Hi,
You are right.Fields in your syslog event are not parsed because you bypassed the script. How to parse the syslog largely depends on syslog type.I am assuming events are not coming in key=value pair here otherwise splunk would have parsed them automatically.
If you want to parse the syslog manually, you need to extract the required fields in props.conf.There are some other features as well in props.conf which might come handy for syslog parsing. Below is the link for sample props.conf:
http://docs.splunk.com/Documentation/Splunk/6.1/Admin/propsconf
Thanks,
Pankaj
... View more