10 Grep Commands Workflows

The grep command in Linux with examples is one of the most useful tools you will ever learn. If you use Linux as your main OS, finding things quickly is often half the battle. Whether you are searching for a bug in a configuration file, reading through thousands of log lines, or trying to figure out which script called which function, the grep command in Linux is usually the first tool you reach for. It is fast, flexible, and available by default on almost all distributions.

This guide provides an overview of 10 grep command workflows based on three real-world search categories: basic search and filtering, advanced search options, and real-world system administration scenarios. If you’re just getting comfortable with the terminal, it’s best to start with our Linux commands for beginners guide first.

Examples

---

grep Global Regular Expression Print is a tool used for searching for lines within one or more files, where those lines match a particular pattern you have provided. For each file it will read all of its lines and compare them to this pattern and print out every line which matches the pattern. As such as being able to perform a variety of actions with the aid of patterns, flags and piping, grep is one of the most valuable tools available to any Linux system administrator or developer.

This tool was written by Ken Thompson in 1974 as part of Unix. GNU grep is the most commonly used version on Linux systems today. It supports basic regular expressions (BRE), extended regular expressions (ERE, via egrep or grep -E), and fixed-string matching (via fgrep or grep -F). You can also use pgrep to find matching process names, but it works differently from standard grep.

grep works well on its own and even better when combined with pipes. You can pipe output from ps command, journalctl, cat, find, and dozens of other commands directly into grep to filter exactly what you need.

---

The basic syntax of the grep command is:

Here is what each part means:

• OPTIONS — flags like -i, -r, -v, -n that change how grep behaves
• PATTERN — the string or regex you want to search for
• FILE — one or more files to search in; can also receive input via pipe

You can also read input from stdin using a pipe:

---

Below is a quick reference of the most commonly used grep flags covered in this article:

Option	Description	Example
-i	Case-insensitive search	grep -i "error" file.txt
-n	Show line numbers	grep -n "pattern" file.txt
-c	Count matching lines	grep -c "pattern" file.txt
-v	Invert match (non-matching lines)	grep -v "pattern" file.txt
-w	Match whole words only	grep -w "word" file.txt
-e	Multiple patterns	grep -e "err" -e "warn" file.txt
-F	Fixed string, no regex	grep -F "[error]" file.txt
-o	Print only the matched part	grep -o "[0-9]\+" file.txt
-r	Recursive directory search	grep -r "pattern" /path/
--include	Limit recursive search to file types	grep -r "pattern" --include="*.log" /var/log
--exclude	Skip matching files or dirs	grep -r "pattern" --exclude="*.txt" /path
--mtime	Search files modified in N days	grep -r "pattern" --mtime -7 /var/log
-A	Show N lines after match	grep -A 5 "pattern" file.txt
-B	Show N lines before match	grep -B 5 "pattern" file.txt
-C	Show N lines before and after match	grep -C 3 "pattern" file.txt
-P	Perl-compatible regex (PCRE)	grep -P "error.*failed" file.txt
-E	Extended regex (same as egrep)	grep -E "err|warn" file.txt
-a	Treat binary files as text	grep -a "pattern" file.bin
-l	Print only filenames with matches	grep -l "pattern" *.conf
-q	Quiet mode, no output (use for scripts)	grep -q "pattern" file.txt
--color=auto	Highlight matched text	grep --color=auto "pattern" file.txt

---

The 30 commands below are organized into three workflow categories:

Basic Search and Filter
Advanced Search Options
Real-World Usage Scenarios

Each category covers 10 commands with working examples and real output samples.

These are the day-to-day grep commands you will use constantly. Learning these 10 well will cover about 80% of real situations you run into on any Linux system.

This is the most basic use of grep. You give it a pattern and a filename, and it prints every line that contains that pattern. It is case-sensitive by default.

Add the -i flag to make your search case-insensitive. This is very useful when searching logs where the same word may appear as ERROR, Error, or error depending on the application that wrote it.

The -n flag prepends each matching line with its line number. This is extremely useful when you need to jump to a specific location in a config file or script to make an edit.

The -c flag tells grep to print just the count of matching lines instead of the lines themselves. Good for quick audits: how many times did this event appear in the log today?

