Hi Geert
Logstash can drop empty fields so it is possible to index only the actual data. I don't think having 120 fields in one index is a problem.
You can use conditionals to have Logstash send different data to different indexes so if your syslogs contains some data that makes it easy to identify the type of logs, you can use something like a if statement to send it to a different index.
I believe Elasticsearch can search through different indexces but if you plan on using Kibana to visualize some of the data, its probably best to have it all in one index as most visualizations are limited to a single index and can't access data in a different index.