Skip to main content

Find text in files using the Linux grep command

Using grep, you can quickly find text matching a regular expression in a single file, a group of files, or text coming from stdin.

Searching for patterns of text in files or text streams is one of the most common tasks you'll perform in your sysadmin career. This is a valuable skill that allows you to check a variety of system configurations, analyze data, troubleshoot logs, and perform many other activities.

The most common way to find text in a Linux system is using the command-line utility grep. This utility was originally developed for the Unix operating system in the early 1970s. Grep evolved over the years, and the most common version available today for Linux, GNU grep, has additional features such as colored output. However, its main functionality is still the same.

Using grep, you can quickly find text matching a regular expression in a single file, a group of files, or text coming from stdin using the shell pipe operator.

This article covers how to use the grep command to find text.

Find text in a file

The most basic way to use grep is searching for text in a single file. To do this, type grep followed by the text pattern to search for and the file name to search in. For example, to find which port the Secure Shell (SSH) daemon uses, search for Port in file /etc/ssh/sshd_config:

$ grep Port /etc/ssh/sshd_config
Port 22
#GatewayPorts no

Notice that grep finds all lines that match the text pattern regardless of where the pattern is located.

[ Download the Linux grep command cheat sheet. ]

Extend grep with regular expressions

In the previous example, when you searched for Port in the SSH configuration file, grep returned two lines. The line you were looking for, Port 22, and an additional line containing the search pattern. In some cases, that's exactly what you want. In other cases, grep could find too many entries that you're not interested in, requiring you to sort through them to find the desired information.

To avoid that, you can use regular expressions to be more specific about what you're looking for. For example, to find only lines that start with the word Port, you can use the regular expression operator ^, like this:

$ grep ^Port /etc/ssh/sshd_config
Port 22

This time grep returned only the line that started with Port since, in the second line, the expression Port is in the middle.

You can also use extended regular expressions with the command-line parameter -E. For example, to search for a pattern that contains the word Port followed by numbers, use this regular expression:

$ grep -E "Port [1-9]+" /etc/ssh/sshd_config
Port 22

You can also look for lines that end with a text pattern by using the $ operator. For example, to find all lines that end with none in sshd_config, use grep like this:

$ grep none$ /etc/ssh/sshd_config
#RekeyLimit default none
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#ChrootDirectory none
#VersionAddendum none
#Banner none

Regular expressions are a big part of grep, making it powerful and flexible. However, regular expressions are a huge topic. For additional information, look at Regular expression on Wikipedia or Regular expressions 101.

Find text in multiple files and directories

Similar to finding text patterns in a single file, you can use grep to find text in multiple files or directories. To find text in multiple files simultaneously, specify which files to search from after the first file name, or use a shell wildcard such as * for all files. For example, to search for a configuration in two files:

$ grep Port /etc/ssh/sshd_config /etc/ssh/ssh_config
/etc/ssh/sshd_config:Port 22
/etc/ssh/sshd_config:#GatewayPorts no
/etc/ssh/ssh_config:#   Port 22

When you use multiple files, grep shows the name of the file where it found a match before showing the matched line.

[ Keep your most commonly used commands handy with the Linux commands cheat sheet. ]

To run the search recursively in multiple subdirectories, use the command line flag -R:

$ grep -R ^Port /etc
/etc/ssh/sshd_config:Port 22

The grep command is fast and returns results quickly, but it may take a long time if you specify too many files or subdirectories to search.

Find text in another command's output

Similar to other Unix utilities, grep also acts on stdin when you pipe the output of another command into it. This is a fast and useful way to filter a command's output to match the text pattern you're looking for.

For example, if you want to check whether the package openssh is installed in your Fedora or Red Hat Enterprise Linux (RHEL) operating system, you can pipe the output of command rpm -qa, which lists all installed packages, into grep to search for the pattern:

$ rpm -qa | grep ssh

You can filter long command outputs with grep, making finding useful information easier.

[ Get the guide to installing applications on Linux. ]

Additional useful options

The grep command provides many options to change how it searches for patterns or displays results. So far in this article, you've seen some of them. While I can't list all options, here are some other useful examples:

For a complete list of grep options, consult the man pages.

What's next?

The GNU grep utility is flexible and useful, helping you accomplish many tasks in your daily sysadmin activities. The more you use grep, the more comfortable you will become, and soon you'll notice you're relying on it all the time.

For more information about grep, look at some of these links:

You can also find more information about grep in your Linux system by using man grep or quick, valuable examples with the tldr tool.

Topics:   Linux   Certification  
Author’s photo

Ricardo Gerardi

Ricardo Gerardi is Technical Community Advocate for Enable Sysadmin and Enable Architect. He was previously a senior consultant at Red Hat Canada, where he specialized in IT automation with Ansible and OpenShift.  More about me

Try Red Hat Enterprise Linux

Download it at no charge from the Red Hat Developer program.