Scalyr Parser Reserved Field Names

Scalyr user should avoid certain parser field names as those fields are typically generated by default when processing some types of logs (ie. kubernetes logs, access logs, etc). Here is the list of fields we've found so far. Feel free to add more fields to this list :)

_timestamp_ (has to be used for the timestamp)

_serverHost_

_logfile_

_parser_

_host_

_container*_

_forlogfile_

_k8s*_ (to be safe--if you need to field starting with k8s, let us know)

_pod*_ (to be safe--if you need to use a field starting with pod, let us know)

_scalyr*_

_serverIP_

_severity_
Sign In or Register to comment.