How to Grep Multiples Lines and using Specific Keyword on Linux

grep is a command line text search utility originally written for Unix or linux. In linux you can grep multiple lines before or after matching the keywords. This examples has been tested on linux CentOS 6.2, but it may workings on other linux version such as Redhat Enterprise Linux 5 (RHEL5) or (RHEL6).

Get grep command help :

[root@centos62 ~]# grep --help

Example :

Context control:
  -B, --before-context=NUM  print NUM lines of leading context
  -A, --after-context=NUM   print NUM lines of trailing context
  -C, --context=NUM         print NUM lines of output context
  -NUM                      same as --context=NUM

Assumed that you have exported all log for 29 March 2012 from /var/log/messages into 29032012.txt as below :

[root@centos62 ~]# more /var/log/messages | grep "Mar 29" > 29032012.txt

1. How to Grep Multiples Lines

Please grep “cubic” with -B1 and -A4 :

[root@centos62 ~]# grep -B1 -A4 "cubic" 29032012.txt

The output will return like this :

Mar 29 21:04:16 centos62 kernel: usbhid: v2.6:USB HID core driver
Mar 29 21:04:16 centos62 kernel: TCP cubic registered
Mar 29 21:04:16 centos62 kernel: Initializing XFRM netlink socket
Mar 29 21:04:16 centos62 kernel: NET: Registered protocol family 17
Mar 29 21:04:16 centos62 kernel: Using IPI No-Shortcut mode
Mar 29 21:04:16 centos62 kernel: registered taskstats version 1

2. How to Grep using Specific Keyword :
Grep only keyword “BIOS-e820” from 29032012.txt file as below :

[root@centos62 ~]# more 29032012.txt | grep "BIOS-e820"

The output will return like this :

Mar 29 21:04:16 centos62 kernel: BIOS-e820: 0000000000000000 - 000000000009f800 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000dc000 - 00000000000e0000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000000e4000 - 0000000000100000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 0000000000100000 - 000000003fef0000 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003fef0000 - 000000003feff000 (ACPI data)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003feff000 - 000000003ff00000 (ACPI NVS)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 000000003ff00000 - 0000000040000000 (usable)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Mar 29 21:04:16 centos62 kernel: BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved)

How to use Basic Regular Expression with grep command on Linux

Regular expressions are special text strings that used to search for and match patterns in text. To make the search expression more specific, it can work together with the grep command. The grep command is the General Regular Expression Parser; it searches a file for strings matching a given regular expression, and by default it the prints out any line containing a string that matches. There are many useful options which can be set for grep which affect it output. This examples will show how to use caret ^ and dollar sign $ to print more specific output. This examples has been tested on Redhat Enterprise Linux 6 server. It may works on CentOS as well.

The caret ^ is meta-characters that respectively match the empty string at the beginning of a line.

Anchor : line begins with...

Meanwhile, the dollar sign $ is a meta-characters that respectively match the empty string at the end of a line.

Anchor : line ends with...

Examples :
1. Print all usernames that begin with the letter e :

[root@rhel6 ~]# grep '^e' /etc/passwd
ehowstuff:x:503:503::/home/ehowstuff:/bin/bash

2. Print all usernames that begin with the letter g :

[root@rhel6 ~]# grep '^g' /etc/passwd
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

3. Print all usernames that begin with the letter a :

[root@rhel6 ~]# grep '^a' /etc/passwd
adm:x:3:4:adm:/var/adm:/sbin/nologin
abrt:x:499:499::/etc/abrt:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin

4. Print all lines that end with the letter h :

[root@rhel6 ~]# grep 'h$' /etc/passwd
root:x:0:0:root:/root:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
test:x:500:500::/home/test:/bin/bash
sambauser1:x:501:501::/home/sambauser1:/bin/bash
ftpuser:x:502:502::/home/ftpuser:/bin/bash
ehowstuff:x:503:503::/home/ehowstuff:/bin/bash
testuser:x:504:504::/home/testuser:/bin/bash