Remove/replace timestamp?

[llamafilm]

Using the syslog receiver, sometimes incoming syslog messages have incorrect timestamp due to bad vendor implementations or different timezones. I would like to remove it and replace with the current timestamp. Is this possible using the remove operator? I've tried a few different options and can't get it to work.

    operators:
      - type: remove
        field: timestamp

This shows: error decoding 'field': unrecognized prefix

      - type: remove
        field: attributes.timestamp

This has no effect.

The verbose logging shows this:

error helper/transformer.go:98 Failed to process entry {"kind": "receiver", "name": "syslog/514", "data_type": "logs", "operator_id": "remove", "operator_type": "remove", "error": "remove: field does not exist", "action": "send", "entry": {"observed_timestamp":"2023-12-21T19:06:05.622887572Z","timestamp":"2023-12-21T10:55:00-08:00","body":"<34>Dec 21 10:55:00 mymachine Sample message Thu Dec 21 11:06:05 PST 2023","attributes":{"facility":4,"hostname":"mymachine","message":"Sample message Thu Dec 21 11:06:05 PST 2023","priority":34},"severity_text":"crit","severity":18,"scope_name":""}}

[llamafilm]

Aha, I figured it out!

processors:
  transform:
    log_statements:
      - context: log
        statements:
          - set(time, observed_time)