The syslog parser by default extracts the timestamp and app name fields only.

All common options and the message_decoder option is available for the syslog parser.

[filelog|data_logs]
directory=D:\Logs
include=*.txt
parser=mysyslog

[parser|mysyslog]
base_parser=syslog
message_decoder=syslog_message_decoder
debug=yes

[parser|syslog_message_decoder]
base_parser=kvp
fields=*

For example, if the syslog format log is:

2015-09-09 13:38:31.619407 +0400 smith01 john: Fri Dec 5 08:58:26 2014 [pid 26123] [jsmith.net] 
status_code=FAIL 
oper_ation=LOGIN: Client "176.31.17.46"

a syslog parser for which the message_decoder option is applied to run a KVP parser, will return the following:

timestamp=2015-09-09T09:38:31.619407
appname=john
status_code=FAIL
oper_ation=LOGIN: