Could not load : can't convert nil into String

Question

I want to read logs only after a particular date. My approach is to drop all the events previous to that date. I try to achieve it like this:

I am dropping all logs before June 1, 2015:

Logstash config file:

input {
         file{
                path => [
                         "/var/log/rsyslog/**/*.log"
                ]
        }
}

filter {

        grok {

        match => ["path", "/var/log/rsyslog/(?<server>[^/]+)/%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:month_day}/(?<logtype>.*).log"]

        }

        if [year] < "2015" and [month] < "6" and [month_day] < "1" {

                drop { }

        }

My logstash.err file keeps printing this:

Could not load : can't convert nil into String

Any idea why?

score 1 · Answer 1 · answered Jun 03 '15 at 10:27

1

One of the three values - year, month or month_day is nil. Because the regex is not matching for some of the lines in the log file.

answered Jun 03 '15 at 10:27

Raj

22,346
14
99
142

Could not load : can't convert nil into String

1 Answers1