grok syslogtimestamp + year pattern

syslog_with_year

# added year to SYSLOGTIMESTAMP
SYSLOGTIMESTAMPYEAR %{MONTH} %{MONTHDAY} %{YEAR} %{TIME}
SYSLOGBACKFILLYEAR %{SYSLOGTIMESTAMPYEAR:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}