Introduction
This walkthrough covers using grep to search and filter log files for errors, specific requests, and multi-pattern matches.
Tasks
- Find all
ERRORmessages insystem.logand count how many there are. - Find all lines containing
POSTrequests inaccess.log. - Find all lines in
application.logthat contain bothWARNINGandquery(case-insensitive). - Search for all user authentications (containing
User authenticated) across all log files.
Requirements
- Use
grepfor all searches (combining with other commands likewcwhere needed). - Save each task’s output to its own file:
task1_output.txt,task2_output.txt,task3_output.txt,task4_output.txt. - Original log files must not be modified.
Solution
Task 1
BASH
grep -c "ERROR" system.log > task1_output.txtgrep -c counts the number of matching lines instead of printing them. Redirecting the output saves the count to task1_output.txt.
Task 2
BASH
grep POST access.log > task2_output.txt$ head -n 2 task2_output.txt
241.98.70.154 - - [31/Jan/2026:19:18:15 +0000] "POST /api/v1/resource12 HTTP/1.1" 204 319
210.20.0.7 - - [08/May/2026:19:18:15 +0000] "POST /api/v1/resource9 HTTP/1.1" 201 8Task 3
BASH
grep WARNING application.log | grep -i query > task3_output.txtThe first grep filters for WARNING entries. The second grep searches those results for query, using -i to ignore case.
$ head -n 2 task3_output.txt
2025-09-22 19:18:17 WARNING Slow query detected. Execution time: 8528ms
2026-06-20 19:18:17 WARNING Slow query detected. Execution time: 3800msTask 4
BASH
grep "User authenticated" *.log > task4_output.txt$ head -n 2 task4_output.txt
application.log:2025-07-06 19:18:17 INFO User authenticated for session #8869
application.log:2025-12-23 19:18:17 INFO User authenticated for session #3109Because multiple files are searched (*.log), grep prefixes each matching line with the filename.
Key Takeaways
- Use
grep -cto count matching lines. - Pipe
grepwith|to apply multiple filters. - Use
-ifor case-insensitive searches. - Use wildcard patterns such as
*.logto search multiple files. - Redirect output using
>to save results.
