Each line is an individual syslog message which means that related lines will rarely be consecutive though they all related lines for an event should arrive in a very short time. In this data example, there are two separate events which need their data related but the events themselves are independent of each other. The events can be identified by 1) node=xxxxxxxxxx; and 2) node=aaaaaaaaaa 
node=xxxxxxxxxx type=SYSCALL msg=audit(1485583201.776:5485082): arch=c000003e syscall=82 per=400000 success=yes exit=0 a0=7fc164006990 a1=7fc164006b70 a2=7fc164006b70 a3=7fc230853278 items=4 ppid=xxxxx pid=xxxxx auid=xxxxx uid=xxxxx gid=xxxxx euid=xxxxx suid=xxxxx fsuid=xxxxx egid=xxxxx sgid=xxxxx fsgid=xxxxx tty=(none) ses=4294967295 comm="somecommand" exe="/full/path/to/somecommand" key="delete"
node=xxxxxxxxxx type=CWD msg=audit(1485583201.776:5485082):  cwd="/another/cwd"
node=aaaaaaaaaa type=SYSCALL msg=audit(1485583203.459:5485148): arch=c000003e syscall=59 success=no exit=-2 a0=7f30b9d87149 a1=7f30b9d86860 a2=7f30b9d86bd8 a3=7f30b9d9c8c0 items=1 ppid=xxxxx pid=xxxxx auid=xxxxx uid=xxxxx gid=xxxxx euid=xxxxx suid=xxxxx fsuid=xxxxx egid=xxxxx sgid=xxxxx fsgid=xxxxx tty=(none) ses=16439 comm="command" exe="/bin/ksh93" key="cmdlineExecution"
node=xxxxxxxxxx type=PATH msg=audit(1485583201.776:5485082): item=0 name="arg-data-0" inode=268805 dev=fd:14 mode=040740 ouid=xxxxx ogid=xxxxx rdev=00:00 nametype=PARENT
node=aaaaaaaaaa type=CWD msg=audit(1485583203.459:5485148):  cwd="/a/cwd"
node=xxxxxxxxxx type=PATH msg=audit(1485583201.776:5485082): item=1 name="arg-data-1" inode=268805 dev=fd:14 mode=040740 ouid=xxxxx ogid=xxxxx rdev=00:00 nametype=PARENT
node=aaaaaaaaaa type=PATH msg=audit(1485583203.459:5485148): item=0 name="/etc/uname" nametype=UNKNOWN
node=xxxxxxxxxx type=PATH msg=audit(1485583201.776:5485082): item=2 name="arg-data-2" inode=269256 dev=fd:14 mode=0100640 ouid=xxxxx ogid=xxxxx rdev=00:00 nametype=DELETE
node=aaaaaaaaaa type=EOE msg=audit(1485583203.459:5485148):
node=xxxxxxxxxx type=PATH msg=audit(1485583201.776:5485082): item=3 name="arg-data-3" inode=269256 dev=fd:14 mode=0100640 ouid=xxxxx ogid=xxxxx rdev=00:00 nametype=CREATE
node=xxxxxxxxxx type=EOE msg=audit(1485583201.776:5485082):

In reply to Re^2: Multi-CPU when reading STDIN and small tasks by bspencer
in thread Multi-CPU when reading STDIN and small tasks by bspencer

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.