zgrep
searches in zipped and unzipped files.
List unique usernames used in failed login attempts:
sudo zgrep -ohP "input_userauth_request: invalid user \K\w+" /var/log/auth.log* | sort -u
Count the usernames
sudo zgrep -ohP "input_userauth_request: invalid user \K\w+" /var/log/auth.log* | sort -u | wc -l
Note that in Ubuntu (and perhaps other distros) logrotate zips older logs and eventually deletes them. This will search compressed and uncompressed logs, but they will probably only go back a few weeks.