The grep command is one of the oldest tools for Linux and other platforms. Actually, it is older than Linux itself. It was written by Ken Thompson more than 45 years ago! The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”. For more history, have a look at the Wikipedia entry. Otherwise, let’s dive into the tool and get to know some practical grep examples for daily usage.
Grep by example
DnGrep allows you to search across files with easy-to-read results. Search through text files, Word and Excel documents, PDFs, and archives using text, regular expression, XPath, and phonetic queries. DnGrep includes search-and-replace, whole-file preview, right-click search in File Explorer, and much more. Another grep tool I now use all the time on Windows is AstroGrep: Its ability to show me more than just the line search (i.e. The -context=NUM of a command-line grep) is invaluable. Very fast, even on an old computer with non- SSD drive (I know, they used to do this hard drive with spinning disks, called platters, crazy right?). GrepWin is a simple search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces. In case you're not familiar with regular expressions, we have a very short regular expression tutorial for you. GrepWin adds an entry to the shell context menu to easily search selected folders. The Linux grep command is a string and pattern matching utility that displays matching lines from multiple files. It also works with piped output from other commands. We show you how. The Story Behind grep.
Introduction
One of the reasons to create this blog post is that there are a lot of examples available for the grep command. But with all information scattered, most people don’t take the time to really learn the most basic commands. We want to leverage the full potential of the grep command, as it can be used in many work-related or personal related activities. It is common to use it for checking configuration files and searching through log files.
Why learn the grep command and regular expressions?
As with every tool, it is often easy to start using it, but hard to really master it. The man page is very extensive, so is the online help documentation. Although these sources are a great reference, we will be showing the grep command by example. And we will include specific use-cases which are common for system administrators and security professionals. Especially if you have to deal often with data, investing some time in doing things efficiently will pay off.
Before you continue
If you are using grep on another platform than Linux, you may not have the GNU version of grep. Some things in this guide may not be working, or need specific tailoring. You can easily find out what version you have with grep --version.
Need a particular job to be done with the grep command and can’t get it to work? Use the comments and share what you have tried. Let’s start with the basics and become a ‘grep master’.
Basic usage examples of grep
Use grep for simple actions
The grep utility does not need much to starts doing its work. The syntax of grep consists of four parts.
- grep command
- optional: option(s)
- string to search
- file, files, or path to be searched
The options that grep uses typically have a long and short format. The long format has two dashes, followed by a word or words. Use the long format when using them in scripts, so that it becomes obvious what the grep command is doing. Use the short notation in your daily tasks and on the command line, to save on typing and speed up your work.
If you would like to find the root user in your /etc/passwd file, just tell it to search for ‘root’ and the file name itself. In this case, no option is needed.
grep root /etc/passwd
The output may look something like this:
Using colored grep output
If the command above did not show colored output on your system, you might want to enable that. It can be done with --color auto. As this would mean you have to type it in each time, using an alias would save you from a lot of typing.
alias grep='grep --color=auto'
You can add this alias to your .bash_aliases or .bashrc file if you are using the bash shell. Otherwise, add it to the respective profile file. These files can be found in your home directory.
Ignore case sensitivity
Now that we have performed a basic grep command, we can start to change its behavior. Often we already know the word or words we are looking for. What we don’t always know is if one or more occurrences of the word are using capitals. By default, the grep command will be case-sensitive. So only the right match will be displayed. We can tell grep to ignore case-sensitive searches with the -ioption.
grep -i root /etc/passwd
Show line numbers
Depending on your search, you may have many occurrences of the text you were searching for. Use the -n option to have grep show the related line numbers.
grep -n root /etc/passwd
Excluding words
To exclude particular words or lines, use the –invert-match option. Use grep -v as a shorter alternative. Exclude multiple words with grep by adding -E and use a pipe (|) to define the specific words. Optionally make it case insensitive with the -i as listed above.
grep -i -v -E 'banana|monkey' zoo.txt
Match counting
It may be useful to know the number of occurrences of your specified word. This count is displayed when using grep -c or grep -c -v to show the number of non-matching lines.
grep -c monkey zoo.txt
Recursive search through directories and files
To search in one directory, there are the -r and -R options to achieve this. Depending on the target and the existence of symlinks, you might want to use the first one if you do not want to follow them. Use the capitalized option, grep -R, if you want to include any possible symlinked file to be searched as well. This may take much longer and could result in other file systems to be searched as well.
grep -r password /etc
Tip: if you don’t want the filenames in the output, add the -h option.
Show matching files only
Sometimes you just want to see the files that match a particular text string. There is the grep -l command to do achieve this.
grep -l -R password /etc
To show all files that do not match your target, use the capitalized version: grep -L.
Using regular expressions
The grep utility is a powerful tool and can use regular expressions. Regular expressions can be considered ‘logic rules’ for matching text strings. Think of something like “I know the word should be starting with the letter ‘a’, but after that everything is fine”. By using a regular expression we can express this in short notation (e.g. 'a.*').
Match specific words only
Grep Tool For Windows 10
You may be searching for a very short, yet specific word. In this case, grep will return way too many results. By using more specific statements we can limit the output.
grep 'bbinb' /etc/passwd
The btells grep to use word boundaries.
Although you could use spaces to search for a full word, that often won’t give you the right result. It will return some hits, while it might be missing a few as well. For example, any occurrences at the begin or end of the file. There will also be no match if any special characters are followed by it, or even a simple character like a comma.
Tip: the -woption does the same as this regular expression and is easier to remember.
Find lines starting with a specific string
With the carrot symbol (^) we can activate a regular expression that defines that the line should start with a specific piece of text.
grep '^systemd' /etc/passwd
Find lines ending with a specific string
Like the carrot symbol, we can use the dollar sign ($) to mark the end. Only lines that match that, will be returned. A great way to find all accounts that have a particular shell configured.
grep 'bin/bash$' /etc/passwd
Search for multiple words
Sometimes you want to match multiple words. By using parentheses you can tell grep to search for one word, or the other. Each possible match is split by a pipe sign.
grep -E '^(backup|root|syslog)' /etc/passwd
Matching multiple words
Note: use the -E option to enable extended regular expressions. Without it, the command won’t give any results.
Combining grep with other tools
Exit code
Using grep in your shell scripts can be very useful. For example, you can use it to determine if a particular file has the right configuration setting and then perform an action based on that. Another one is to see if a particular user exists in your /etc/passwd file.
grep -q michael /etc/passwd
Grep will not display anything, but end with an exit code. This exit code will be stored in a special variable with the name $?. If you want to see it on the command line, use it with echo.
echo $?
Exit codes:
- 0 = match found
- 1 = no match found
- 2 = error
Example syntax to use grep in your shell script:
if $(grep -q michael /etc/passwd); then echo 'Michael is in passwd file'; else echo 'Michael is not in passwd file'; fi
Using pipes
The grep command is a great utility to use in combination and filter the output of other commands. This way the screen only shows that data you are interested in. To achieve this we use the pipe sign (|) to tell the shell to send any output to the next command in line.
It is common to apply multiple grep commands by piping them together. When using big data files, try to limit the number of pipes to increase performance. You may also want to look for alternative solutions when you are repeating them often.
Example: Search in dmesg output
The dmesg command gives a lot of lines as output. If we are just interested in information regarding our storage, we can easily do by searching for “sd”.
dmesg | grep sd
If we just would like to find AppArmor related events, it would make sense to ignore case due to the capitals in the name. By smart combining the right tools, we can form a powerful data filter.
dmesg | grep -i apparmor
Advanced tips
Improve search speed: fixed strings
Typically you may be using already a specific word that you want to be matched. When searching through big files, grep may take a while to complete its task. By using the -F (fixed strings) option this can be dramatically improved. The only downside is that regular expressions can not be used.
Searching inside compressed data (avoid using gunzip!)
Need to search inside compressed files? Use the zgrep utility. It has the same syntax and it knows how to deal with compressed data.
Conclusion
The grep command is a very powerful tool and easy to work with. To truly master it, one should be learning more about regular expressions. It makes searching and finding the right data much easier. Knowledge about regular expressions will also come in handy for other tools, like sed and awk. If you really want to learn how to use the grep command, use it daily and create your own list of commands you often use.
Do you have a great one-liner that you often use with grep? Don’t keep it secret and share it in the comments!
One of the first Linux commands that many system administrators learn is grep. This venerable tool has been around for decades and is crucial to any administrator’s toolbelt. Grep’s core is simply the ability to search plain text for a RegEx pattern. Grep can search files in a given directory or streamed input to output matches. Did you know PowerShell has grep? Well..almost.
Do you want to start taking your PowerShell scripting more seriously? Learn how to easily build PowerShell GUIs, protect your scripts and enhance the PowerShell experience in Visual Studio with Adam Driscoll’s PowerShell Pro Tools!
PowerShell, being a language, is more than just a single purpose binary. Therefore what built-in abilities exist to search for plain text using RegEx patterns much like grep does? In this article we explore the myriad ways to search for text in files using PowerShell.
Exploring the Select-String Cmdlet
Select-String (our PowerShell grep) works on lines of text and by default will looks for the first match in each line and then displays the file name, line number, and the text within the matched line. Additionally, Select-String can work with different file encodings, such as Unicode text, by use the byte-order-mark (BOM) to determine the encoding format. If the BOM is missing, Select-String will assume it is a UTF8 file.
Parameters of Select-String
AllMatches– Normally,Select-Stringwill only look for the first match in each line, using this parameter the cmdlet will search for more than one match. A singleMatchInfoobject will still be emitted for each line, but it will contain all of the matches found.CaseSensitive– Matches are not case-sensitive by default, this forces the cmdlet to look for matches that match exactly to the input pattern.Context– A very useful parameter in that, you can define the number of lines before and after the match that will be displayed. Adding this parameter modifies the emittedMatchInfoobject to include a newContextproperty that contains the lines specified.
Keep in mind that if you pipe the output of Select-String to another Select-String call, the context won’t be available since you are only searching on the single resulting MatchInfoline property.
Culture– Used with theSimpleMatchparameter, this specifies a culture to be matched with the specified pattern. This includes options such asen-US,es, orfr-FRas examples. A few other useful options is theOrdinalandInvariantoptions.Ordinalis for non-linguistic binary comparisons andInvariantis for culture independent comparisons.
This parameter was introduced in PowerShell 7 and is not available to prior versions. Also keep in mind that this will use the current culture of the system, by default, which can be found using Get-Culture.
Encoding– Specify the encoding of the target file to search, which a default ofutf8NoBOM.ascii: Uses the encoding for the ASCII (7-bit) character set.bigendianunicode: Encodes in UTF-16 format using the big-endian byte order.oem: Uses the default encoding for MS-DOS and console programs.unicode: Encodes in UTF-16 format using the little-endian byte order.utf7: Encodes in UTF-7 format.utf8: Encodes in UTF-8 format.utf8BOM: Encodes in UTF-8 format with Byte Order Mark (BOM)utf8NoBOM: Encodes in UTF-8 format without Byte Order Mark (BOM)utf32: Encodes in UTF-32 format.
Encodingparameter also accepts numeric IDs of registered code pages such as1251or string names such aswindows-1251.
Grep Tool Download
Starting with PowerShell Core 6.2, the Encoding parameter also accepts numeric IDs of registered code pages such as 1251 or string names such as windows-1251.
