wrong time being parsed

the default value is "item.timestamp", this send splunk the timestamp of the cloudwatch log, and not the eventTime. i have tried replacing it with "parsed.eventTime" "payload.eventTime" etc, all result in failure to send logs. what is the correct object to get eventTime as the logtime