Regular Expressions in Grep Command with 10 Examples – Part I

by Sasikala on January 4, 2011

Regular expressions are used to search and manipulate the text, based on the patterns. Most of the Linux commands and programming languages use regular expression.

Grep command is used to search for a specific string in a file. Please refer our earlier article for 15 practical grep command examples.

You can also use regular expressions with grep command when you want to search for a text containing a particular pattern. Regular expressions search for the patterns on each line of the file. It simplifies our search operation.

This articles is part of a 2 article series.

This part 1 article covers grep examples for simple regular expressions. The future part 2 article will cover advanced regular expression examples in grep.

Let us take the file /var/log/messages file which will be used in our examples.

Example 1. Beginning of line ( ^ )

In grep command, caret Symbol ^ matches the expression at the start of a line. In the following example, it displays all the line which starts with the Nov 10. i.e All the messages logged on November 10.

$ grep "^Nov 10" messages.1
Nov 10 01:12:55 gs123 ntpd[2241]: time reset +0.177479 s
Nov 10 01:17:17 gs123 ntpd[2241]: synchronized to LOCAL(0), stratum 10
Nov 10 01:18:49 gs123 ntpd[2241]: synchronized to 15.1.13.13, stratum 3
Nov 10 13:21:26 gs123 ntpd[2241]: time reset +0.146664 s
Nov 10 13:25:46 gs123 ntpd[2241]: synchronized to LOCAL(0), stratum 10
Nov 10 13:26:27 gs123 ntpd[2241]: synchronized to 15.1.13.13, stratum 3

The ^ matches the expression in the beginning of a line, only if it is the first character in a regular expression. ^N matches line beginning with N.

Example 2. End of the line ( $)

Character $ matches the expression at the end of a line. The following command will help you to get all the lines which ends with the word “terminating”.

$ grep "terminating.$" messages
Jul 12 17:01:09 cloneme kernel: Kernel log daemon terminating.
Oct 28 06:29:54 cloneme kernel: Kernel log daemon terminating.

From the above output you can come to know when all the kernel log has got terminated. Just like ^ matches the beginning of the line only if it is the first character, $ matches the end of the line only if it is the last character in a regular expression.

Example 3. Count of empty lines ( ^$ )

Using ^ and $ character you can find out the empty lines available in a file. “^$” specifies empty line.

$ grep -c  "^$" messages anaconda.log
messages:0
anaconda.log:3

The above commands displays the count of the empty lines available in the messages and anaconda.log files.

Example 4. Single Character (.)

The special meta-character “.” (dot) matches any character except the end of the line character. Let us take the input file which has the content as follows.

$ cat input
1. first line
2. hi hello
3. hi zello how are you
4. cello
5. aello
6. eello
7. last line

Now let us search for a word which has any single character followed by ello. i.e hello, cello etc.,

$ grep ".ello" input
2. hi hello
3. hi zello how are you
4. cello
5. aello
6. eello

In case if you want to search for a word which has only 4 character you can give grep -w “….” where single dot represents any single character.

Example 5. Zero or more occurrence (*)

The special character “*” matches zero or more occurrence of the previous character. For example, the pattern ’1*’ matches zero or more ’1′.

The following example searches for a pattern “kernel: *” i.e kernel: and zero or more occurrence of space character.

$ grep "kernel: *." *
messages.4:Jul 12 17:01:02 cloneme kernel: ACPI: PCI interrupt for device 0000:00:11.0 disabled
messages.4:Oct 28 06:29:49 cloneme kernel: ACPI: PM-Timer IO Port: 0x1008
messages.4:Oct 28 06:31:06 btovm871 kernel:  sda: sda1 sda2 sda3
messages.4:Oct 28 06:31:06 btovm871 kernel: sd 0:0:0:0: Attached scsi disk sda
.
.

In the above example it matches for kernel and colon symbol followed by any number of spaces/no space and “.” matches any single character.

Example 6. One or more occurrence (\+)

The special character “\+” matches one or more occurrence of the previous character. ” \+” matches at least one or more space character.

If there is no space then it will not match. The character “+” comes under extended regular expression. So you have to escape when you want to use it with the grep command.

$ cat input
hi hello
hi    hello how are you
hihello

$ grep "hi \+hello" input
hi hello
hi    hello how are you

In the above example, the grep pattern matches for the pattern ‘hi’, followed by one or more space character, followed by “hello”.

If there is no space between hi and hello it wont match that. However, * character matches zero or more occurrence.

