AWS Logs Insight - percent of failed DNS queries?

Question

I am currently learning about AWS Logs Insights, and I was wondering if the following is possible.

Let's say I gather logs from Route53. So I have an event for each query that reaches the AWS DNS servers of course. Now, I know I can count the number of queries per resolverIp for example as such:

stats count(*) by resolverIp

I also know that I can count the number of the queries, per resolverIp, that returned the NXDOMAIN responseCode, as such:

filter responseCode="NXDOMAIN" | stats count(*) by resolverIp

My question is, is there a way to get a percentage of the later (number of queries that returned NXDOMAIN per resolverIp) from the former (number of queries per resolverIp)?

score 0 · Answer 1 · answered Feb 17 '23 at 21:15

0

This query gives you the percentage sorted by resolver IP

 stats
   sum(strcontains(responseCode,"NXDOMAIN")) / count(*)
   * 100 by resolverIp

answered Feb 17 '23 at 21:15

palvarez

1,508
2
8
18

AWS Logs Insight - percent of failed DNS queries?

1 Answers1