Searching the lines within a range of time period in a text file

Dear All,

Please advice me, I have a text file with one field date and time like below given. I need to find out the lines whchi content the time stamp between
Wed May 26 11:03:11 2010 and Wed May 26 11:03:52 2010 both can be included, using awk command which could be an interactive so that I could give the initial time and final time using the variable.

Timestamp, File Time, Channel, SID, Level, Stacked, Count, Block
2633437039, 16, 1, 9001, FD, U, 11, 1578, Wed May 26 11:03:11 2010
2633437041, 18, 1, 9001, FD, U, 2, 1764, Wed May 26 11:03:13 2010
2633437043, 20, 1, 9001, FD, S, 7, 1952, Wed May 26 11:03:15 2010
2633437045, 22, 1, 9001, FD, U, 10, 2137, Wed May 26 11:03:17 2010
2633437056, 24, 1, 2271, NT, S, 5, 2323, Wed May 26 11:03:28 2010
2633437047, 24, 1, 9001, FD, U, 18, 2324, Wed May 26 11:03:19 2010
2633437049, 26, 1, 9001, FD, U, 20, 2511, Wed May 26 11:03:21 2010
2633437051, 28, 1, 9001, FD, U, 19, 2698, Wed May 26 11:03:23 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
2633437059, 36, 1, 9001, FD, U, 18, 3446, Wed May 26 11:03:31 2010
2633437060, 38, 1, 9001, FD, U, 13, 3633, Wed May 26 11:03:32 2010
2633437062, 40, 1, 9001, FD, U, 19, 3820, Wed May 26 11:03:34 2010
2633437065, 42, 1, 9001, FD, U, 13, 4007, Wed May 26 11:03:37 2010
2633437067, 44, 1, 9001, FD, U, 6, 4194, Wed May 26 11:03:39 2010
2633437068, 46, 1, 9001, FD, U, 17, 4381, Wed May 26 11:03:40 2010
2633437070, 48, 1, 9001, FD, U, 15, 4568, Wed May 26 11:03:42 2010
2633437072, 50, 1, 9001, FD, U, 15, 4755, Wed May 26 11:03:44 2010
2633437074, 52, 1, 9001, FD, U, 10, 4942, Wed May 26 11:03:46 2010
2633437076, 54, 1, 9001, FD, U, 15, 5128, Wed May 26 11:03:48 2010
2633437076, 54, 1, 9001, FD, S, 24, 5129, Wed May 26 11:03:48 2010
2633437078, 56, 1, 9001, FD, U, 16, 5315, Wed May 26 11:03:50 2010
2633437080, 58, 1, 9001, FD, U, 18, 5502, Wed May 26 11:03:52 2010

Hi,

a possible solution will be the next:
create a new file where the first field is a numeric value formed from any date:
For example:
Wed May 26 11:03:11 2010
tranforms in:
2010-05-26-11-03-11 or simply: 20100526110311

Then, when all lines are transformed, execute a sort and with a script search comparing the numbers.

For me is tedious to write now, but the idea will be a solution.

You can do something like:

awk 'BEGIN {
  printf "Enter the starttime <hh:mm:ss> :"
  getline start < "-"
  printf "Enter the stoptime <hh:mm:ss> :"
  getline stop < "-"
  gsub(":","",start)
  gsub(":","",stop)
}
{d=$12;gsub(":","",d)}
d >= start && d <= stop
' file

Pls advice, if I need to enter the starttime and stoptime as Wed May 26 11:03:11 2010 and Wed May 26 11:03:52 2010 what should I follow.

No idea about awk, but here's one way to solve it with Perl:

$
$
$ # show the content of the file to be inspected
$ cat f0
Timestamp, File Time, Channel, SID, Level, Stacked, Count, Block
2633437039, 16, 1, 9001, FD, U, 11, 1578, Wed May 26 11:03:11 2010
2633437041, 18, 1, 9001, FD, U,  2, 1764, Wed May 26 11:03:13 2010
2633437043, 20, 1, 9001, FD, S,  7, 1952, Wed May 26 11:03:15 2010
2633437045, 22, 1, 9001, FD, U, 10, 2137, Wed May 26 11:03:17 2010
2633437056, 24, 1, 2271, NT, S,  5, 2323, Wed May 26 11:03:28 2010
2633437047, 24, 1, 9001, FD, U, 18, 2324, Wed May 26 11:03:19 2010
2633437049, 26, 1, 9001, FD, U, 20, 2511, Wed May 26 11:03:21 2010
2633437051, 28, 1, 9001, FD, U, 19, 2698, Wed May 26 11:03:23 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
2633437059, 36, 1, 9001, FD, U, 18, 3446, Wed May 26 11:03:31 2010
2633437060, 38, 1, 9001, FD, U, 13, 3633, Wed May 26 11:03:32 2010
2633437062, 40, 1, 9001, FD, U, 19, 3820, Wed May 26 11:03:34 2010
2633437065, 42, 1, 9001, FD, U, 13, 4007, Wed May 26 11:03:37 2010
2633437067, 44, 1, 9001, FD, U,  6, 4194, Wed May 26 11:03:39 2010
2633437068, 46, 1, 9001, FD, U, 17, 4381, Wed May 26 11:03:40 2010
2633437070, 48, 1, 9001, FD, U, 15, 4568, Wed May 26 11:03:42 2010
2633437072, 50, 1, 9001, FD, U, 15, 4755, Wed May 26 11:03:44 2010
2633437074, 52, 1, 9001, FD, U, 10, 4942, Wed May 26 11:03:46 2010
2633437076, 54, 1, 9001, FD, U, 15, 5128, Wed May 26 11:03:48 2010
2633437076, 54, 1, 9001, FD, S, 24, 5129, Wed May 26 11:03:48 2010
2633437078, 56, 1, 9001, FD, U, 16, 5315, Wed May 26 11:03:50 2010
2633437080, 58, 1, 9001, FD, U, 18, 5502, Wed May 26 11:03:52 2010
$
$ # show the content of the Perl program that processes file "f0"
$
$ cat -n f0.pl
     1  #perl -w
     2  use Date::Calc qw(Parse_Date Date_to_Time);
     3  $file = "f0";
     4
     5  # Process START_DATE that has format "Day Mon DD HH24:MI:SS YYYY"
     6  $start = $ARGV[0];
     7  if ($start =~ m/(.*) ([\d:]+) (.*)/) {
     8    @start_dt = Parse_Date("$1 $3");
     9    @start_ts = split(/:/,$2);
    10  }
    11  $stime = Date_to_Time(@start_dt, @start_ts);
    12
    13  # Process END_DATE that has format "Day Mon DD HH24:MI:SS YYYY"
    14  $end = $ARGV[1];
    15  if ($end =~ m/(.*) ([\d:]+) (.*)/) {
    16    @end_dt = Parse_Date("$1 $3");
    17    @end_ts = split(/:/,$2);
    18  }
    19  $etime = Date_to_Time(@end_dt, @end_ts);
    20
    21  # process the file
    22  open (IN, $file) or die "Can't open $file: $!";
    23  while (<IN>) {
    24    if ($. > 1) {
    25      chomp;
    26      if (/^.*, (.*) ([\d:]+) (.*)$/) {
    27        @file_dt = Parse_Date("$1 $3");
    28        @file_ts = split(/:/,$2);
    29        $ftime = Date_to_Time(@file_dt, @file_ts);
    30        print $_,"\n" if ($stime <= $ftime and $ftime <= $etime);
    31      }
    32    }
    33  }
    34  close (IN) or die "Can't open $file: $!";
$
$
$ # run the Perl program, passing <START_DATE> and <END_DATE> as parameters
$ perl f0.pl "Wed May 26 11:03:11 2010" "Wed May 26 11:03:52 2010"
2633437039, 16, 1, 9001, FD, U, 11, 1578, Wed May 26 11:03:11 2010
2633437041, 18, 1, 9001, FD, U,  2, 1764, Wed May 26 11:03:13 2010
2633437043, 20, 1, 9001, FD, S,  7, 1952, Wed May 26 11:03:15 2010
2633437045, 22, 1, 9001, FD, U, 10, 2137, Wed May 26 11:03:17 2010
2633437056, 24, 1, 2271, NT, S,  5, 2323, Wed May 26 11:03:28 2010
2633437047, 24, 1, 9001, FD, U, 18, 2324, Wed May 26 11:03:19 2010
2633437049, 26, 1, 9001, FD, U, 20, 2511, Wed May 26 11:03:21 2010
2633437051, 28, 1, 9001, FD, U, 19, 2698, Wed May 26 11:03:23 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
2633437059, 36, 1, 9001, FD, U, 18, 3446, Wed May 26 11:03:31 2010
2633437060, 38, 1, 9001, FD, U, 13, 3633, Wed May 26 11:03:32 2010
2633437062, 40, 1, 9001, FD, U, 19, 3820, Wed May 26 11:03:34 2010
2633437065, 42, 1, 9001, FD, U, 13, 4007, Wed May 26 11:03:37 2010
2633437067, 44, 1, 9001, FD, U,  6, 4194, Wed May 26 11:03:39 2010
2633437068, 46, 1, 9001, FD, U, 17, 4381, Wed May 26 11:03:40 2010
2633437070, 48, 1, 9001, FD, U, 15, 4568, Wed May 26 11:03:42 2010
2633437072, 50, 1, 9001, FD, U, 15, 4755, Wed May 26 11:03:44 2010
2633437074, 52, 1, 9001, FD, U, 10, 4942, Wed May 26 11:03:46 2010
2633437076, 54, 1, 9001, FD, U, 15, 5128, Wed May 26 11:03:48 2010
2633437076, 54, 1, 9001, FD, S, 24, 5129, Wed May 26 11:03:48 2010
2633437078, 56, 1, 9001, FD, U, 16, 5315, Wed May 26 11:03:50 2010
2633437080, 58, 1, 9001, FD, U, 18, 5502, Wed May 26 11:03:52 2010
$
$ # once again, with different parameter values
$ perl f0.pl "Wed May 26 11:03:11 2010" "Wed May 26 11:03:20 2010"
2633437039, 16, 1, 9001, FD, U, 11, 1578, Wed May 26 11:03:11 2010
2633437041, 18, 1, 9001, FD, U,  2, 1764, Wed May 26 11:03:13 2010
2633437043, 20, 1, 9001, FD, S,  7, 1952, Wed May 26 11:03:15 2010
2633437045, 22, 1, 9001, FD, U, 10, 2137, Wed May 26 11:03:17 2010
2633437047, 24, 1, 9001, FD, U, 18, 2324, Wed May 26 11:03:19 2010
$
$ # and once more
$ perl f0.pl "Wed May 26 11:03:25 2010" "Wed May 26 11:03:45 2010"
2633437056, 24, 1, 2271, NT, S,  5, 2323, Wed May 26 11:03:28 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
2633437059, 36, 1, 9001, FD, U, 18, 3446, Wed May 26 11:03:31 2010
2633437060, 38, 1, 9001, FD, U, 13, 3633, Wed May 26 11:03:32 2010
2633437062, 40, 1, 9001, FD, U, 19, 3820, Wed May 26 11:03:34 2010
2633437065, 42, 1, 9001, FD, U, 13, 4007, Wed May 26 11:03:37 2010
2633437067, 44, 1, 9001, FD, U,  6, 4194, Wed May 26 11:03:39 2010
2633437068, 46, 1, 9001, FD, U, 17, 4381, Wed May 26 11:03:40 2010
2633437070, 48, 1, 9001, FD, U, 15, 4568, Wed May 26 11:03:42 2010
2633437072, 50, 1, 9001, FD, U, 15, 4755, Wed May 26 11:03:44 2010
$
$

HTH,
tyler_durden

awk '/Wed May 26 11:03:11 2010/,/Wed May 26 11:03:48 2010/' file

Adjust time stamp as required.

Using danmero's idea -

$
$
$ cat f0
Timestamp, File Time, Channel, SID, Level, Stacked, Count, Block
2633437039, 16, 1, 9001, FD, U, 11, 1578, Wed May 26 11:03:11 2010
2633437041, 18, 1, 9001, FD, U,  2, 1764, Wed May 26 11:03:13 2010
2633437043, 20, 1, 9001, FD, S,  7, 1952, Wed May 26 11:03:15 2010
2633437045, 22, 1, 9001, FD, U, 10, 2137, Wed May 26 11:03:17 2010
2633437056, 24, 1, 2271, NT, S,  5, 2323, Wed May 26 11:03:28 2010
2633437047, 24, 1, 9001, FD, U, 18, 2324, Wed May 26 11:03:19 2010
2633437049, 26, 1, 9001, FD, U, 20, 2511, Wed May 26 11:03:21 2010
2633437051, 28, 1, 9001, FD, U, 19, 2698, Wed May 26 11:03:23 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
2633437059, 36, 1, 9001, FD, U, 18, 3446, Wed May 26 11:03:31 2010
2633437060, 38, 1, 9001, FD, U, 13, 3633, Wed May 26 11:03:32 2010
2633437062, 40, 1, 9001, FD, U, 19, 3820, Wed May 26 11:03:34 2010
2633437065, 42, 1, 9001, FD, U, 13, 4007, Wed May 26 11:03:37 2010
2633437067, 44, 1, 9001, FD, U,  6, 4194, Wed May 26 11:03:39 2010
2633437068, 46, 1, 9001, FD, U, 17, 4381, Wed May 26 11:03:40 2010
2633437070, 48, 1, 9001, FD, U, 15, 4568, Wed May 26 11:03:42 2010
2633437072, 50, 1, 9001, FD, U, 15, 4755, Wed May 26 11:03:44 2010
2633437074, 52, 1, 9001, FD, U, 10, 4942, Wed May 26 11:03:46 2010
2633437076, 54, 1, 9001, FD, U, 15, 5128, Wed May 26 11:03:48 2010
2633437076, 54, 1, 9001, FD, S, 24, 5129, Wed May 26 11:03:48 2010
2633437078, 56, 1, 9001, FD, U, 16, 5315, Wed May 26 11:03:50 2010
2633437080, 58, 1, 9001, FD, U, 18, 5502, Wed May 26 11:03:52 2010
$
$ awk -F", " -v FROM="Wed May 26 11:03:20 2010" -v TO="Wed May 26 11:03:30 2010" 'NR>1 && $9 > FROM && $9 < TO' f0
2633437056, 24, 1, 2271, NT, S,  5, 2323, Wed May 26 11:03:28 2010
2633437049, 26, 1, 9001, FD, U, 20, 2511, Wed May 26 11:03:21 2010
2633437051, 28, 1, 9001, FD, U, 19, 2698, Wed May 26 11:03:23 2010
2633437053, 30, 1, 9001, FD, U, 18, 2885, Wed May 26 11:03:25 2010
2633437055, 32, 1, 9001, FD, U, 21, 3072, Wed May 26 11:03:27 2010
2633437057, 34, 1, 9001, FD, U, 17, 3259, Wed May 26 11:03:29 2010
$
$

I guess danmero's script tries to perform a literal match of date+timestamps supplied (not sure about this though).

$
$ awk '/Wed May 26 11:03:20 2010/,/Wed May 26 11:03:30 2010/' f0
$

tyler_durden