Instead, create a new field for the time values and prefill it with @timestamp.

Why?
We use Graylog with various add-ons for logging which uses ElasticSearch. Instead of '@timestamp' in our case just 'timestamp' is used by the ElasticSearch indexes. I fixed the hardcoded @timestamp replacing it with timestamp & it works like a charm. The suggestion will make the Elasticsearch module much more flexible.

As an example our Graylog eventtype:
[Graylog]
instance = "graylogsrv1"
index = "graylog*"
filter = "source={display_name}"
fields = "input_type, source, message"

Hint: The host macros are not resolved when using the host.* notation. {host.display_name} is NOT resolved. Just display_name works.

Graylog differs in the stored data and selectable feature set quite a bit, think of stream IDs and so on. I wouldn't change/break something here just to have a specific Graylog profile, rather work on a dedicated module for it.

Well, the integration by using the plain Elasticsearch module is now working like a charm.

We also use filebeat / logstash to send data to Graylog, which does some additional stuff (filtering, streams,...). But for just displaying the plain elasticsearch results generated by a host it would be an easy fix. A Graylog module would be even better to get the most out of it... ;-)