grep

When investigating bugs, crashes, or unexpected behavior, analyzing logs becomes crucial. The grep command is one of the most powerful and essential tools in Linux for this purpose.

Basic Syntax

grep [options] pattern [file...]

Option Examples

Option

Example

Description

-i

grep -i "data" demo.txt

Ignore case sensitivity.

-w

grep -w "of" demo.txt

Search for the full word only.

-A

grep -A 3 "Exception" error.log

Show 3 lines after the match.

-B

grep -B 4 "Exception" error.log

Show 4 lines before the match.

-C

grep -C 5 "Exception" error.log

Show 5 lines around the match.

-r

grep -r "error" /var/log/

Recursive search in subdirectories.

-v

grep -v "warning" syslog.log

Show lines that do not match.

-e

grep -e "^start" filename.txt

Use regex (basic regular expressions).

-E

"ja(s|cks)on" filename.txt

Use extended regex.

-c

grep -c "error" syslog.log

Count the number of matches.

-l

grep -l "robot" /var/log/*

Print filenames of matches.

-o

grep -o "text" filename.txt

Only show the matching part.

-n

grep -n "go" demo.txt

Show line numbers of matches.

grep Regular Expressions

Wildcards

. Any single character
? Optional, occurs once
* Optional, occurs multiple times
+ Required, occurs multiple times

Quantifiers

{n} Exactly n times
{n,} At least n times
{,m} Up to m times
{n,m} Between n and m times

POSIX Character Classes

[:alpha:] Any letter (a-zA-Z)
[:digit:] Any digit (0-9)
[:alnum:] Any letter or digit
[:space:] Any whitespace

Character Ranges

[A-Za-z] Any letter
[0-9] Any digit
[0-9A-Za-z] Any letter or digit

Positions

^ Beginning of line
$ End of line
^$ Empty line
\< Start of word
\> End of word

Most Useful `grep` Commands

1. Find a Specific Keyword

grep "error" application.log

Find lines containing "error" in application.log.

2. Case-Insensitive Search

grep -i "warning" application.log

Match "warning", "Warning", "WARNING", etc.

3. Recursive Search

grep -r "timeout" /var/log/

Search inside all files under /var/log/ directory.

4. Show Line Numbers

grep -n "exception" server.log

Display matching lines with line numbers.

5. Show Lines Before/After/Context

Show 5 lines after match:
```
grep -A 5 "failed" backend.log
```
Show 5 lines before match:
```
grep -B 5 "failed" backend.log
```
Show 5 lines before and after match:
```
grep -C 5 "failed" backend.log
```

Very useful to understand surrounding context of an error.

6. Multiple Keywords (OR Search)

grep -E "fatal|panic|critical" system.log

Match any of the words: fatal, panic, or critical.

7. Invert Match

grep -v "INFO" app.log

Show lines excluding "INFO". Helps to filter out noise.

8. Count Occurrences

grep -c "timeout" service.log

Display how many times "timeout" appears.

9. Search Whole Words

grep -w "start" app.log

Match "start" exactly — not "restart" or "started".

10. Live Log Monitoring

tail -f app.log | grep "error"

Monitor a log in real-time and only show new lines containing "error".

Save Results to a File

grep "database" app.log > database_errors.txt

Redirect grep results into a file for later review.

Piping with `grep`

When analyzing logs, you often deal with large outputs or want to chain commands together. That's where piping (|) becomes extremely powerful with grep.

Piping allows you to take the output of one command and pass it directly as input to grep, without needing intermediate files.

Basic Syntax

command | grep [options] pattern

| sends the output of the left-hand command to the input of the right-hand command.

Common Piping Examples

1. Filter `dmesg` Logs for USB Events

dmesg | grep "usb"

Search for "usb" events in kernel logs.

2. Find Running Processes

ps aux | grep "python"

List all running processes and filter those related to "python".

3. Combine with `tail` for Real-Time Monitoring

tail -f app.log | grep "error"

Monitor a growing log file and only show lines containing "error".

4. Chain Multiple Pipes

You can chain pipes for even more advanced filtering:

cat app.log | grep "timeout" | grep -v "retry"

Find "timeout" entries but exclude lines mentioning "retry".

5. Use with `ls` to Search for Files

ls -l /var/log | grep "nginx"

List only nginx-related files inside /var/log.

Quick Tip: Grep Output Colors

You can enable colored output when using grep with pipes:

ps aux | grep --color=always "ssh"

Highlight matching text for better visibility.

Resources for Practicing

Grep in Bash on ExercismExercism

Solve Programming Questions | HackerRankHackerRank

grep Cheatsheet

Next: You can level up further by learning awk and sed for advanced log analysis!

PreviousCommands Nextsed

Last updated 4 months ago

Basic Syntax

Option Examples

grep Regular Expressions

Wildcards

Quantifiers

POSIX Character Classes

Character Ranges

Positions

Most Useful grep Commands

1. Find a Specific Keyword

2. Case-Insensitive Search

3. Recursive Search

4. Show Line Numbers

5. Show Lines Before/After/Context

6. Multiple Keywords (OR Search)

7. Invert Match

8. Count Occurrences

9. Search Whole Words

10. Live Log Monitoring

Save Results to a File

Piping with grep

Basic Syntax

Common Piping Examples

1. Filter dmesg Logs for USB Events

2. Find Running Processes

3. Combine with tail for Real-Time Monitoring

4. Chain Multiple Pipes

5. Use with ls to Search for Files

Quick Tip: Grep Output Colors

Resources for Practicing

grep Cheatsheet

Most Useful `grep` Commands

Piping with `grep`

1. Filter `dmesg` Logs for USB Events

3. Combine with `tail` for Real-Time Monitoring

5. Use with `ls` to Search for Files