Yea this is just testing and they are really small (like...187k). So here's my line:
PUT /_template/bro_template
{
"template": "bro-*",
"mappings": {
"bro_ts": {
"properties": {
"ts": {
"type": "date",
"format": "epoch_millis"
}
}
}
}
}
Fingers crossed that this works!