Grep command on Linux (filters data) [Basic Guide]

The grep command on Linux is widely used in everyday Linux administrative tasks. It filters the lines of a given file looking for a regular expression as a default.

Grep can read one or more files that are passed as arguments, or it can receive in standard input the redirecting the output of another process. If grep receives more than one file or a wildcard as an argument to perform its search, it will indicate the file name followed by a colon and the line found.

Grep uses the BRE POSIX Regular Expressions standard.

So, the meta-characters? + {} | () has no special meaning. In the BRE standard, these characters are only interpreted with special meaning if preceded by a backslash? + {} | ().

Your most frequent options are:

• -c: Shows only the number of occurrences in the files and not the lines where the occurrences were found;
• -h: Shows only the lines found, without indicating the file names;
• -i: Search for occurrences ignoring whether the letters are in uppercase or lowercase letters;
• -v: Shows all lines of the searched file minus the occurrences found. It has the opposite effect;
• -n: Shows, in addition to the text of the lines found, the number of lines within the files;
• -B n: Shows n lines before the line found;
• -A n: Shows n lines after the line found.
• -It changes the POSIX BRE standard to POSIX ERE.
• -F Doesn’t interpret any meta-characters

Examples:

Look for the word uira in the /etc/passwd file:

$ grep uira /etc/passwd uira:x: 500:100:uira: /home/uira: /bin/bash

Search for all lines beginning with the letter u in the /etc/passwd file. The circumflex accent symbolizes the beginning of a line:

$ grep “^u” /etc/passwd uucp:x: 10:14:Unix-to-UNIX COpy system: /etc/uucp: /bin/bash uira:x: 500:100:uira: /home/uira: /bin/bash

Search for all lines that end with the word false. The $ symbol represents the end of a line:

$ grep “false$” /etc/passwd mail:x: 8:12:Mailer daemon: /var/spool/clientmqueue: /bin/false wwwrun:x: 30:8:WWW daemon apache: /var/lib/wwwrun: /bin/false

Look for all lines starting with vowels in /etc/passwd. The regular expression called a list looks for any of the characters within the bracket:

$ grep “^ [aeiou]” /etc/passwd uucp:x: 10:14:Unix-to-UNIX CoPy system: /etc/uucp: /bin/bash at:x: 25:25:Batch jobs daemon: /var/spool/atjobs: /bin/bash uira:x: 500:100:uira: /home/uira: /bin/bash aliases :x: 501:1000: :/var/qmail: /bin/false

Search for all lines where the first character is any one and the second character is a vowel. The endpoint in the regular expression symbolizes “any character”:

$grep “^. [aeiou]” /etc/passwd

root:x: 0:0:root: /root: /bin/bash
bin:x: 1:1:bin: /bin: /bin: /bin/bash
news:x: 9:13:News system: /etc/news: /bin/bash
uira:x: 500:100:uira: /home/uira: /bin/bash

Look for lines that contain a sequence of at least four consecutive numbers:

$ grep “[0-9] [0-9] [0-9] [0-9]” /etc/passwd squid:x: 31:65534:WWW-proxy squid: /var/cache/squid: /bin/false nobody:x: 65534:65533:nobody: /var/lib/nobody: /bin/bash alias:x: 501:1000: :/var/lib/nobody: /bin/bash alias:x: 501:1000: :/var/lib/nobody: /bin/bash alias:x: 501:1000: :/var/lib/nobody: /bin/bash alias:x: 501:1000: :/var/lib/nobody: /bin/bash alias:x: 501:1000: :/var/lib/nobody: /bin//qmail: /bin/false qmails:x: 502:1000: :/var/qmail: /bin/false

Search all the files in a directory for the occurrence of the word security.

$ grep security*

See the dates file:

$ cat dates 1978-05-11João 1976-02-23Maria 2001-07-11Pedro 1980-05-14Carla

To search for people born on the 11th using grep, it must be indicated that the characters {} are metacharacters using the counterslash:

$ grep “^ [0-9] {4} - [0-9] {2} -11" dates
1978-05-11 John
2001-07-11 Peter

To search for an instance in all subdirectories, the recursion option “-r “is used:

$ grep -r uira *

To reverse a search (bring all occurrences, except some term), the “-v” option is used.

In this example, it returns all uncommented lines from php.ini:

$ grep -v “^;” /etc/php.ini

To list only lines with valid email addresses:

$ grep -o '[[:alnum:] +. _ -] *@ [[:alnum:] +. _ -] *' emails.txt

To list all the unique IP addresses that accessed a web server:

$ grep -E -o “(25 [0-5] |2 [0-4] [0-9] | [01]? [0-9] [0-9]?) . (25 [0-5] |2 [0-4] [0-9] | [01]? [0-9] [0-9]?) . (25 [0-5] |2 [0-4] [0-9] | [01]? [0-9] [0-9]?) . (25 [0-5] |2 [0-4] [0-9] | [01]? [0-9] [0-9]?)” /var/log/nginx/access.log | sort | uniq

It is also possible to use expressions with OR to search for more than one term:

$ grep -E 'carla|uira' file

It is worth remembering that grep is case-sensitive. To perform an independent search if the text is in upper or lower case, you can use the “-i” option:

$ grep -i uira *

Searches with the “-i” option take longer.

It is possible to use the keys to specify occurrences of any uppercase or lowercase search character:

$ grep [Uu] ira *

To show the line for a given instance:

$ grep -n open file

To show a line before and after the term, you can use the “-C N” option, where N is the number of lines:

$ grep -C 1 function LivroSubcapituloList.php 

public static function OnChangeBook ($param = null)

{

Egrep command

The egrep command works like grep’s -E option.

It actually uses the POSIX Regular Expressions ERE standard in the search. This means that the backslash must be used to define that the next character is a literal character and not a metacharacter as in the POSIX BRE standard.

Does this mean that the characters? + {} | () don’t need the backslash to function as meta-characters.

Take the list of birthdays as an example. With the grep command and without the backslashes, grep is unable to find May’s birthdays:

$ grep “^ [0-9] {4} -05- [0-9] {2}” dates

Egrep, on the other hand, is able to interpret {} as meta-characters without a backslash. It is important that you keep the difference between the use of backslashes between grep (which needs them to indicate metacharacters) and egrep (whose counterslash effect is inverse, indicating a common character):

$ egrep “^ [0-9] {4} -05- [0-9] {2}” dates 1978-05-11João 1980-05-14Carla

Only with the -E option is grep able to find the occurrences:

$ grep -E “^ [0-9] {4} -05- [0-9] {2}” dates 1978-05-11João 1980-05-14Carla

It’s very important that you know what the counterbar does in the POSIX BRE x POSIX ERE standard.

fgrep command

The fgrep command is also similar to grep, but it doesn’t support regular expressions, searching only for a search key or plain text in the files.

For this reason, it’s faster than grep, but less versatile.

It is the same as grep’s -F option.

Example:

$ fgrep potato * listab:potato supermarket: potato

Learn much more about Linux in our online course. You can register here. If you already have an account, or want to create one, just log in or create your user here.

Did you like it?

Share