How to search Log Files in Linux using 'view' and 'grep'

Applications and systems are always trying to communicate with us via log files. They write traces, errors, or acknowledgments in log files. In order to know our systems better, we need to learn how to read logs. If you are in a system administration or application support role, log parsing is a key skill!

Log files come in handy when troubleshooting is required. Log files always carry loads of useful information that can point towards cause of failure.

There are many convenient and alternate log analysis tools available in the market. They also support excellent visuals like graphs and statistics. Some examples include ELK, Splunk, Nagios. However, in order to understand those tools better, we need to have an understanding of manual log parsing. Also, manual log parsing can serve as a backup in case monitoring tools are not available. You can also code customized alerts that are triggered based on certain occurrences of an error in log files.

I'll demonstrate some convenient and fool proof methods to search in verbose log files.

Grep and view commands are covered in this tutorial. Together they make a powerful combo to catch errors with accuracy.

How to use grep

Find a list of Log Files that match a string

If there are multiple files in a folder, you can use the below command to find the required string.

The output would be a list of files containing the desired strings.

grep -l "String to Match" *.*        

Searching within a file using 'grep'

Grep is a built-in bash utility. It stands for global regular expression. Grep is used to match strings in files. The output of a command can also be directed to grep to filter out results.

cat filename.txt | grep "String to Match"         

Grep can also be used to state the line number against a matched string.

In the below example, 31 is the line number of matched string.

# Example
cat trace.txt | grep -n "Signal Dispatcher"
# Output
 31:"Signal Dispatcher" 4 daemon prio=9 os_prio=31 cpu=0.27ms elapsed=103.28s tid=0x00007        

By default, grep is case sensitive. In case you are unsure of the case type of the string to match, use -i flag.

cat filename.txt | grep -i "String to match"        

Sometimes we need to list lines that do 'not' match a given criteria. For example, if we need only success responses, we can filter out failures.

cat filename.txt | grep -v "Failures"        

Last but not the least, it's very easy to count the occurrences with -c flag.

cat filename.txt | grep -c "String to count"        

How to use view

Grep displays output one line at a time. There are ways to list lines above and below the matched string, but sometimes we want to navigate through lines. One case is a very long trace file and we need to go many lines below and above the exception.

View uses the same format as vi editor for saving, quitting and searching files. Let's have a closer look.

view trace.txt        

I am using a sample syslog file. The output is as shown below.

Note the blinking cursor at the beginning of the line. You can easily navigate using it.

Match a pattern with view

Simply type / in command mode and enter search string.

This will highlight the first occurrence.

• To move to the next occurrence, type 'n'.
• For moving to the previous occurrence, type 'N'.
• 'ggn' would take to the first occurrence.
• To move to the last occurrence, type 'GGN'

View Line numbers and go to that line

In command mode, type :set number

On the left hand side, you can see line numbers. To add further, in the bottom right, columns and line numbers are also displayed.

Sometimes trace backs inform that line number x has an error.

With view, you can go to line number using :line_number where line_number is the actual line number. For example, :32 takes you to line#32.

view has many more options with which even complex operations can be performed. Do check the man page for view and grep for further reading.

Now you know how to ace any search with grep and view. No matter how long or complicated the file is, the duo of view and grep can do magic!

I would love to connect with you!

Let's connect!