timestamp is a non-string field (it contains a Date object), so extractors won’t run on that.
Either use processing pipeline rules and the parse_date() function or try extracting the timestamp from your message or full_message fields as a string (using a Regex extractor and a Date converter).