hi
We have events something like below

2019-04-30 11:00:01 page=Login.jsp action=login  userid=1234 comment="User opened a session"
2019-04-30 11:01:01 page=Login.jsp action=login  userid=1234 comment="User might have opened another session"
2019-04-30 11:02:01 page=Logout.jsp action=logout userid=1234 comment="User logged out session"

But when user "logsout", that means he has completely logged out of all sessions

When I do a

...
| transaction userid startswith=(action="login") endswith=(action="logout") maxspan=1h keepevicted=true

I was looking for output as a Single Transaction, but currently it comes up as "TWO" txn events; as it pairs the closest/nearby events ONLY

# Transaction Output1
2019-04-30 11:01:01 page=Login.jsp action=login  userid=1234 comment="User might have opened another session"
2019-04-30 11:02:01 page=Logout.jsp action=logout userid=1234 comment="User logged out session"

# Transaction Output2
2019-04-30 11:00:01 page=Login.jsp action=login  userid=1234 comment="User opened a session"

Any options to make it as "SINGLE" output? as the user have logged out of system, so pairing with above conditions should pair both "logins" to a single logout

I was looking for OUPUT like below

# Single Transaction Output
2019-04-30 11:00:01 page=Login.jsp action=login  userid=1234 comment="User opened a session"
2019-04-30 11:01:01 page=Login.jsp action=login  userid=1234 comment="User might have opened another session"
2019-04-30 11:02:01 page=Logout.jsp action=logout userid=1234 comment="User logged out session"