@onimishra that is well explained and working great as far as rsyslog timestamp is not using milliseconds.
we introduced milliseconds in rsyslog and now the stacktraces are not aggregated as it does without miliseconds.
Using Docker syslog logging driver:
Case1: stack traces are captured well on splunk
rsyslog.conf/docker logs time stamp Format is -- > Jul 13 17:03:59
Case2: stack traces are again broken when
rsyslog.conf/docker logs time stamp Format is -- > 2017-07-13 19:02:49.549
... View more