Linux and UNIX systems come with a shell command known as ‘grep’. This simply looks for a specified text, or pattern, in a file or an entire directory. The most common usage is for quickly searching a file for occurrences of a pattern, which can be in plain text, or in the form of a regular expression. Here, the patterns used will be simple text rather than regular expressions.
This article will show you how to use grep when searching through text files for one or more patterns. How to eliminate lines containing certain patterns from your search, and how to run multiple grep commands using pipes for more advanced filtering.
Basic Overview of ‘grep’
Look at the terminal output for these commands:
In this screenshot, I use grep to search for the word “unix” in the /etc/group file. It returns all occurrences of unix_allsort (username for this computer) as a result. The second command did the same, but with the -n parameter, it shows which line the pattern was found in a file.The third command is slightly different with the ‘-w’ parameter, which tells grep to match a whole word rather than a simple piece of text. Because the group file did not have “unix” as a whole word, there was no output.
The fourth command is different. The first parameter, ‘-r’, tells grep to search through a directory recursively. The directory, in this case, is the current one (/etc), denoted by the ‘.’. The next parameter, ‘-s’, tells grep to avoid reporting any errors, such as “Permission Denied” errors, to the output, so as not to pollute the output with errors. So the fourth grep command lists all of the occurrences of “unix” in all of the files in /etc and its subdirectories, where any errors are simply ignored.
To look for more than one pattern, simply create a text file containing a list of patterns, one each line, to look for in a file or directory and use the -f parameter to load the file containing the patterns.
This file contains these patterns to search for:unix_allsort
All lines containing at least one of these patterns will be shown on the terminal output.
Remember that using grep on a large file, or even multiple files can produce a lot of output. So a good thing to do is to pipe the output to the ‘less’ command so you can scroll through the output in its entirety.
Or redirect its output to a text file to view later.
Something A Little More Advanced
There is a trick that I sometimes use with pipes to search for patterns and filter out unwanted output as well. Piping output from grep to be viewed in ‘less’ was an example.
Two examples using the kernel log (/var/log/kern.log). Have a look at this picture:
What I’ve done is used grep to list all of the lines containing the whole word “pci” (used the -w parameter to match whole words only), piped the output to another grep command to filter out whatever patterns I did not want to see in the output.The patterns I was filtering out were “ohci-pci”, and “ehci-pci”.
In that picture, I filtered out the lines that contained patterns I didn’t want first, then I searched the output for what I wanted. I also added another pattern to filter out, “pci=nocrs”.There are more features in grep than what is covered here so if you plan to use grep regularly, do take the time to research what it can do, and how to better use it. Also, do check out pdfgrep
for searching through PDF files.
A tool like grep is indeed extremely useful, not to mention indispensable, for looking through a multitude of text files, scripts, and especially logs for specific patterns with considerable ease. You can look for one or several patterns in a single file or many files, or use them to filter out the lines from those files containing those patterns.
You can even make use of pipes for more complicated searches and filtering using grep. It is well worth the time to learn more about this excellent command, especially some of its advanced features.