{
  // specify a time zone if the timestamps in your log are not in GMT
  // timezone: "GMT-0800"
  
  formats: [
    
    {
      id: "format1",
      format: ".*$=json{parse=dottedJson}$"
      rewrites: [
            {input: "TimestampConnectionEnd", output: "timestamp", match: ".*", replace: "$0"}
    //  moved upstread wher it is more efficient
      {input: "message", output: "message", match: "(.*\")(\\{\"\\w+\".*)", replace: "$2"} 
      
      ]
    }
    
  ]
}