But be careful with greedydata. It is an eqivalent vor * in underlying regex. If you have very long fields like stacktraces and you want to search something with greedydata, it may happen that logstash needs to parse the whole file and may fail at the end because it finds no match.
For all regex / grok try to set anchors like ^ or $ or static text if possible. Make it fail as fast as possible.
If you want to tune regex I can recommend regex101.com. It shows the number of steps needed. So you can find out wrong usage of greedydata (*) easily. But you have to convert grok to regex, which syntax is a bit different on defining the variables / regex groups.
I always try to to use greedydata as few as possible and rather use patterns like NOT_DASH to have anything until the given character.