The -v flag inverts the search logic. Instead of printing lines that match, it prints every line that does not match. Very useful for filtering out noise from log files or config files.

By default, grep matches any occurrence of your pattern even if it is part of a longer word. For example, searching for "log" would also match "syslog" and "catalog". The -w flag restricts the match to whole words only.

Use the -e flag to supply multiple search patterns in a single grep command. grep will return any line that matches at least one of the patterns. You can stack as many -e options as you need.

When your search string contains special regex characters like brackets, dots, asterisks, or parentheses, grep may misinterpret them. The -F flag disables regex entirely and treats your pattern as a plain fixed string. This also runs faster than regex on large files.

The -o flag tells grep to print only the part of each line that matched the pattern, not the entire line. Very useful when you want to extract specific data like IP addresses, timestamps, or error codes from large log files.

Pipe grep output to head -n to limit how many matching lines you see. This is useful when a pattern has hundreds of matches and you just need a quick sample to understand what is happening.

These 10 commands go beyond simple text matching. They let you search across entire directory trees, target specific file types, look at the lines surrounding a match, and use powerful regex engines to find complex patterns.

The -r flag makes grep walk into subdirectories and search every file it finds. This is one of the most useful grep options for developers and sysadmins who need to find where a variable, function, or config value is used across a whole project or system path.

Use --include with the -r flag to restrict your recursive search to only files matching a certain pattern. For example, search only in .log files, or only in .conf files. This saves a lot of time on busy servers.

The --exclude flag is the opposite of --include. You can tell grep to skip certain file types or directory names when doing a recursive search. Combine --exclude-dir to skip entire directories like .git or node_modules.

Combine grep with the find command to search only in files that were modified recently. This is especially useful on active servers where log files rotate daily and you only care about recent changes.

The -C flag prints N lines of context both before and after each matching line. This is one of the most practical grep options for debugging because it shows you what happened just before and after an error event in a log file.

The -B flag is like -C but only shows lines before the match. Useful when you want to see what led up to an event without seeing what came after.

The -A flag is the counterpart to -B. It shows lines after the match. Useful when a log entry triggers a chain of messages and you want to see the full sequence of what happened after the event.

Use -P for Perl-Compatible Regular Expressions (PCRE) when you need complex pattern matching like lookaheads, non-greedy quantifiers, or multiline patterns. The example below finds lines where "error" is followed eventually by "failed".

By default, grep skips binary files or prints "Binary file matches". The -a flag forces grep to treat binary files as text and search through them. Useful when you are digging through compiled files or memory dumps looking for readable strings.

The --color=auto flag highlights matched text in red (or whatever your terminal color scheme uses). On most modern distros, this is already enabled by default via a shell alias. If it is not, add it manually or set GREP_OPTIONS in your .bashrc.

This is where grep really earns its place in your daily workflow. The following 10 examples cover the exact tasks that sysadmins on Ubuntu, Rocky Linux, and RHEL deal with regularly. These are not textbook examples. They are commands you will actually run on production systems.

One of the most common sysadmin tasks is scanning log files for errors. Use grep -i "error" against your log directory to pull all error lines from all log files in one shot. On Ubuntu systems, look in /var/log/syslog. On Rocky Linux and RHEL, check /var/log/messages.

Warnings often signal a problem that has not yet broken anything. Catching them early can prevent bigger incidents later. Use the same approach as error searching but target the word "warn".

You can use grep with extended regex to find lines containing patterns that look like IPv4 addresses. This works great on web server access logs and firewall logs when you are investigating suspicious traffic.

On a multi-user Linux server, you often need to check what a specific user has been doing. The auth.log (Ubuntu/Debian) or secure log (Rocky/RHEL) records all authentication and sudo activity per user. For checking running user processes, you can also combine this with the ps command in Linux.

Quickly spot all 404 Not Found responses in your nginx or Apache access log. High volumes of 404s from the same IP can indicate a bot scanning your site for vulnerabilities.

When you need to know which config file has a specific directive set, recursive grep on /etc is your fastest option. This saves a lot of time compared to manually opening files one by one.

Pipe ps aux output into grep to instantly check whether a specific service or process is running. The -i flag makes it case-insensitive. This is faster than running systemctl status when you just need a quick yes or no answer.

You can pipe du output into grep to filter disk usage reports. For example, find all directories or files that show gigabyte-level usage. This is useful when a partition is filling up and you need to track down where the space went. For a deeper look at disk usage monitoring, see our guide on the df command in Linux.

When you manage many servers and cron jobs, finding a specific scheduled task quickly matters. Run crontab -l and pipe it to grep, or search the system-wide cron directories directly. For more on scheduling automation, check our full cron command guide.

You can give grep multiple file names directly on the command line to search across all of them in one pass. grep will prefix each output line with the filename so you always know which file the match came from.

---

How grep works inside shell scripts. In real sysadmin and DevOps work, you rarely run grep as a standalone interactive command. You embed it in scripts to drive logic.

grep returns an exit code after every run. Exit code 0 means at least one match was found. Exit code 1 means no match. Exit code 2 means an error occurred (bad option, missing file). You can use these in if/else conditions inside your scripts.

The -q flag (quiet mode) suppresses all output and just returns the exit code. This is the correct way to use grep inside scripts when you only care about whether something matched, not what matched.

---

This is one of the most searched questions about grep. Here is a clear breakdown:

Command	Equivalent to	Regex Type	When to Use
grep	grep (BRE)	Basic Regular Expressions	Most standard searches; default tool
egrep	grep -E	Extended Regular Expressions	When you need +, ?, |, () without escaping
fgrep	grep -F	No regex (fixed strings)	When searching for literal special characters like . * [ ]
pgrep	grep on process names	Basic regex	Finding process IDs by name; works differently from file grep

In practice, egrep and fgrep are deprecated aliases on GNU systems. The recommended approach is to use grep -E and grep -F instead. They are still available on most systems for backward compatibility but new scripts should use the flag forms.

---

On production servers with multi-gigabyte log files, a slow grep can take minutes or even time out. These are practical tips that can make grep run significantly faster on large files.

1. Use LC_ALL=C to speed up grep on large text files

By default, grep uses your system locale to handle character encoding. On multi-byte locales like UTF-8, this adds processing overhead. Setting LC_ALL=C forces single-byte processing and can make grep 3x to 10x faster on large ASCII log files.

2. Use -F for fixed strings when no regex is needed

If your search pattern has no special characters, always use -F. Fixed string search skips the regex engine entirely and is noticeably faster.

3. Combine LC_ALL=C with -F for maximum speed

---

This section covers the most common issues people run into with grep.

Problem 1: "grep: command not found"

This happens on minimal container images (Alpine, BusyBox-based). Install grep with the appropriate package manager:

Problem 2: "Binary file matches" — grep skipping a file

grep detects binary content and shows this message instead of output. Either use -a to force text mode, or use strings to extract readable content first:

Problem 3: grep returns no output but you know the pattern exists

Most likely a case sensitivity issue. Try adding -i. Also check that you have read permission on the file. Check if there are hidden characters (Windows-style CRLF line endings) using cat -A to see them.

Problem 4: grep hangs on very large files

This can happen with complex regex patterns (catastrophic backtracking) or huge files. Use LC_ALL=C, switch to -F for fixed strings, or limit with head to test a sample first:

---

grep is more than just a tool for searching text. It plays a key role in debugging, monitoring, and automating tasks in Linux. It has been around for more than 50 years and remains widely used because it does one thing well and integrates seamlessly with other Unix tools through pipes.

If you are a system administrator managing Ubuntu servers, Rocky Linux clusters, or RHEL enterprise deployments, grep is a tool you use every day to respond to incidents. You won’t be able to rely on a GUI when a service fails at midnight. Instead, you use grep on logs, systemctl status, and journalctl to identify the problem in less than a minute.

For DevOps engineers and developers, grep is how you search codebases, trace config values across deployment environments, and validate that scripts are producing the expected output. When combined with tools like sed command in Linux, awk, and find, grep becomes part of a powerful text processing pipeline that can handle almost any data transformation task without needing a specialized tool.

Learning grep properly also builds the foundation for understanding regular expressions, which are used across Python, JavaScript, Perl, Rust, and virtually every modern programming language. Time spent mastering grep is never wasted.

---

---

---

For the complete list of grep options and flags, refer to the official
GNU grep manual.