Unix/Linux grep command examples

Linux grep commands FAQ: Can you share some Linux/Unix grep command examples?

Sure. The name grep means "general regular expression parser", but you can think of the grep command as a "search" command for Unix and Linux systems: it's used to search for text strings and more-complicated "regular expressions" within one or more files.

I think it's easiest to learn how to use the grep command by showing examples, so let's dive right in.

Searching for a text string in one file

This first grep command example searches for all occurrences of the text string 'fred' within the "/etc/passwd" file. It will find and display all of the lines in this file that contain the text string fred, including lines that contain usernames like "fred", and also other strings like "alfred":

grep 'fred' /etc/passwd

In a simple example like this, the quotes around the string fred aren't necessary, but they are needed if you're searching for a string that contains spaces, and will also be needed when you get into using regular expressions (search patterns).

Searching for a string in multiple files

Our next grep command example searches for all occurrences of the text string joe within all files of the current directory:

grep 'joe' *

The '*' wildcard matches all files in the current directory, and the grep output from this command will show both (a) the matching filename and (b) all lines in all files that contain the string 'joe'.

As a quick note, instead of searching all file with the "*" wildcard, you can also use grep to search all files in the current directory that end in the file extension ".txt", like this:

grep 'joe' *.txt

Case-insensitive file searching with the Unix grep command

To perform a case-insensitive search with the grep command, just add the -i option, like this:

grep -i score gettysburg-address.txt

This grep search example matches the string "score", whether it is uppercase (SCORE), lowercase (score), or any mix of the two (Score, SCore, etc.).

Reversing the meaning of a grep search

You can reverse the meaning of a Linux grep search with the -v option. For instance, to show all the lines of my /etc/passwd file that don't contain the string fred, I'd issue this command:

grep -v fred /etc/passwd

Using grep in a Unix/Linux command pipeline

The grep command is often used in a Unix/Linux pipeline. For instance, to show all the Apache httpd processes running on my Linux system, I use the grep command in a pipeline with the 'ps' command:

ps auxwww | grep httpd

This returns the following output:

root     17937  0.0  0.0  14760  6880 ?        Ss   Apr01   0:39 /usr/local/apache/bin/httpd -k start
nobody   21538  0.0  0.0  24372 17108 ?        S    Apr03   0:01 /usr/local/apache/bin/httpd -k start
nobody   24481  0.0  0.0  14760  6396 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
nobody   26089  0.0  0.0  24144 16876 ?        S    Apr03   0:01 /usr/local/apache/bin/httpd -k start
nobody   27842  0.0  0.0  24896 17636 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
nobody   27843  0.0  0.0  24192 16936 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
nobody   27911  0.0  0.0  23888 16648 ?        S    Apr03   0:01 /usr/local/apache/bin/httpd -k start
nobody   28280  0.0  0.0  24664 17256 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
nobody   30404  0.0  0.0  24360 17112 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
nobody   31895  0.0  0.0  14760  6296 ?        S    Apr03   0:00 /usr/local/apache/bin/httpd -k start
root     31939  0.0  0.0   1848   548 pts/0    R+   Apr03   0:00 grep http

(I deleted about half of the "httpd -k start" lines from that output manually to save a little space.)

Similarly, here's how you can find all the Java processes running on your system using the ps and grep commands in a Unix pipeline:

ps auxwww | grep -i java

In this example I've piped the output of the ps auxwww command into my grep command. The grep command only prints the lines that have the string "java" in them; all other lines from the ps command are not printed.

One way to find all the sub-directories in the current directory is to mix the Linux ls and grep commands together in a pipe, like this:

ls -al | grep '^d'

Here I'm using grep to list only those lines where the first character in the line is the letter d.

Using the Linux grep command to search for multiple patterns at one time (egrep)

You can use a different version of the grep command to search for multiple patterns at one time. To do this, just use the "egrep" command instead of grep, like this:

egrep 'score|nation|liberty|equal' gettysburg-address.txt 

This Unix egrep command searches the file named gettysburg-address.txt for the four strings shown (score, nation, liberty, and equal). It returns any lines from the file that contain any of those words.

I should also note that "egrep" stands for "extended grep", and as you can see, it lets you do things like searching for multiple patterns at one time.

