Thank you very much for this link, @gsmith ! For some reason I was not able to find it by myself, so these timestamp tag can be really convenient to use.
I was able to achieve my goal with this pipeline:
rule "parse timestamp"
when
has_field("time_local")
then
let new_time = parse_date(value: to_string($message.time_local), pattern:"dd/MMM/yyyy:HH:mm:ss Z");
set_field("timestamp", new_time);
end
Note, that it is important to configure “Message Processors Configuration” so that “Pipeline Processor” works after “Message Filter Chain”. So we can parse JSON message and create fields, and then work with this fields in an easy way with pipelines.
