Linux grep Command
last modified February 25, 2025
The grep
command in Linux is a powerful tool for searching text
within files or input streams. It supports regular expressions and can be used
to filter, count, and extract specific lines of text. This tutorial covers
basic and advanced usage of grep
with practical examples.
grep
is commonly used for searching log files, filtering command
output, and processing text data in scripts.
Basic Text Search
This finds error messages in a log file.
grep "ERROR" /var/log/syslog
The grep
command searches /var/log/syslog
for lines
containing "ERROR" and prints them. Case matters—only exact matches appear.
Use cat /var/log/syslog
to verify the file’s content first. If no
matches, no output is shown. It’s a simple way to spot issues in logs quickly.
Case-Insensitive Search
This searches for a user regardless of case.
grep -i "john" users.txt
The -i
option makes grep
ignore case, matching
"john", "John", or "JOHN" in users.txt
. Useful for names or terms
with inconsistent casing. Without -i
, only exact matches work.
Check file existence with ls users.txt
. Output shows all
case-variants, reducing missed hits in searches.
Search in Multiple Files
This finds a keyword in several logs.
grep "timeout" app1.log app2.log
The grep
command searches app1.log
and
app2.log
for "timeout", prefixing matches with filenames (e.g.,
"app1.log:timeout occurred"). Handy for comparing logs. Use ls *.log
to list targets first. If a file is missing, grep
warns but
continues. Add -l
to show only filenames with matches.
Recursive Search
This hunts a term in a project directory.
grep -r "function" /home/user/code
The -r
option recursively searches all files under
/home/user/code
for "function", showing file paths (e.g.,
"/home/user/code/main.c:function"). Great for codebases. Use -R
to
follow symlinks. Run find /home/user/code -type f
to preview files.
Add --include=*.c
to limit to specific extensions.
Count Matching Lines
This counts login attempts in a log.
grep -c "login" auth.log
The -c
option counts lines with "login" in auth.log
,
outputting a number (e.g., "42"). It doesn’t show the lines—just the count.
Useful for quick stats. Verify with wc -l auth.log
for total lines.
If no matches, it returns "0". Combine with -i
for case-insensitive
counts.
Invert Match
This filters out debug lines from a log.
grep -v "DEBUG" app.log
The -v
option shows lines in app.log
without "DEBUG",
inverting the match. Perfect for excluding noise like debug messages. Check
original content with cat app.log
. Multiple -v
flags
(e.g., -v "DEBUG" -v "INFO"
) exclude more patterns. Output is all
non-matching lines, preserving order.
Advanced: Using Regular Expressions
This finds IP addresses in a network log.
grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" net.log
The -E
option enables extended regex, matching IPs (e.g.,
"192.168.1.1") in net.log
. The pattern [0-9]{1,3}
means 1-3 digits, repeated four times with dots. Without -E
, use
\.
for dots. Test with echo "192.168.1.1" | grep -E
.
Add -o
to show only the IPs, not full lines.
Example: Show Line Numbers
This locates errors with line numbers.
grep -n "ERROR" error.log
The -n
option prepends line numbers to matches in
error.log
(e.g., "15:ERROR: crash"). Helps pinpoint issues in
files. Use cat -n error.log
to cross-check. Works with other flags
like -i
or -r
. If no matches, no output. Great for
debugging or referencing specific lines in logs.
Example: Highlight Matches
This highlights search terms in output.
grep --color "fail" test.log
The --color
option highlights "fail" in test.log
with
color (usually red) in the terminal. Enhances readability. Set
GREP_OPTIONS="--color=auto"
in ~/.bashrc
for default
behavior. Works with pipes (e.g., ls | grep --color dir
). Use
less -R
to preserve colors when paging. No effect in scripts
unless redirected.
Example: Search with Context
This shows lines around a match.
grep -A 2 -B 1 "crash" crash.log
The -A 2
(after) and -B 1
(before) options show 2
lines after and 1 line before each "crash" in crash.log
. Separators
(--
) split multiple matches. Use -C 3
for 3 lines
both ways. Ideal for log analysis needing context. Verify with
cat crash.log
. More lines give more insight into events.
Best Practices for grep
- Use
-i
for Case-Insensitive Search: Always use-i
when case sensitivity is not required. - Recursive Search: Use
-r
to search through directories and subdirectories. - Count Matches: Use
-c
to count matching lines for quick analysis. - Regular Expressions: Leverage
-E
for complex pattern matching.
Source
In this article, we have explored various examples of using the grep
command for text search, including case-insensitive search, recursive search,
counting matches, and using regular expressions.
Author
List all Linux tutorials.