One possible way would be to create a field at the start of the filter section like this (I do something similar)
alter {
add_field => {
"[@metadata][now]" => "%{+YYYY.MM.dd.ss:SSS}"
}
}
Format it however you want. This can be added to any log message or used as the source to overwrite other fields...