I have the below log
1 iCEXnXWuShGYRlDbHEADlQ 1 3 sara482 1573151463576 1.5 13.8 0.0 0 0 62.6||
my grok pattern is below
"message", "%{NUMBER:log_Level} (?[^\s]+) %{NUMBER:mcty} %{NUMBER:agty} (?[^\s]+) %{INT:ts} %{NUMBER:cpu} %{NUMBER:mem} %{NUMBER:swap} %{NUMBER:diskr} %{NUMBER:diskw} %{NUMBER:diskc}\|\|%{GREEDYDATA:appc}"
How can I make filed ts as @timestamp, currently if I check the field mappings for the index these logs getting stored in Elastic Search, the ts filed is mapped as string, I am able to mutate rest of fields as Num/Float however only field ts I am not able to convert or match as @timestamp.
I have tried converting the filed as UNIX/UNIX_MS however my logstash is breaking if I try map ito any thing other than NUM/INT
