Actually, it should be easier than that! Splunk already knows about syslog format - a sourcetype for syslog is already included in Splunk. The definition for this sourcetype includes all the field extractions.
The syslog-ng output should be in a syslog format. So what you really need to do is to tell Splunk that this input is sourcetype=syslog. If you set up the input using the Splunk Manager, you should be able to update it in the same way. You may need to restart Splunk for the changes to take effect. (You can also just add the line sourcetype=syslog to the appropriate stanza of inputs.conf, if you want to do this manually. You will also need to restart Splunk.)
Now the bad news - changing the input sourcetype to syslog will only affect new data. If you can, remove any of the existing data from Splunk and re-index it. That's really the best way to fix the data. If you can't do that, then you may have to setup the field extractions; editing props.conf is one way to do that. Here are the instructions for setting up field extractions in the manuals. (Just to be clear: you definitely want search-time field extractions - and definitely do not want index-time field extractions.)