Posted on June 28, 2023 by nexonhost
How To Use Grep Command.
In this article, we will show you how to use the grep command through practical examples and detailed explanations of the most common GNU grep options.
grep Command Syntax
The syntax for the grep command is as follows:
grep [OPTIONS] PATTERN [FILE...]
The items in square brackets are optional.
OPTIONS – Zero or more options. Grep includes a number of options that control its behavior.
PATTERN – Search pattern.
FILE – Zero or more input file names.
To be able to search the file, the user running the command must have read access to the file.
Search for a String in Files
The most basic usage of the grep command is to search for a string (text) in a file.
grep bash /etc/passwd
The output should look something like this:
root:x:0:0:root:/root:/bin/bash liviu.daniel:x:1000:1000::/home/liviu.daniel:/bin/bash
If the string includes spaces, you need to enclose it in single or double quotation marks:
grep "Gnome Display Manager" /etc/passwd
Invert Match (Exclude)
To display the lines that do not match a pattern, use the -v ( or –invert-match) option.
For example, to print the lines that do not contain the string nologin you would use:
grep -v nologin /etc/passwd
root:x:0:0:root:/root:/bin/bash sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt liviu.daniel:x:1000:1000::/home/liviu.daniel:/bin/bash
Using Grep to Filter the Output of a Command
A command’s output can be filtered with grep through piping, and only the lines matching a given pattern will be printed on the terminal.
For example, to find out which processes are running on your system as user www-data you can use the following ps command:
ps -ef | grep www-data
root 16217 16133 0 15:48 pts/1 00:00:00 grep --color=auto www-data
You can also chain multiple pipes in on command. As you can see in the output above there is also a line containing the grep process. If you don’t want that line to be shown pass the output to another grep instance as shown below.
ps -ef | grep www-data | grep -v grep
www-data 18247 12675 4 16:00 ? 00:00:00 php-fpm: pool www www-data 31147 12770 0 Oct22 ? 00:05:51 nginx: worker process www-data 31148 12770 0 Oct22 ? 00:00:00 nginx: cache manager process
Recursive Search
To recursively search for a pattern, invoke grep with the -r option (or –recursive). When this option is used grep will search through all files in the specified directory, skipping the symlinks that are encountered recursively.
To follow all symbolic links , instead of -r, use the -R option (or –dereference-recursive).
grep -r nexonhost.com /etc
The output will include matching lines prefixed by the full path to the file:
/etc/nginx/nginx.conf: server_name nexonhost.com www.nexonhost.com;
If you use the -R option, grep will follow all symbolic links:
grep -R nexonhost.com /etc
Notice the last line of the output below. That line is not printed when grep is invoked with -rbecause files inside the Nginx’s sites-enabled directory are symlinks to configuration files inside the sites-available directory.
/etc/nginx/nginx.conf: server_name nexonhost.com www.nexonhost.com;
Show Only the Filename
To suppress the default grep output and print only the names of files containing the matched pattern, use the -l ( or –files-with-matches) option.
The command below searches through all files ending with .conf in the current working directory and prints only the names of the files containing the string liviu.daniel.com:
grep -l nexonhost.com *.conf
The -l option is usually used in combination with the recursive option -R:
grep -Rl nexonhost.com /tmp
Case Insensitive Search
By default, grep is case sensitive. This means that the uppercase and lowercase characters are treated as distinct.
To ignore case when searching, invoke grep with the -i option (or –ignore-case).
For example, when searching for Zebra without any option, the following command will not show any output i.e there are matching lines:
grep Zebra /usr/share/words
But if you perform a case insensitive search using the -i option, it will match both upper and lower case letters:
grep -i Zebra /usr/share/words
Specifying “Zebra” will match “zebra”, “ZEbrA” or any other combination of upper and lower case letters for that string.
zebra zebra's zebras
Search for Full Words
When searching for a string, grep will display all lines where the string is embedded in larger strings.
For example, if you search for “gnu”, all lines where “gnu” is embedded in larger words, such as “cygnus” or “magnum” will be matched:
grep gnu /usr/share/words
cygnus gnu interregnum lgnu9d lignum magnum magnuson sphagnum wingnut
To return only those lines where the specified string is a whole word (enclosed by non-word characters), use the -w ( or –word-regexp) option.
