Image
Find text in files using the Linux grep command
Using grep, you can quickly find text matching a regular expression in a single file, a group of files, or text coming from stdin.
Searching for patterns of text in files or text streams is one of the most common tasks you'll perform in your sysadmin career. This is a valuable skill that allows you to check a variety of system configurations, analyze data, troubleshoot logs, and perform many other activities.
The most common way to find text in a Linux system is using the command-line utility grep
. This utility was originally developed for the Unix operating system in the early 1970s. Grep evolved over the years, and the most common version available today for Linux, GNU grep, has additional features such as colored output. However, its main functionality is still the same.
Using grep
, you can quickly find text matching a regular expression in a single file, a group of files, or text coming from stdin
using the shell pipe operator.
This article covers how to use the grep
command to find text.
Find text in a file
The most basic way to use grep
is searching for text in a single file. To do this, type grep
followed by the text pattern to search for and the file name to search in. For example, to find which port the Secure Shell (SSH) daemon uses, search for Port
in file /etc/ssh/sshd_config
:
$ grep Port /etc/ssh/sshd_config
Port 22
#GatewayPorts no
Notice that grep
finds all lines that match the text pattern regardless of where the pattern is located.
[ Download the Linux grep command cheat sheet. ]
Extend grep with regular expressions
In the previous example, when you searched for Port
in the SSH configuration file, grep
returned two lines. The line you were looking for, Port 22, and an additional line containing the search pattern. In some cases, that's exactly what you want. In other cases, grep
could find too many entries that you're not interested in, requiring you to sort through them to find the desired information.
To avoid that, you can use regular expressions to be more specific about what you're looking for. For example, to find only lines that start with the word Port
, you can use the regular expression operator ^
, like this:
$ grep ^Port /etc/ssh/sshd_config
Port 22
This time grep
returned only the line that started with Port
since, in the second line, the expression Port
is in the middle.
You can also use extended regular expressions with the command-line parameter -E
. For example, to search for a pattern that contains the word Port
followed by numbers, use this regular expression:
$ grep -E "Port [1-9]+" /etc/ssh/sshd_config
Port 22
You can also look for lines that end with a text pattern by using the $
operator. For example, to find all lines that end with none
in sshd_config
, use grep
like this:
$ grep none$ /etc/ssh/sshd_config
#RekeyLimit default none
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#ChrootDirectory none
#VersionAddendum none
#Banner none
Regular expressions are a big part of grep
, making it powerful and flexible. However, regular expressions are a huge topic. For additional information, look at Regular expression on Wikipedia or Regular expressions 101.
Find text in multiple files and directories
Similar to finding text patterns in a single file, you can use grep
to find text in multiple files or directories. To find text in multiple files simultaneously, specify which files to search from after the first file name, or use a shell wildcard such as *
for all files. For example, to search for a configuration in two files:
$ grep Port /etc/ssh/sshd_config /etc/ssh/ssh_config
/etc/ssh/sshd_config:Port 22
/etc/ssh/sshd_config:#GatewayPorts no
/etc/ssh/ssh_config:# Port 22
When you use multiple files, grep
shows the name of the file where it found a match before showing the matched line.
[ Keep your most commonly used commands handy with the Linux commands cheat sheet. ]
To run the search recursively in multiple subdirectories, use the command line flag -R
:
$ grep -R ^Port /etc
/etc/ssh/sshd_config:Port 22
The grep
command is fast and returns results quickly, but it may take a long time if you specify too many files or subdirectories to search.
Find text in another command's output
Similar to other Unix utilities, grep
also acts on stdin
when you pipe the output of another command into it. This is a fast and useful way to filter a command's output to match the text pattern you're looking for.
For example, if you want to check whether the package openssh
is installed in your Fedora or Red Hat Enterprise Linux (RHEL) operating system, you can pipe the output of command rpm -qa
, which lists all installed packages, into grep
to search for the pattern:
$ rpm -qa | grep ssh
libssh-config-0.9.6-4.fc36.noarch
libssh-0.9.6-4.fc36.x86_64
openssh-8.8p1-1.fc36.1.x86_64
You can filter long command outputs with grep
, making finding useful information easier.
[ Get the guide to installing applications on Linux. ]
Additional useful options
The grep
command provides many options to change how it searches for patterns or displays results. So far in this article, you've seen some of them. While I can't list all options, here are some other useful examples:
-
Use option
-i
for a case-insensitive search. - Use option
-v
to invert the search and display lines that do not match the pattern. - Use option
-w
to search for entire words only instead of patterns in the middle of other words. - Use option
--color
for colored output, making it easier to spot the matched pattern.
For a complete list of grep
options, consult the man pages.
What's next?
The GNU grep utility is flexible and useful, helping you accomplish many tasks in your daily sysadmin activities. The more you use grep
, the more comfortable you will become, and soon you'll notice you're relying on it all the time.
For more information about grep
, look at some of these links:
You can also find more information about grep
in your Linux system by using man grep
or quick, valuable examples with the tldr
tool.
Image
Make your Linux terminal more useful with tmux, a terminal multiplexer that allows you to run multiple Linux programs over a single connection.
Image
The Linux cheat command lets you look up common command-line flags and arguments quickly without leaving the CLI.
Image
Make it easier to access your Linux computer by giving it a human-friendly name that's simpler to use than an IP address.
Topics:
Linux
Certification
Ricardo Gerardi
Ricardo Gerardi is Technical Community Advocate for Enable Sysadmin and Enable Architect. He was previously a senior consultant at Red Hat Canada, where he specialized in IT automation with Ansible and OpenShift. More about me