Exclude– Working with thePathparameter, exclude specific items using a pattern, such as*.txt.Include– Just like theExcludeparameter,Includewill include only the specified items using a pattern, such as*.log.List– Only return the first instance of matching text from each input file. This is intended to be a fast and efficient way to retrieve a listing of files that have matching contents.LiteralPath– This tellsSelect-Stringto use the values as input, instead of interpreting values such as*as a wildcard. If the path includes escape characters, enclose them in single quotation marks to do no interpretation.NoEmphasis– Instead of highlighting the string that the pattern is matched upon, disable the highlighting of matches. By default, emphasis uses negative colors based on the background text colors.NotMatch– Look for text that does not match the specified pattern.Path– Specify the path to the files to search. Wildcards are permitted, but you cannot specify only a directory. The default is the local directory.Pattern– The pattern to search the input content or files for based on RegEx.SimpleMatch– Use a simple match instead of regular expressions. Since RegEx is not used, the returnedMatchInfoobject does not have any values in theMatchesproperty.Raw– Output the matching strings, without aMatchInfoobject. This is the behavior that is most similar togrepand not the more object oriented nature of PowerShell.Quiet– Only return a$trueor$falseif the pattern is found.
Using PowerShell Grep err… Select-String
Of course knowing how the parameters and options of a cmdlet work is not quite the same as using it in a production environment. Let’s dive into examples and see how we can leverage Select-String to make find text matches easier.
There are three ways that we can use Select-String to find matches.
- Pipe in quoted text to the
Select-Stringcmdlet, i.e. stream in the text. - Using text stored in a variable, pass the variable to the
InputObjectparameter. - Use the
Pathparameter to specify files to search for the text in.
The files we are using for testing this are randomly generated content, but of the same type as often found in production systems.
Simple Matching in Files
Starting off with a very simple example, let us look for Joe in a handful of CSV files.
As you can tell, this is pretty simple, we see how Joe is highlighted on the line with the rest of the data. But what data is actually being returned here? Let us take a look at all of the properties of a returned match.
We have a couple of properties here that are useful. Notably the line, path, pattern, and matches. Most of what we want to know is in the matches property.
Here you can see how even though we used a simple expression, this is still a RegEx expression and the subsequent details available.
What if we look for several different values using comma separated patterns? This is useful as this actually defines three different patterns and not one complex RegEx value.
You can see how this is the case, if we select only the filename, pattern, and line from our search.
More Complex RegEx Matching
Now that we demonstrated some of the simpler matching methods, what about utilizing RegEx more to actually look for more useful patterns? The three examples here are looking for Email Addresses, IP Addresses, and Social Security Numbers (SSNs). The patterns used here are not the only way to construct a RegEx search, and there may be easier ways. PowerShell Grep (Select-String) is a pretty advanced cmdlet.
Let’s look to see if emails are contained in our files. Using a somewhat complex RegEx match, as shown below, will demonstrate finding those matches.
Of course, of more concern might be if there were SSNs included in a file. A very simple match for this would be the following.
Finally, what if we wanted to look up some IP Addresses in our file? Using another RegEx expression to look for that pattern, makes quick work.
A caveat about this RegEx. Technically, this will match values up to 999.999.999.999 which is an invalid IP. You can construct more accurate RegEx expressions that will get longer, but it is a trade off depending on what you are looking to do.
Searching with Context
Context is very useful in troubleshooting, it helps to explain what is happening prior to an event occurring and after. For example, let’s search in an Apache log and find this suspendedpage.cgi text.
The > simple indicates the matched line, and there is one line prior to the match and after the match. In this example, this could tell us that the Google bot was looking for robots.txt and unfortunately received a suspendedpage.cgi result instead. Next, it went to try the homepage and perhaps got the same error.
What exactly is contained in the context property then as emitted by the MatchInfo object? If we expand upon that property, you can see that there is PreContent and PostContent. This means you can manipulate this further down the line if necessary.
Grep Tool
Other examples of searching through log files are in articles such as Making Sense of the Microsoft DNS Debug Log which demonstrates using Select-String to look through a DNS debug log. The PowerShell grep is strong in that post.
Conclusion
Grep is an incredibly useful tool in the Linux world, and Select-String offers much of the same functionality in the PowerShell world. Adding in the object-oriented nature of PowerShell only serves to enhance the utility and usefulness that the cmdlet offers.
Grep Tool Online
For many System Administrators, being able to quickly and efficiently search log files over varying types, along with understanding context, is an incredibly important and necessary ability. PowerShell Select-String makes this easy to do and saves countless hours of troubleshooting!
Grep Tools
More from Adam The Automator & Friends