Problem:
Even after performing the successful installation on the Kubernetes cluster and seeing the logs ingested correctly when we tried to view the Kube pod logs, we are receiving the below error. What could have caused this and how to resolve this issue?
"The following errors were reported when executing your search: Unknown field name: cluster (520)"
Query:
cluster=* namespace=* pod=*
| limit 1000
| json "log"
| count by log, _messageTime
| sort _messageTime desc
| fields - _messageTime, _count
Solution:
This happens if you forget to follow the pre-requisites that mention about setting the following fields in the Sumo Logic UI prior to configuring collection which ensures that your logs are tagged with relevant metadata, and is required by the app dashboards and Explore.
- cluster
- container
- deployment
- host
- namespace
- node
- pod
- service
For information on setting up fields, see the Fields help page.
The same has been mentioned here: Kubernetes Installation Pre-requisite
Once you set up those fields correctly. You should no longer face this issue and you should be able to search effectively.
Comments
0 comments
Please sign in to leave a comment.