You could try
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:[@metadata][ts]} %{WORD} %{WORD:level}: \[%{NUMBER:something:float}\] %{DATA:msg}:%{GREEDYDATA:[@metadata][restOfLine]}" }
}
date { match => [ "[@metadata][ts]", "MMM dd HH:mm:ss" ] }
kv { source => "[@metadata][restOfLine]" whitespace => strict }
which will produce
"TTL" => "2",
"DPT" => "5353",
"ID" => "31930",
"DST" => "224.0.0.251",
"level" => "kernel",
"SRC" => "192.168.100.9",
"TOS" => "0x00",
"PREC" => "0x00",
"PROTO" => "UDP",
"SPT" => "5353",
"LEN" => [
[0] "89",
[1] "69"
],
"msg" => "DROP UNMATCHED IN-world",
"IN" => "eth0",
"something" => 26172.577441,
"MAC" => "01:00:5e:00:00:fb:aa:e7:68:57:d7:dc:08:00",
whitespace => strict is needed to correctly interpret the OUT= with no value.
You can use a dns filter to do the PTR lookup.