You need to parse the timestamp part of the syslog message into a field of its own. Then feed that field to the date filter. The syslog example in the documentation should be helpful: https://www.elastic.co/guide/en/logstash/current/config-examples.html#_processing_syslog_messages