I thought that logs like
Nov 1 04:09:02 my-hostname postfix/cleanup[13509]: 3yRj7y3g8wz36b0: info: header X-MyHeader: 1585
are processed by Logstash automatically without extra configuration.
I think that Logstash uses some default grok patterns like SYSLOGBASE2 to extract timestamp and replace @timestamp with extracted value. So, I don't have any custom date filters.
Idea number 3:
ruby {
code => "event.set('logstash_processed_at', Time.now());"
}