Use LogExpert in program files
goto options - columizer and split by timestamp
haproxy - look for the domain in question and date. Identify when 500 errors start
Now you have the date time the errors actually started.
Next check fail2ban log to check no major issue going on / you can also use the proxy log to see if php or other odd urls
If not been hit in a ddos attack which above would identify look at the tomcat logs for that date and time inc:
the tenants log
the catalina log
the unknown log