Word characters include alphanumeric characters (a-z, A-Z, and 0-9) and underscores (_). All other characters are considered as non-word characters.
If you run the same command as above, including the -w option, the grep command will return only those lines where gnu is included as a separate word.
grep -w gnu /usr/share/words
gnu
Show Line Numbers
The -n ( or –line-number) option tells grep to show the line number of the lines containing a string that matches a pattern. When this option is used, grep prints the matches to standard output prefixed with the line number.
For example to display the lines from the /etc/services file containing the string bash prefixed with the matching line number you can use the following command:
grep -n 10000 /etc/services
The output below shows us that the matches are found on lines 10423 and 10424.
10337:ndmp 10000/tcp # Network Data Management Protocol 10338:ndmp 10000/udp # Network Data Management Protocol
Count Matches
To print a count of matching lines to standard output, use the -c ( or –count) option.
In the example below, we are counting the number of accounts that have /usr/bin/zsh as a shell.
regular expressiongrep -c '/usr/bin/zsh' /etc/passwd
4
Quiet Mode
The -q (or –quiet) tells grep to run in quiet mode not to display anything on the standard output. If a match is found, the command exits with status 0. This is useful when using grep in shell scripts where you want to check whether a file contains a string and perform a certain action depending on the result.
Here is an example of using grep in a quiet mode as a test command in an if statement :
if grep -q PATTERN filename
then
echo pattern found
else
echo pattern not found
fiBasic Regular Expression
GNU Grep has three regular expression feature sets, Basic, Extended and Perl-compatible.
By default, grep interprets the pattern as a basic regular expression where all characters except the meta-characters are actually regular expressions that match themselves.
Below is a list of most commonly used meta-characters:
Use the
^(caret) symbol to match expression at the start of a line. In the following example, the string kangaroo will match only if it occurs at the very beginning of a line.grep "^kangaroo" file.txt
Use the $ (dollar) symbol to match expression at the end of a line. In the following example, the string kangaroo will match only if it occurs at the very end of a line.
grep "kangaroo$" file.txt
Use the
.(period) symbol to match any single character. For example, to match anything that begins with kan then has two characters and ends with the string roo, you could use the following pattern:grep "kan..roo" file.txt
Use [ ] (brackets) to match any single character enclosed in the brackets. For example, find the lines that contain accept or “accent, you could use the following pattern:
grep "acce[np]t" file.txt
Use [^ ] to match any single character not enclosed in the brackets. The following pattern will match any combination of strings containing co(any_letter_except_l)a, such as coca, cobalt and so on, but will not match the lines containing cola,
grep "co[^l]a" file.txt
To escape the special meaning of the next character, use the \ (backslash) symbol.
Extended Regular Expressions
To interpret the pattern as an extended regular expression, use the -E ( or –extended-regexp) option. Extended regular expressions include all of the basic meta-characters, along with additional meta-characters to create more complex and powerful search patterns. Below are some examples:
Match and extract all email addresses from a given file:
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txtMatch and extract all valid IP addresses from a given file:
grep -E -o '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' file.txt
The -o option is used to print only the matching string.
Search for Multiple Strings (Patterns)
Two or more search patterns can be joined using the OR operator |.
By default, grep interprets the pattern as a basic regular expression where the meta-characters such as | lose their special meaning, and their backslashed versions must be used.
In the example below we are searching all occurrences of the words fatal, error, and critical in the Nginx log error file:
grep ‘fatal\|error\|critical’ /var/log/nginx/error.log
If you use the extended regular expression option -E, then the operator | should not be escaped, as shown below:
grep -E 'fatal|error|critical' /var/log/nginx/error.log
Print Lines Before a Match
To print a specific number of lines before matching lines, use the -B ( or –before-context) option.
For example, to display five lines of leading context before matching lines, you would use the following command:
grep -B 5 root /etc/passwd
Print Lines After a Match
To print a specific number of lines after matching lines, use the -A ( or –after-context) option.
For example, to display five lines of trailing context after matching lines, you would use the following command:
grep -A 5 root /etc/passwd
Conclusion
The grep command allows you to search for a pattern inside of files. If a match is found, grep prints the lines containing the specified pattern.