Users should avoid the following field names when configuring parsers (as these fields are typically generated by default):
timestamp - Reserved for the timestamp. Once you have isolated the date / time value for your log event(s), use the $timestamp field to store it (See this page for more information)
Video Explanation: https://youtu.be/uNOiu8CVnJU?t=643
serverHost - Automatically assigned to log event by Scalyr Agent
host - Automatically assigned to log event by Scalyr Agent
serverIP - Automatically assigned to log event by Scalyr Agent
forlogfile - Used in Scalyr Agent metrics
logfile - Automatically assigned to log event by Scalyr Agent
parser - Automatically assigned to log event
source - Synonymous with parser
container* - Automatically assigned to log event by Scalyr Agent
k8s* - If you need to field starting with “k8s”, please let us know
pod* - If you need to use a field starting with “pod”, please let us know
scalyr* - Automatically assigned to log event
severity - Assign the value associated with a log event’s severity (ex. INFO, WARN, ERROR, etc.) to this parameter.
Video Explanation: https://youtu.be/bplhUtiaso8?t=498 and more information here
Comments
0 comments
Please sign in to leave a comment.