Problem with my grok-need assistance

Hi Team,
I am working on some simillar to weblogic trace logs and it has following inputs in combined .

2018-09-27 02:36:11,474 DEBUG [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] SegmentedUrlRewriteFilter getUrlRewriter() getUrlRewriter: Cache fresh, using cached object
2018-09-27 02:36:11,502 WARN [pool-5-thread-413] ProductUtils getConfigNodeByName() No additional config found for: gw-ca

and my grok looks some think below.

%{TIMESTAMP_ISO8601:occuredtimestamp}\s%{DATA:trace}\s%{GREEDYDATA:threadinfo}]\s%{DATA:loggerclass}\s%{DATA:Method}\s%{GREEDYDATA:Logmessage}

but facing grok parse failure in my codec output.

Don't use more than one DATA or GREEDYDATA in a single grok expression. Use more exact patterns and build your expression step by step.

Agreed, can i find help to grok the "threadinfo" field in particular, since it has two different values.

[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)']

[pool-5-thread-413]

Untested:

\[(?<threadinfo>(\[[^\]]+\])?[^\]]+)\]