You can use an inline rex:

search | rex field=_raw "client\s*(?<clientip>[^#]*)\d+:\s*query:\s*(?<query>[^\s]*)"

You can use a props extract in props.conf
[sourcetype]
EXTRACT-thosefields = client\s*(?<clientip>[^#]*)\d+:\s*query:\s*(?<query>[^\s]*)

You can do it using props/transforms.

in props.conf

[sourcetype]
REPORT-thosefields = thosefields_for_sourcetype

in transforms.conf

[thosefields_for_sourcetype]
REGEX = client\s*([^#]*)\d+:\s*query:\s*([^\s]*)
FORMAT = clientip::$1 query::$2