I see one of your problems, there is a issue with using the field name.
Meaning you need something like this. Other wise your removing the same field you adjusted.
Pipeline rule is:-
rule “test to change”
when
has_field(“timestamp”)
then
// the following date format assumes there’s no time zone in the string
let newtimestamp = parse_date(to_string($message.timestamp), “yyyy-MM-dd’T’HH:mm:ss,SSS”);
set_field(“new_timestamp”, newtimestamp);
remove_field(“timestamp”);
end
There are tons of pipelines/ Extractors Date/Time conversions in this forum, perhaps this post may help to give you an idea.