“hihello” will be matched by * as shown below.

$ grep "hi *hello" input
hi hello
hi    hello how are you
hihello
$

Example 7. Zero or one occurrence (\?)

The special character “?” matches zero or one occurrence of the previous character. “0?” matches single zero or nothing.

$ grep "hi \?hello" input
hi hello
hihello

“hi \?hello” matches hi and hello with single space (hi hello) and no space (hihello).

The line which has more than one space between hi and hello did not get matched in the above command.

Example 8.Escaping the special character (\)

If you want to search for special characters (for example: * , dot) in the content you have to escape the special character in the regular expression.

$ grep "127\.0\.0\.1"  /var/log/messages.4
Oct 28 06:31:10 btovm871 ntpd[2241]: Listening on interface lo, 127.0.0.1#123 Enabled

Example 9. Character Class ([0-9])

The character class is nothing but list of characters mentioned with in the square bracket which is used to match only one out of several characters.

$ grep -B 1 "[0123456789]\+ times" /var/log/messages.4
Oct 28 06:38:35 btovm871 init: open(/dev/pts/0): No such file or directory
Oct 28 06:38:35 btovm871 last message repeated 2 times
Oct 28 06:38:38 btovm871 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found
Oct 28 06:38:38 btovm871 last message repeated 3 times

Repeated messages will be logged in messages logfile as “last message repeated n times”. The above example searches for the line which has any number (0to9) followed by the word “times”. If it matches it displays the line before the matched line and matched line also.

With in the square bracket, using hyphen you can specify the range of characters. Like [0123456789] can be represented by [0-9]. Alphabets range also can be specified such as [a-z],[A-Z] etc. So the above command can also be written as

$ grep -B 1 "[0-9]\+ times" /var/log/messages.4

Example 10. Exception in the character class

If you want to search for all the characters except those in the square bracket, then use ^ (Caret) symbol as the first character after open square bracket. The following example searches for a line which does not start with the vowel letter from dictionary word file in linux.

$ grep -i  "^[^aeiou]" /usr/share/dict/linux.words
1080
10-point
10th
11-point
12-point
16-point
18-point
1st
2

First caret symbol in regular expression represents beginning of the line. However, caret symbol inside the square bracket represents “except” — i.e match except everything in the square bracket.


Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 12 comments… read them below or add one }

1 Felix Frank January 4, 2011 at 6:27 am

“….” is not at all an expression for “an exactly 4-letter word” (not even with grep -w) and will not work.
For that, you’d need a horror like “\b.\B.\B.\B.\b”.
Fortunately, it’s an unlikely use case.

2 linuxboy January 4, 2011 at 8:14 am

hello Ramesh Natarajan
I’m reading all your Blog and like your article’s style,command with Examples. thanks for your sharing.

3 dj January 4, 2011 at 2:48 pm

I often use the -E, –extended-regexp option. It posix compliant.
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/grep.html

4 Cissy January 4, 2011 at 7:50 pm

Thanks for sharing…
I learned a lot..
lol

5 alok chaubey October 3, 2011 at 5:45 pm

yeP…. your work in the field of linux is truly appreciable

6 Kashif January 24, 2012 at 3:10 am

Worked for me but can you please tell how to grep “%” from the below syntax
PING=$(ping -c 10 192.168.1.1 | grep -w ‘statistics|Time|100\\%|90\\%|80\\%|70\\%|60\\%|50\\%|40\\%|30\\%|20\\%|10\\%’)

I am doing this because I don’t want a report if 10 packets are successfully sent and there is 0% packet loss.
Thanks

7 Prasanna N August 6, 2012 at 11:41 am

Ramesh, I just found your site yesterday.
This is exactly what I was searching for to learn all the unixy stuff.

The articles are great and I have already learnt a lot!

Thanks immensely.

8 Ankit Gupta February 14, 2013 at 1:04 am

A very good/handy article. Looking for the sequel of the article.

9 kishore May 22, 2013 at 5:04 am

can you provide an example for exception of blank spaces

10 Nilesh May 28, 2013 at 10:01 pm

Kishore,

There’s -v option which inverts the search. So something like below should work.

grep -v ‘^$’ filename

11 amrutha May 11, 2014 at 11:37 pm

for the beginners its very useful,clear explanation

12 Anonymous June 3, 2014 at 7:27 am

awesome covers majority of the pattren

Leave a Comment

Previous post:

Next post: