Common grep commands and switches

Hi,

We all know that grepping a word out of file(s) are being so difficult in case the number of files are near to thousands and even more. In these circumstances we use command “grep” from Linux shell to do this. There are plenty of switches available for this command. I will start with simple switches and their examples.

The basic way of grepping the file should be like this.

grep “word_to_search” file_name

grep “word_to_search” file_name1 file_name2 file_name3

grep “word1 word2″ file_name

cat “some_file” | grep word_to_search

command | grep word_to_search

grep –color word_to_search file_name

Now we can see some real time examples. For example consider a scenario where you want to grep the lines containing a date in a sample log file. For the testing practical purpose, I have appended the exim_maillog file to a test log file called test.log. Now I am trying to grep the lines which contains the date 2014-01-09 . Here the word_to_search is date “2014-01-09” and file_name is “test.log”

root@vps-1085528-7570 [/home/leo]# cat /var/log/exim_mainlog >> test.log
root@vps-1085528-7570 [/home/leo]# grep 2014-01-09 test.log
2014-01-09 00:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 00:10:32 Start queue run: pid=30132
2014-01-09 00:10:32 End queue run: pid=30132
2014-01-09 00:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 00:11:02 Start queue run: pid=30135
2014-01-09 00:11:02 End queue run: pid=30135
2014-01-09 01:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 01:10:32 Start queue run: pid=30653
2014-01-09 01:10:32 End queue run: pid=30653
2014-01-09 01:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 01:11:02 Start queue run: pid=30660
2014-01-09 01:11:02 End queue run: pid=30660
2014-01-09 02:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 02:10:32 Start queue run: pid=31173
2014-01-09 02:10:32 End queue run: pid=31173
2014-01-09 02:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 02:11:02 Start queue run: pid=31176
2014-01-09 02:11:02 End queue run: pid=31176
root@vps-1085528-7570 [/home/leo]#

In case if you want to know the number of lines containing this date “2014-01-09“, Please do wc (word count) command.

root@vps-1085528-7570 [/home/leo]# grep 2014-01-09 test.log | wc -l
18
root@vps-1085528-7570 [/home/leo]#

In case if you want to grep all the lines that having word “End” and date “2014-01-09“. Please try as shown below

root@vps-1085528-7570 [/home/leo]# grep 2014-01-09 test.log | grep End
2014-01-09 00:10:32 End queue run: pid=30132
2014-01-09 00:11:02 End queue run: pid=30135
2014-01-09 01:10:32 End queue run: pid=30653
2014-01-09 01:11:02 End queue run: pid=30660
2014-01-09 02:10:32 End queue run: pid=31173
2014-01-09 02:11:02 End queue run: pid=31176
root@vps-1085528-7570 [/home/leo]#

Here it is grepping from some that is already grepped. I hope you will be clear from the demonstration.

You can try grepping all the lines with either “End” OR date “2014-01-09“. See the demostration

root@vps-1085528-7570 [/home/leo]# grep -E “End|2014-01-09″ test.log

2014-01-07 00:10:32 End queue run: pid=25875
2014-01-07 00:11:02 End queue run: pid=25878
2014-01-07 01:10:32 End queue run: pid=26380
2014-01-07 01:11:02 End queue run: pid=26384
2014-01-07 02:10:32 End queue run: pid=26940

2014-01-08 15:11:02 End queue run: pid=25352
2014-01-08 16:10:32 End queue run: pid=25875
2014-01-08 16:11:02 End queue run: pid=25921
2014-01-08 17:10:32 End queue run: pid=26463
2014-01-08 17:11:02 End queue run: pid=26467

2014-01-09 00:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 00:10:32 Start queue run: pid=30132
2014-01-09 00:10:32 End queue run: pid=30132
2014-01-09 00:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 00:11:02 Start queue run: pid=30135
2014-01-09 00:11:02 End queue run: pid=30135
2014-01-09 01:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 01:10:32 Start queue run: pid=30653
2014-01-09 01:10:32 End queue run: pid=30653
2014-01-09 01:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 01:11:02 Start queue run: pid=30660
2014-01-09 01:11:02 End queue run: pid=30660
2014-01-09 02:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 02:10:32 Start queue run: pid=31173
2014-01-09 02:10:32 End queue run: pid=31173
2014-01-09 02:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
2014-01-09 02:11:02 Start queue run: pid=31176
2014-01-09 02:11:02 End queue run: pid=31176

This simply implies that it has grepped all the lines with date “2014-01-09” along with all the lines with word “End” from other dates too. Here we use -E for extended grep.

If you want to grep a word from a file using another method also. I needed to grep the word “leo” from the /etc/passwd file.

root@vps-1085528-7570 [/home/leo]# cat /etc/passwd | grep leo
leo:x:32033:32036::/home/leo:/bin/bash
root@vps-1085528-7570 [/home/leo]#

We can grep a word from the output of a command also. Please see

root@vps-1085528-7570 [/home/leo]# ls
./ ../ .bash_logout .bash_profile .bashrc test.file test.log test.txt
root@vps-1085528-7570 [/home/leo]# ls | grep log
.bash_logout
test.log
root@vps-1085528-7570 [/home/leo]#
If you want to highlight the word in a particular color use the switch –color along with grep command.

root@vps-1085528-7570 [/home/leo]# ls | grep –color log
.bash_logout
test.log
root@vps-1085528-7570 [/home/leo]#

To grep recursively, We must use the switch -r so that it will grep all the sub-directories too.

grep -r word /path/to/parent_folder/

To count the number of lines that containing the word, You use the switch -c. Please see

root@vps-1085528-7570 [/home/leo]# grep -c End test.log
561
root@vps-1085528-7570 [/home/leo]#

To get the number of corresponding lines in which the grepped word resides, Please use -n switch

root@vps-1085528-7570 [/home/leo]# grep -n 2014-01-09 test.log
14095:2014-01-09 00:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14096:2014-01-09 00:10:32 Start queue run: pid=30132
14097:2014-01-09 00:10:32 End queue run: pid=30132
14098:2014-01-09 00:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14099:2014-01-09 00:11:02 Start queue run: pid=30135
14100:2014-01-09 00:11:02 End queue run: pid=30135
14101:2014-01-09 01:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14102:2014-01-09 01:10:32 Start queue run: pid=30653
14103:2014-01-09 01:10:32 End queue run: pid=30653
14104:2014-01-09 01:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14105:2014-01-09 01:11:02 Start queue run: pid=30660
14106:2014-01-09 01:11:02 End queue run: pid=30660
14107:2014-01-09 02:10:32 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14108:2014-01-09 02:10:32 Start queue run: pid=31173
14109:2014-01-09 02:10:32 End queue run: pid=31173
14110:2014-01-09 02:11:02 cwd=/var/spool/exim 2 args: /usr/sbin/exim -q
14111:2014-01-09 02:11:02 Start queue run: pid=31176
14112:2014-01-09 02:11:02 End queue run: pid=31176
root@vps-1085528-7570 [/home/leo]#

So the line number will be shown at the starting of each line.

To get the invert match of a word, we can use -v switch. To find all the lines which are not containing word “exim”

grep -v exim test.log

To grep a word “test”from all the files that starting with .txt, You can use as follows

grep test *.txt

In case if you want to search the word case insensitive, use the switch -i after the grep command. As shown below

grep -i word file_name

By default, Grep command finds the lines containing the specific word. Instead you can list the file names using switch -l.

root@vps-1085528-7570 [/home/leo]# grep -l 2014-01-09 /home/leo/*
/home/leo/test.file
/home/leo/test.log
root@vps-1085528-7570 [/home/leo]#

You can use ^ and $ to list the files which starts or ends with the particular word. ^ stands for starting and $ stands for end.
See the example

root@vps-1085528-7570 [/home/leo]# grep ^leo /etc/*

/etc/domainusers,v:leo: testleo.com
/etc/domainusers,v:leo: testleo.com
/etc/domainusers,v:leo: testleo.com
/etc/group:leo:x:32036:
/etc/passwd:leo:x:32033:32036::/home/leo:/bin/bash
/etc/passwd.fixhome:leo:x:559:560::/home/leo:/bin/bash
/etc/passwd,v:leo:x:559:560::/home/leo:/bin/bash

In the same manner to see the files which having a line ending with the word “leo” will be like this.

root@vps-1085528-7570 [/home/leo]# grep leo$ /etc/*
Binary file /etc/passwd.cache matches
/etc/trueuserdomains,v:testleo.com: leo
/etc/trueuserdomains,v:testleo.com: leo
/etc/trueuserdomains,v:testleo.com: leo
root@vps-1085528-7570 [/home/leo]#

This article consists of limited number of switches. There are plenty of options left and needed to be added. This article will be edited accordingly. Please feel free to let me know your advises so that I can modify the article accordingly.

Have a Blast 😀

Bio
Latest Posts

Leo Prince

Latest posts by Leo Prince (see all)

Common grep commands and switches - January 9, 2014
Linux – Execute a script which needs root privileges using SUDO command - November 7, 2013