I'm not sure, the numbers would be artificially inflated. Things like an A query that returns a CNAME, which is then resolved down to the A records of the new FQDN would be listed as multiple hits, when it's really just a single query from my point of view. And PTRs for ARPA addresses just don't really have any bearing on the function of the Pi-hole with blocking.

Mcat12 · May 27, 2018, 10:20pm

I think the first option (only A and AAAA) makes the most sense, and the hover is good enough for showing the "total" queries that FTLDNS has handled.

n9nes · May 28, 2018, 8:14am

DanSchaper
Things like an A query that returns a CNAME, which is then resolved down to the A records of the new FQDN would be listed as multiple hits, when it’s really just a single query from my point of view

correct my if I'm wrong but that depends on the type of filter you apply to the log lines. The actual A record query IS NOT exactly the same as the CNAME answers so we can distinguish between them. The request count would be the same and the answer count would raise

Dont get me wrong, I dont really need this as a feature, was just wondering why there is such a high difference between pihole und my ELK stack.

Mcat12 · May 28, 2018, 6:47pm

We're counting the queries from inside the resolver (FTLDNS), so it might be different from a program looking at the log.

n9nes · May 28, 2018, 6:52pm

thanks, that explains a lot

system · June 18, 2018, 6:52pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.