grep — Search for Patterns
# Basic search
grep "error" /var/log/syslog
# Case insensitive
grep -i "error" /var/log/syslog
# Recursive search in directory
grep -r "TODO" /var/www/
# Show line numbers
grep -n "error" app.log
# Count matches
grep -c "error" app.log
# Invert match (lines NOT containing)
grep -v "debug" app.log
# Regex
grep -E "error|warning|critical" app.log
awk — Column-Based Processing
# Print specific columns
awk '{print $1, $4}' access.log
# Filter by condition
awk '$9 == 404' access.log
# Sum a column
awk '{sum += $10} END {print sum}' access.log
# Count unique values
awk '{print $1}' access.log | sort | uniq -c | sort -rn
# Custom delimiter
awk -F: '{print $1, $3}' /etc/passwd
# Conditional printing
awk '$3 > 1000 {print $1}' /etc/passwd
sed — Stream Editor
# Replace first occurrence per line
sed 's/old/new/' file.txt
# Replace all occurrences
sed 's/old/new/g' file.txt
# In-place edit
sed -i 's/old/new/g' file.txt
# Delete lines matching pattern
sed '/pattern/d' file.txt
# Print specific lines
sed -n '5,10p' file.txt
# Insert after a line
sed '/pattern/a\new line of text' file.txt
Combining Tools
# Find top 10 IPs making 404 requests
awk '$9 == 404 {print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn | head -10
# Extract email addresses from a file
grep -oE "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}" file.txt
# Replace config value
sed -i 's/^max_connections.*/max_connections = 200/' /etc/mysql/my.cnf