What I would do is
grok {
pattern_definitions => { "CUSTOMTIME" => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME}" }
match => { "message" => "%{CUSTOMTIME:[@metadata][timestamp]} %{GREEDYDATA:[@metadata][restOfLine]}" }
}
date { match => [ "[@metadata][timestamp]", "EEE MMM dd HH:mm:ss" ] }
ruby {
init => '@lastValue = nil'
code => '
now = event.get("@timestamp").to_f
if @lastValue == nil
@lastTime = now
end
value = event.get("[@metadata][restOfLine]")
if value == @lastValue
event.cancel
else
delta = now - @lastTime
event.set("delta", delta)
@lastTime = now
end
@lastValue = value
'
}