This is actually a two step issues.
First: I have a tomcat.log to parse it as combined log is easy, but dulicate timestamps just overwrite, last one seems to win. I am really confused what timestamp + request is not unique (though it is in the raw logs)
As a workaround I want to have unique tags, so I need an extra filter breaking the tomcat log down in a grok filter I struggle to get the correct timestamp.
I my last try was:
%{TIMESTAMP:timestamp:ts-"dd/MMM/yyyy:HH:mm:ss Z"}
Unfortunately I keep getting invalid TOML syntax…
Does anyone know how to filter this raw timestamp data [07/Apr/2020:00:00:09 +0200] into a conforming timestamp for the influx DB
Thanks a lot!
Michael
