I am trying to parse below log using grok
[2018-10-06 12:04:03:0227] [MYMACHINENAME]
and the grok expression which I used is
/[%{DATESTAMP:date}/] /[%{WORD:data}%/]
and this expression is not working. I tried to replace WORD with hostname even then it not working and if I try to either of the matchers alone then it works. Can anyone provide me the better tutorial pages to learn grok expressions?
There are few errors in your pattern.
First off, you escape character using backslash / not forward slash \. Second, you don't need % to match ] in the end.
Third, DATESTAMP doesn't match your date pattern, you need TIMESTAMP_ISO8601.
Your final pattern should become,
\[%{TIMESTAMP_ISO8601}\] \[%{WORD}\]