securityonion/salt/elasticsearch/files/ingest/syslog

{
  "description" : "syslog",
  "processors" : [
    {
        "dissect": {
                "field": "message",
                "pattern" : "%{message}",
                "on_failure": [ { "drop" : { } } ]
        }
    },
    { "pipeline":       { "name": "common"                                             } }
  ]
}