AWS Route53 logs insight

Ever wondered how many queries are hitting each DNS record in your hosted zone?

When managing your domain via Route53 DNS services, there is an option to query logs using CloudWatch Logs Insights.

For example, your hosted zone has 500 records and you’d like to know which are the top 20 records with most hits.

To accomplish this you'll need to:

1. (a) Add query logging — in Route53 dashboard > hosted zones > choose the relevant zone > on the upper right side click on Configure Query logging.
   (b) Follow the wizard to create a log group in CloudWatch.
   (c) Once done, you’ll have a new log group in CloudWatch. You can set the amount of dates you’d like to logs to keep history in order to save on storage charges.
   Each log group
2. (a) Each log group allows CloudWatch logs insigh to run queries. In CloudWatch dashboard choose logs insight.
   (b) Write your query.
   (c) Choose the time frame: 5min, 30min, 12h, etc.
3. Circling back to my example you can find the top 20 records with most hits using the following query:

stats count(*) as numRequests by queryName
    | sort numRequests desc
    | limit 20

4. The results can be exported to CSV for further examination.