Searching for regular expressions (regex patterns) with grep

Of course the Linux grep command is much more powerful than this, and can handle very powerful regular expressions (regex patterns). In a simple example, suppose you want to search for the strings "Foo" or "Goo" in all files in the current directory. That grep command would be:

grep '[FG]oo' *

If you want to search for a sequence of three integers with grep you might use a command like this:

grep '[0-9][0-9][0-9]' *

This next grep command searches for all occurrences of the text string fred within the "/etc/passwd" file, but also requires that the "f" in the name "fred" be in the first column of each record (that's what the caret character tells grep). Using this more-advanced search, a user named "alfred" would not be matched, because the letter "a" will be in the first column.

grep '^fred' /etc/passwd

Regular expressions can get much, much more complicated (and powerful) than this, so I'll just leave it here for now.

Display only filenames with a grep search

If you're looking through a lot of files for a pattern, and you just want to find the names of the files that contain your pattern (or "patterns", as shown with egrep) -- but don't want to see each individual grep pattern match -- just add the "-l" (lowercase letter L) to your grep command, like this:

grep -l StartInterval *.plist

This command doesn't show every line in every file that contains the string "StartInterval"; it just shows the names of all the files that contain this string, like this:

com.apple.atrun.plist
com.apple.backupd-auto.plist
com.apple.dashboard.advisory.fetch.plist
com.apple.locationd.plist
org.amavis.amavisd_cleanup.plist

Of course you can also combine grep command arguments, so if you didn't happen to know how to capitalize StartInterval in that previous example, you could just add the "-i" argument to ignore case, like this:

grep -il startinterval *.plist

and that would have worked just fine as well, returning the same results as the previous grep command example.

Showing matching line numbers with Linux grep

To show the line numbers of the files that match your grep command, just add the -n option, like this:

grep -n we gettysburg-address.txt

Searching my sample gettysburg-address.txt file, I get the following output from this command:

9:Now we are engaged in a great civil war,
22:that we should do this.
24:But in a larger sense we can not dedicate -
25:we can not consecrate -
26:we can not hallow this ground.
29:have consecrated it far above our poor power
33:what we say here,
43:we take increased devotion to that cause
46:that we here highly resolve that these dead

grep before/after - Showing lines before or after your grep pattern match

After a recent comment, I just learned that you can display lines before or after your grep pattern match, which is also very cool. To display five lines before the phrase "the living" in my sample document, use the -B argument, like this:

grep -B 5 "the living" gettysburg-address.txt

This grep command example returns this output:

The world will little note,
nor long remember,
what we say here,
but can never forget what they did here.

It is for us, the living,

Similarly, to show the five lines after that same search phrase, use the -A argument with your Unix grep command, like this:

grep -A 5 "the living" gettysburg-address.txt

This grep "after" command returns the following output:

It is for us, the living,
rather to be dedicated here
to the unfinished work which they have,
thus far, so nobly carried on.
It is rather for us to be here
dedicated to the great task remaining before us -

Of course you can use any number after the -A and -B options, I'm just using the number five here as an example.

Power file searching with find and grep

A lot of times I know that the string "foo" exists in a file somewhere in my directory tree, but I can't remember where. In those cases I roll out a power command, a Linux find command that uses grep to search what it finds:

find . -type f -exec grep -il 'foo' {} \;

This is a special way of mixing the Linux find and grep commands together to search every file in every subdirectory of my current location. It searches for the string "foo" in every file below the current directory, in a case-insensitive manner. This find/grep command can be broken down like this:

• "." means "look in the current directory"
• "-type f" means "look in files only"
• "-exec grep -il foo" means "search for the string 'foo' in a case-insensitive manner, and return the matching line and filename when a match is found
• "{} \;" is some bizarre find syntax that you need to add to the end of your find command whenever you add the -exec option. (Sorry for my opinion there ... but you have to agree, that syntax is a little unusual.)

Note that on Mac OS X systems you may be able to use the mdfind command instead of this find/grep combination command. The mdfind command is a command-line equivalent of the Spotlight search functionality.

Related Unix/Linux grep commands and tutorials

We hope you enjoyed this Linux grep command tutorial and our grep examples.

There are at least two other commands related to grep that you should at least be aware of. The fgrep command stands for "fast grep", or "fixed strings", depending on who you talk to. The egrep command stands for "extended grep", and lets you use even more powerful regular expressions.

The strings command is good at finding printable strings in a binary file.

The locate command is more related to the find command, but I thought I would note that it is good at finding files in the entire filesystem when you know the filename, or part of the filename.

And as I mentioned in the previous section Mac OS X systems have the mdfind command. As a practical matter I use plain old grep 99% of the time.