[LOGSTASH] Grok pattern for AWS ELB Classic logs

elb_filter

filter {
  if [type] == "elb-l4" {
    grok {
      match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:int} (?:(%{IP:backendip}:?:%{INT:backendport:int})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} (?:-|%{INT:elb_status_code:int}) (?:-|%{INT:backend_status_code:int}) %{INT:received_bytes:int} %{INT:sent_bytes:int} \"%{ELB_REQUEST_LINE}\" \"(?:-|%{DATA:user_agent})\" (?:-|%{NOTSPACE:ssl_cipher}) (?:-|%{NOTSPACE:ssl_protocol})" ]
    }
    date {
      match => [ "timestamp", "ISO8601" ]
    }
    mutate {
      remove_field => [ "message", "timestamp" ]
    }
    geoip {
            source => "clientip"
        }
    mutate {
        update => {
            "type" => "elb-l4-log"
        }
    }
  }
}

Could you please provide example of you ELB logs, and if you can please help with filter current log, thanks.
h2 2019-05-17T06:41:00.964615Z app/elb/df6fv955fde258fd 122.100.10.197:64506 192.168.10.11:443 0.000 0.001 0.000 200 200 373 53260 "GET https://web.example.com:443/1045instance/Web/WCF/gere/Service.svc/load?q=http://something.example.com/news/rss.xml HTTP/2.0" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.80 Safari/537.36" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:eu-central-1:300805568453:targetgroup/demo/1d8328e7c33c9f56 "Root=1-5cde577c-b23b8efc56488b5656a382d0" "web.example.com" "arn:aws:acm:eu-central-1:553807968883:certificate/645b32b2-a00d-428f-b00b-b00a005af000" 4 2019-05-17T06:41:00.678000Z "forward" "-" "-"