≡ Menu

Regular Expressions in Grep Command with 10 Examples – Part I

Regular expressions are used to search and manipulate the text, based on the patterns. Most of the Linux commands and programming languages use regular expression.

Grep command is used to search for a specific string in a file. Please refer our earlier article for 15 practical grep command examples.

You can also use regular expressions with grep command when you want to search for a text containing a particular pattern. Regular expressions search for the patterns on each line of the file. It simplifies our search operation.

This articles is part of a 2 article series.

This part 1 article covers grep examples for simple regular expressions. The future part 2 article will cover advanced regular expression examples in grep.

Let us take the file /var/log/messages file which will be used in our examples.

Example 1. Beginning of line ( ^ )

In grep command, caret Symbol ^ matches the expression at the start of a line. In the following example, it displays all the line which starts with the Nov 10. i.e All the messages logged on November 10.

$ grep "^Nov 10" messages.1
Nov 10 01:12:55 gs123 ntpd[2241]: time reset +0.177479 s
Nov 10 01:17:17 gs123 ntpd[2241]: synchronized to LOCAL(0), stratum 10
Nov 10 01:18:49 gs123 ntpd[2241]: synchronized to 15.1.13.13, stratum 3
Nov 10 13:21:26 gs123 ntpd[2241]: time reset +0.146664 s
Nov 10 13:25:46 gs123 ntpd[2241]: synchronized to LOCAL(0), stratum 10
Nov 10 13:26:27 gs123 ntpd[2241]: synchronized to 15.1.13.13, stratum 3

The ^ matches the expression in the beginning of a line, only if it is the first character in a regular expression. ^N matches line beginning with N.

Example 2. End of the line ( $)

Character $ matches the expression at the end of a line. The following command will help you to get all the lines which ends with the word “terminating”.

$ grep "terminating.$" messages
Jul 12 17:01:09 cloneme kernel: Kernel log daemon terminating.
Oct 28 06:29:54 cloneme kernel: Kernel log daemon terminating.

From the above output you can come to know when all the kernel log has got terminated. Just like ^ matches the beginning of the line only if it is the first character, $ matches the end of the line only if it is the last character in a regular expression.

Example 3. Count of empty lines ( ^$ )

Using ^ and $ character you can find out the empty lines available in a file. “^$” specifies empty line.

$ grep -c  "^$" messages anaconda.log
messages:0
anaconda.log:3

The above commands displays the count of the empty lines available in the messages and anaconda.log files.

Example 4. Single Character (.)

The special meta-character “.” (dot) matches any character except the end of the line character. Let us take the input file which has the content as follows.

$ cat input
1. first line
2. hi hello
3. hi zello how are you
4. cello
5. aello
6. eello
7. last line

Now let us search for a word which has any single character followed by ello. i.e hello, cello etc.,

$ grep ".ello" input
2. hi hello
3. hi zello how are you
4. cello
5. aello
6. eello

In case if you want to search for a word which has only 4 character you can give grep -w “….” where single dot represents any single character.

Example 5. Zero or more occurrence (*)

The special character “*” matches zero or more occurrence of the previous character. For example, the pattern ‘1*’ matches zero or more ‘1’.

The following example searches for a pattern “kernel: *” i.e kernel: and zero or more occurrence of space character.

$ grep "kernel: *." *
messages.4:Jul 12 17:01:02 cloneme kernel: ACPI: PCI interrupt for device 0000:00:11.0 disabled
messages.4:Oct 28 06:29:49 cloneme kernel: ACPI: PM-Timer IO Port: 0x1008
messages.4:Oct 28 06:31:06 btovm871 kernel:  sda: sda1 sda2 sda3
messages.4:Oct 28 06:31:06 btovm871 kernel: sd 0:0:0:0: Attached scsi disk sda
.
.

In the above example it matches for kernel and colon symbol followed by any number of spaces/no space and “.” matches any single character.

Example 6. One or more occurrence (\+)

The special character “\+” matches one or more occurrence of the previous character. ” \+” matches at least one or more space character.

If there is no space then it will not match. The character “+” comes under extended regular expression. So you have to escape when you want to use it with the grep command.

$ cat input
hi hello
hi    hello how are you
hihello

$ grep "hi \+hello" input
hi hello
hi    hello how are you

In the above example, the grep pattern matches for the pattern ‘hi’, followed by one or more space character, followed by “hello”.

If there is no space between hi and hello it wont match that. However, * character matches zero or more occurrence.

“hihello” will be matched by * as shown below.

$ grep "hi *hello" input
hi hello
hi    hello how are you
hihello
$

Example 7. Zero or one occurrence (\?)

The special character “?” matches zero or one occurrence of the previous character. “0?” matches single zero or nothing.

$ grep "hi \?hello" input
hi hello
hihello

“hi \?hello” matches hi and hello with single space (hi hello) and no space (hihello).

The line which has more than one space between hi and hello did not get matched in the above command.

