diff --git a/salt/elasticsearch/files/ingest/syslog b/salt/elasticsearch/files/ingest/syslog
new file mode 100644
index 000000000..d34e79d4a
--- /dev/null
+++ b/salt/elasticsearch/files/ingest/syslog
@@ -0,0 +1,13 @@
+{
+  "description" : "syslog",
+  "processors" : [
+    {
+        "dissect": {
+                "field": "message",
+                "pattern" : "%{message}",
+                "on_failure": [ { "drop" : { } } ]
+        }
+    },
+    { "pipeline":       { "name": "common"                                             } }
+  ]
+}