eventTimestamp: 2010-03-23T07:56:19.166
result: Allowed
protocol: SMS
payload: RCOMM_SMS

eventTimestamp: 2010-03-23T07:56:19.167
result: Allowed
protocol: SMS
payload: RCOMM_SMS

eventTimestamp: 2010-03-23T07:56:19.186
result: Allowed
protocol: SMS
payload: SMS-MO-FSM

eventTimestamp: 2010-03-23T07:56:19.197
result: Allowed
protocol: SMS
payload: COPS

eventTimestamp: 2010-03-23T07:56:29.519
result: Blocked
protocol: SMS
payload: COPS
type: URL_IWF
result: Blocked

我想找到有效载荷的所有事件：SMS-MO-FSM或有效载荷：在2010-03-23 12:56:47和2010-03-23 13之间发生的SMS-MO-FSM-INFO： 56:47.到目前为止查询此文件时,我已按以下方式使用awk：

cat checkThis.txt |
awk 'BEGIN{FS="\n"; RS=""; OFS=";"; ORS="\n"}
     $1~/eventTimestamp: 2010-03-23T14\:16\:35/ && $4~/SMS-MO-FSM-INFO|SMS-MO-FSM$/ {$1=$1 ""; print $0}'

这将为我提供2010-03-23 14:16:35第二次发生的所有事件.但是,我正在努力思考如何将日期范围放入我的查询中.我可以使用以下内容将日期放入纪元时间但是如何在我的awk中使用以下内容来检查日期是否在所需的时间之间：

python -c "import time; ENGINE_TIME_FORMAT='%Y-%m-%dT%H:%M:%S'; print int(time.mktime(time.strptime('2010-03-23T12:52:52',ENGINE_TIME_FORMAT)))"

我知道这可以在Python中完成,但我已经在Python中为此编写了一个解析器,我希望这个方法作为替代检查器,所以我想尽可能使用awk.

我更进一步,创建了一个时间转换的python脚本：

#!/usr/local/bin/python
import time,sys
ENGINE_TIME_FORMAT='%Y-%m-%dT%H:%M:%S'
testTime = sys.argv[1]
try:
    print int(time.mktime(time.strptime(testTime,ENGINE_TIME_FORMAT)))
except:
    print "Time to convert %s" % testTime
    raise

然后我尝试使用getline将转换分配给变量进行比较：

cat checkThis.txt| awk 'BEGIN {FS="\n"; RS=""; OFS=";"; ORS="\n"; "./firstDate '2010-03-23T12:56:47'" | getline start_time; close("firstDate"); "./firstDate '2010-03-23T13:56:47'" | getline end_time; close("firstDate");} ("./firstDate $1" | getline) > start_time {$1=$1 ""; print $0}'
Traceback (most recent call last):
  File "./firstDate",line 4,in <module>
testTime = sys.argv[1]
IndexError: list index out of range

getline在BEGIN中工作,我在最终打印中检查了它,但我似乎在脚本的比较部分有问题.