Example 8.Escaping the special character (\)

If you want to search for special characters (for example: * , dot) in the content you have to escape the special character in the regular expression.

$ grep "127\.0\.0\.1"  /var/log/messages.4
Oct 28 06:31:10 btovm871 ntpd[2241]: Listening on interface lo, 127.0.0.1#123 Enabled

Example 9. Character Class ([0-9])

The character class is nothing but list of characters mentioned with in the square bracket which is used to match only one out of several characters.

$ grep -B 1 "[0123456789]\+ times" /var/log/messages.4
Oct 28 06:38:35 btovm871 init: open(/dev/pts/0): No such file or directory
Oct 28 06:38:35 btovm871 last message repeated 2 times
Oct 28 06:38:38 btovm871 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 Not Found
Oct 28 06:38:38 btovm871 last message repeated 3 times

Repeated messages will be logged in messages logfile as “last message repeated n times”. The above example searches for the line which has any number (0to9) followed by the word “times”. If it matches it displays the line before the matched line and matched line also.

With in the square bracket, using hyphen you can specify the range of characters. Like [0123456789] can be represented by [0-9]. Alphabets range also can be specified such as [a-z],[A-Z] etc. So the above command can also be written as

$ grep -B 1 "[0-9]\+ times" /var/log/messages.4

Example 10. Exception in the character class

If you want to search for all the characters except those in the square bracket, then use ^ (Caret) symbol as the first character after open square bracket. The following example searches for a line which does not start with the vowel letter from dictionary word file in linux.

$ grep -i  "^[^aeiou]" /usr/share/dict/linux.words
1080
10-point
10th
11-point
12-point
16-point
18-point
1st
2

First caret symbol in regular expression represents beginning of the line. However, caret symbol inside the square bracket represents “except” — i.e match except everything in the square bracket.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Felix Frank January 4, 2011, 6:27 am

    “….” is not at all an expression for “an exactly 4-letter word” (not even with grep -w) and will not work.
    For that, you’d need a horror like “\b.\B.\B.\B.\b”.
    Fortunately, it’s an unlikely use case.

  • linuxboy January 4, 2011, 8:14 am

    hello Ramesh Natarajan
    I’m reading all your Blog and like your article’s style,command with Examples. thanks for your sharing.

  • dj January 4, 2011, 2:48 pm

    I often use the -E, –extended-regexp option. It posix compliant.
    http://pubs.opengroup.org/onlinepubs/9699919799/utilities/grep.html

  • Cissy January 4, 2011, 7:50 pm

    Thanks for sharing…
    I learned a lot..
    lol

  • alok chaubey October 3, 2011, 5:45 pm

    yeP…. your work in the field of linux is truly appreciable

  • Kashif January 24, 2012, 3:10 am

    Worked for me but can you please tell how to grep “%” from the below syntax
    PING=$(ping -c 10 192.168.1.1 | grep -w ‘statistics|Time|100\\%|90\\%|80\\%|70\\%|60\\%|50\\%|40\\%|30\\%|20\\%|10\\%’)

    I am doing this because I don’t want a report if 10 packets are successfully sent and there is 0% packet loss.
    Thanks

  • Prasanna N August 6, 2012, 11:41 am

    Ramesh, I just found your site yesterday.
    This is exactly what I was searching for to learn all the unixy stuff.

    The articles are great and I have already learnt a lot!

    Thanks immensely.

  • Ankit Gupta February 14, 2013, 1:04 am

    A very good/handy article. Looking for the sequel of the article.

  • kishore May 22, 2013, 5:04 am

    can you provide an example for exception of blank spaces

  • Nilesh May 28, 2013, 10:01 pm

    Kishore,

    There’s -v option which inverts the search. So something like below should work.

    grep -v ‘^$’ filename

  • amrutha May 11, 2014, 11:37 pm

    for the beginners its very useful,clear explanation

  • Anonymous June 3, 2014, 7:27 am

    awesome covers majority of the pattren

  • Vasanth August 14, 2014, 1:17 pm

    Hello Ramesh,
    I really appreciate the effort you have taken in posting this on the Internet.
    I have about 20 years of experience in the IT industry and I loved these examples.
    Thanks to you

  • Vipin December 18, 2014, 4:38 pm

    I am new to Linux,these tutorials help quite a lot. Thanks!!

  • Sugan April 21, 2015, 7:06 am

    Hi, Its easy to learn here.. Thanks.

  • saurabh November 17, 2015, 8:42 am

    grep -i “^[^aeiou]” /usr/share/dict/linux.words

    Command is not worning in centos. the results shows all the characters starting with aeiou.

  • sumit November 18, 2015, 1:56 pm

    It was very helpful. Thank you for explaining. Could have been more useful if it would include regular expression {n,m} as well.

  • Anu June 27, 2016, 5:39 am

    Very useful 🙂

  • Anonymous March 28, 2017, 4:06 pm

    thanks ramesh for tutorial. greetings from croatia