fields:
  type: "syslog"
testcases:
  - input:
      - "Oct  6 20:55:29 myhost myprogram[31993]: This is a test message"
    expected:
      - "@timestamp": "2024-10-06T20:55:29.000Z"
        syslog_hostname: "myhost"
        syslog_message: "This is a test message"
        syslog_pid: "31993"
        syslog_program: "myprogram"
        type: "syslog"
        event:
          original: "Oct  6 20:55:29 myhost myprogram[31993]: This is a test message"
  - input:
      - "Oct  6 20:55:29 myhost myprogram: This is a test message"
    expected:
      - "@timestamp": "2024-10-06T20:55:29.000Z"
        syslog_hostname: "myhost"
        syslog_message: "This is a test message"
        syslog_program: "myprogram"
        type: "syslog"
        event:
          original: "Oct  6 20:55:29 myhost myprogram: This is a test message"