Aggregate different inputs

It's possible to aggregate different input files content?

Example:
file1.txt
May 1 15:57:11 myhost sshd[34427]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 1 16:16:13 myhost sshd[34427]: pam_unix(sshd:session): session closed for user hendrenj
May 5 14:27:09 myhost sshd[43553]: pam_unix(sshd:session): session opened for user hendrenj by (uid=0)
May 5 18:23:41 myhost sshd[43553]: pam_unix(sshd:session): session closed for user hendrenj

file2.txt
user hendrenj connected from 43.3.21.157 at May 1 15:50:01
user hendrenj disconnected from 43.3.21.157 at May 1 16:51:32
user hendrenj connected from 43.3.21.157 at May 5 14:10:35
user hendrenj disconnected from 43.3.21.157 at May 5 20:10:22

I want an output like this:
file3.txt
at May 1 15:50:01 user hendrenj connected from 43.3.21.157
at May 1 15:57:11 session opened for user hendrenj by (uid=0)
at May 1 16:16:13 session closed for user hendrenj
at May 1 16:51:32 user hendrenj disconnected from 43.3.21.157
at May 5 14:10:35 user hendrenj connected from 43.3.21.157
at May 5 14:27:09 session opened for user hendrenj by (uid=0)
at May 5 18:23:41 session closed for user hendrenj
at May 5 20:10:22 user hendrenj disconnected from 43.3.21.157

Do you have some ideas?

Just use a grok filter with 2 patterns and set the file output plugin accordingly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.