By the way, fortigate uses 2 separate field to setup date and time, you can use this pipeline rule to concat them, and use it as timestamp:
rule "fortigate_timestamp"
when
has_field("devname") AND has_field("date") AND has_field("time")
then
let build_message_0 = concat(to_string($message.date), " ");
let build_message_1 = concat(build_message_0, to_string($message.time));
let new_time = parse_date(value: build_message_1, pattern:"yyyy-MM-dd HH:mm:ss", timezone:"Europe/Bratislava");
set_field("timestamp", new_time);
end