I was looking into your GROK pattern and I saw some mistakes.
I do not know the log format, but the GROK for this log looks like this:
… %{WORD:process} %{NONNEGINT:process_number}…
or
…Process %{NONNEGINT:process_number}, Nbr %{IP:nbr_ip}…
depending on what you want to parse out.
Greedydata is easy to use, but it is the most expensive choice in terms of CPU.