Linux grep Command

last modified February 25, 2025

The grep command in Linux is a powerful tool for searching text within files or input streams. It supports regular expressions and can be used to filter, count, and extract specific lines of text. This tutorial covers basic and advanced usage of grep with practical examples.

grep is commonly used for searching log files, filtering command output, and processing text data in scripts.

Basic Text Search

This finds error messages in a log file.

basic_search.sh

grep "ERROR" /var/log/syslog

The grep command searches /var/log/syslog for lines containing "ERROR" and prints them. Case matters—only exact matches appear. Use cat /var/log/syslog to verify the file’s content first. If no matches, no output is shown. It’s a simple way to spot issues in logs quickly.

Case-Insensitive Search

This searches for a user regardless of case.

case_insensitive.sh

grep -i "john" users.txt

The -i option makes grep ignore case, matching "john", "John", or "JOHN" in users.txt. Useful for names or terms with inconsistent casing. Without -i, only exact matches work. Check file existence with ls users.txt. Output shows all case-variants, reducing missed hits in searches.

Search in Multiple Files

This finds a keyword in several logs.

multiple_files.sh

grep "timeout" app1.log app2.log

The grep command searches app1.log and app2.log for "timeout", prefixing matches with filenames (e.g., "app1.log:timeout occurred"). Handy for comparing logs. Use ls *.log to list targets first. If a file is missing, grep warns but continues. Add -l to show only filenames with matches.

Recursive Search

This hunts a term in a project directory.

recursive_search.sh

grep -r "function" /home/user/code

The -r option recursively searches all files under /home/user/code for "function", showing file paths (e.g., "/home/user/code/main.c:function"). Great for codebases. Use -R to follow symlinks. Run find /home/user/code -type f to preview files. Add --include=*.c to limit to specific extensions.

Count Matching Lines

This counts login attempts in a log.

count_lines.sh

grep -c "login" auth.log

The -c option counts lines with "login" in auth.log, outputting a number (e.g., "42"). It doesn’t show the lines—just the count. Useful for quick stats. Verify with wc -l auth.log for total lines. If no matches, it returns "0". Combine with -i for case-insensitive counts.

Invert Match

This filters out debug lines from a log.

invert_match.sh

grep -v "DEBUG" app.log

The -v option shows lines in app.log without "DEBUG", inverting the match. Perfect for excluding noise like debug messages. Check original content with cat app.log. Multiple -v flags (e.g., -v "DEBUG" -v "INFO") exclude more patterns. Output is all non-matching lines, preserving order.

Advanced: Using Regular Expressions

This finds IP addresses in a network log.

regex_search.sh

grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" net.log

The -E option enables extended regex, matching IPs (e.g., "192.168.1.1") in net.log. The pattern [0-9]{1,3} means 1-3 digits, repeated four times with dots. Without -E, use \. for dots. Test with echo "192.168.1.1" | grep -E. Add -o to show only the IPs, not full lines.

Example: Show Line Numbers

This locates errors with line numbers.

line_numbers.sh

grep -n "ERROR" error.log

The -n option prepends line numbers to matches in error.log (e.g., "15:ERROR: crash"). Helps pinpoint issues in files. Use cat -n error.log to cross-check. Works with other flags like -i or -r. If no matches, no output. Great for debugging or referencing specific lines in logs.

Example: Highlight Matches

This highlights search terms in output.

highlight_matches.sh

grep --color "fail" test.log

The --color option highlights "fail" in test.log with color (usually red) in the terminal. Enhances readability. Set GREP_OPTIONS="--color=auto" in ~/.bashrc for default behavior. Works with pipes (e.g., ls | grep --color dir). Use less -R to preserve colors when paging. No effect in scripts unless redirected.

Example: Search with Context

This shows lines around a match.

context_search.sh

grep -A 2 -B 1 "crash" crash.log

The -A 2 (after) and -B 1 (before) options show 2 lines after and 1 line before each "crash" in crash.log. Separators (--) split multiple matches. Use -C 3 for 3 lines both ways. Ideal for log analysis needing context. Verify with cat crash.log. More lines give more insight into events.

Best Practices for grep

Use -i for Case-Insensitive Search: Always use -i when case sensitivity is not required.
Recursive Search: Use -r to search through directories and subdirectories.
Count Matches: Use -c to count matching lines for quick analysis.
Regular Expressions: Leverage -E for complex pattern matching.

Source

GNU grep Manual

In this article, we have explored various examples of using the grep command for text search, including case-insensitive search, recursive search, counting matches, and using regular expressions.

Author

My name is Jan Bodnar, and I am a passionate programmer with extensive programming experience. I have been writing programming articles since 2007. To date, I have authored over 1,400 articles and 8 e-books. I possess more than ten years of experience in teaching programming.

List all Linux tutorials.

Ebooks