I found https://grokdebug.herokuapp.com/ and Test grok patterns very useful when writing my GROK filters.
There is a lot of info there, so I'd make use of match => ["message" , "%{GREEDYDATA:message}"] then try and filter out the useful bits.
I've made a start here for an example of how I start to construct these:
<142>1 %{TIMESTAMP_ISO8601:time}Z%{GREEDYDATA:data} [ngfwEvent@%{GREEDYDATA:more_stuff_to_filter}