How to add ip (any specific parameters) to filter in logstash?

i successfully revived the below masses on my web server - - [17/Jan/2016:00:12:16 +0300] "GET /POS-WS-Client/mTopup?uid=&password=&amount=20&msisdn=012&tid=0 HTTP/1.1" 200 21

actually i need to know to cut on this message on any spasfic filed
for example IP address i need to know top 10 ip ? or top 10 UID ?

my configurations file /etc/logstash/conf.d/10-syslog.conf as below;

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]

You should indeed use a grok filter to parse fields out of a string, but your logfile is a standard HTTP logfile and a syslog grok expression won't be able to parse it. I expect you'll have better luck with the COMMONAPACHELOG pattern.

what is the different between standard HTTP logfile and the other standers

Not sure what you mean but... many HTTP log files have the same format as your file (a format often called "common") but the "combined" format is also common (see the COMBINEDAPACHELOG pattern). Those are the two reasonably standardized formats, at least on Unix-based systems.

Use this

Love it and cherish it, the most useful aid there is for parsing.

Also, you should seriously consider not using GET that includes a password value, big security risk