9 Ways To Use Grep To Filter Results in Linux

Learn nine ways to use grep and the pipe redirector to filter the results of various Linux commands and find the information you need.

9 Ways To Use Grep To Filter Results in LinuxMany Linux commands generate a great deal of output – more output than you want or need. One way to control this output and filter for exactly the required information is to use the grep pattern matcher. Grep matches specific strings of text. You can use it as a standalone command that includes many useful options on its own. However, a very effective way to get the most from grep is to pipe the output of other commands into it.

The pipe redirector associates two or more commands. It takes the output of one command and makes it the input for the next command. Many commands accept input provided via piping. The pipe character shares the same key as the backslash on a U.S. keyboard, and it is standard to put a space on either side of pipe.

This article provides nine examples of using grep combined with common commands to display specific results.

Note: Some examples use the -i option with grep. This option forces grep to ignore case – a useful modification depending on the type of information you need.

Search File Contents

One of the most fundamental uses of grep is pattern matching within file contents. Users commonly issue the cat command to display file contents. By piping the output of cat into grep, you can search for specific keywords or values within the file. This is handy when checking the value of a configuration file setting.

For example, to display the DocumentRoot setting in the Apache httpd.conf file, type:

$ cat /etc/httpd/conf/httpd/httpd.conf | grep -i documentroot

cat-grep-docroot-agif

Filter for Specific Processes

Linux processes are instances of running code. While there are many ways to check the status of processes, the ps command is a common tool for that job. Unfortunately, its output can be immense. You can use grep to filter for exactly the process you need, including child processes.

For example, to display any process instances of the sshd service, enter:

$ ps -ef | grep -i sshd

ps-ef-grep-sshd-agif

Display Directory Listings

The ls command displays directory contents. If you're checking whether a particular subdirectory or file exists, the grep command can help.

The /etc directory contains many subdirectories and files, and they don't always have intuitive names. Perhaps you would like to see all resources related to networking. In that case, try this search:

$ ls /etc | grep -i net

ls-etc-grep-net-agif

This example picks up anything with the combination of "net" whether at the front, end or middle of the name, regardless of case.

Display Resources by Permission

Of course, the ls command includes many useful options that Linux administrators rely on daily. Tying | grep to those options offers a lot of opportunities.

Consider a situation where you're auditing or troubleshooting permissions. The ls -l command displays resource permissions, so grep can be used to filter these results.

Perhaps you want to see any resources to which anyone has full rwx access. In that case, use:

$ ls -l | grep rwx

ls-l-grep-rwx-agif

Display SELinux Information

Another common troubleshooting opportunity relates to SELinux. By adding the -Z option to ls, you can display context information for the httpd process. Search for that information easily with grep.

Give this example a try:

$ ls -Z /var/www| grep httpd

ls-Z-var-www-grep-httpd-agif

Audit Free Disk Space

The disk free utility (df) displays consumed and available space on mounted filesystems. The output displays two particular values: "Filesystem" and "Mounted on" and filtering these results could be helpful, especially on servers with many storage devices and complex mount points.

For example, to see results specific to /dev/sda, type:

$ df -h | grep sda

df-h-grep-sda-agif

It's worth noting that df displays the same results as df /dev/sda, but that output includes the column headers. Perhaps you're feeding the df results into a script or other process and need to avoid the headers congesting the result.

Similarly, you could check information based on mount points by typing:

$ df -h | grep home

df-h-grep-home-agif

Home directories are notoriously large, so this is a logical auditing example.

Note: Consider using -h with df to make the measurement unit output more easily readable.

Display Disk Information

There are plenty of other ways to display storage device information. If you rely on fdisk to manage partitions, you know you can add the -l option to list or display existing partitions. However, when you're troubleshooting, you often already know which volumes you're interested in. Once more, grep allows you to tailor the output to exactly what you need.

Try the following example. Display fdisk information for /dev/sda2 (the second partition on the first storage device). You may need to use sudo to elevate your credentials.

$ sudo fdisk -l | grep sda2

fdisk-l-grep-sda2-agif

Filter Boot Messages

Linux retains hardware and device driver messages generated during system startup. These messages are useful for troubleshooting hardware problems or other startup issues. The dmesg command displays these results. Typically, the output is very long, so filtering with grep is helpful.

To display dmesg information related to USB, type:

$ dmesg | grep -i usb

dmesg-grep-usb-agif

Or perhaps you'd like to see information for the sda storage device:

$ dmesg | grep -i sda

dmesg-grep-sda-agif

Display Name Resolution Results

Many administrators find themselves troubleshooting name resolution issues. Name resolution relates easy-to-remember names with difficult-to-remember IP addresses. DNS is the primary example of a name resolution service. Name resolution usually happens automatically and behind the scenes, for example, during web browsing. However, troubleshooters initiate manual name resolution queries using tools such as nslookup, dig and host. If your system doesn't include these tools, use your preferred package manager to install the bind-utils package.

To display the name resolution server queried by nslookup, type:

$ nslookup www.comptia.org | grep -i server

nslookup-grep-server-agif

Or to see IPv6-specific output from the host command, type:

$ host www.comptia.org | grep -i ipv6

host-grep-ipv6-agif

Learn the Skills You Need With CompTIA Linux+

Once you are comfortable with standard commands, such as ls, ps and df, it's useful to filter results to display the specific information you need. Combine the pipe redirector and the grep pattern matcher to narrow the displayed output to exactly what you need. Keep this tactic in mind as you create scripts or audit systems, too.

Learn these skills (and more) with CompTIA Linux+. CompTIA Linux+ is an intermediate-level IT certification and is the only job-focused Linux certification covering the latest foundational skills demanded by hiring managers. CompTIA Linux+ validates the competencies required of an early career supporting Linux systems.

Ready to get started? Download the CompTIA Linux+ exam objectives for free to see what's covered.

Email us at blogeditor@comptia.org for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment