grok patterns for elastic load balancer logs

filter {
  if [type] == "application-load-balancer" {
    grok {
        match => ["message", "%{NOTSPACE:request_type} %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:alb-name} %{NOTSPACE:client} %{NOTSPACE:target} %{NOTSPACE:request_processing_time:float} %{NOTSPACE:target_processing_time:float} %{NOTSPACE:response_processing_time:float} %{NOTSPACE:elb_status_code} %{NOTSPACE:target_status_code} %{NOTSPACE:received_bytes:float} %{NOTSPACE:sent_bytes:float} %{QUOTEDSTRING:request} %{QUOTEDSTRING:user_agent} %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol} %{NOTSPACE:target_group_arn} %{QUOTEDSTRING:trace_id}"]
    }
    date {
      match  => [ "log_timestamp", ISO8601 ]
    }
    mutate {
      gsub => [
        "request", '"', "",
        "trace_id", '"', "",
        "user_agent", '"', ""
      ]
    }
    grok {
        match => ["request", "(%{NOTSPACE:http_method})? (%{NOTSPACE:http_uri})? (%{NOTSPACE:http_version})?"]
    }
    grok {
        match => ["http_uri", "(%{WORD:protocol})?(://)?(%{IPORHOST:domain})?(:)?(%{INT:http_port})?(%{GREEDYDATA:request_uri})?"]
    }
    grok {
        match => ["client", "(%{IPORHOST:c_ip})?"]
    }
    geoip {
        source => "c_ip"
    }
  }
}