This may be a simple question, but in my logs the spaces between different fields are uncertain, that mean in some logs I can see two spaces and in some three between the same fields. How do we accommodate this in GROK?

You can use %{SPACE}* in your grok pattern for matching uncertian number of spaces. It will match even if spaces are present or not.

Grok is at it's heart an overlay on Regex's. So in your grok pattern, you can directly use Regex syntax:

 %{WORD} +%{WORD}

So "space+" means one or more spaces. "space*" means 0 or more spaces.

Grok also has a pattern %{SPACE} that is equivilent to " *"