LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-11-2015, 07:51 AM   #1
MrScoville
LQ Newbie
 
Registered: Dec 2015
Posts: 10

Rep: Reputation: Disabled
Question "tail"ing a file by keyword / pattern


Hi there,

a certain command's output contains a certain keyword. Anything else before the keyword doesn't matter in the current use-case. I only want to see the line starting with the keyword and the rest of the output.

Example:

foo 1 2 3
bar 4 5 6
baz 7 8 9
Keyword Some More Stuff
1 2 3 4
2 3 4 5

I don't know how many lines are before "Keyword.*", and how many may follow. In the example, I'd like to see the last 3 lines.

Of course I could write a Bash script containing some weird stuff like grepping Keyword with -n so I'd have the line number of Keyword, then grepping . -n so I'd have the overall line number, emit an expr and tail accordingly, but isn't there an easier way, perhaps something that one could 'alias' in .bashrc? Sed, Awk, I don't know.

Thanks in advance and have a nice weekend!

PS: Neither the lines before the Keyword line nor the ones after are certain to follow a pattern that would be easy to grep -v | grep.

Last edited by MrScoville; 12-11-2015 at 07:56 AM.
 
Old 12-11-2015, 07:54 AM   #2
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,642

Rep: Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960
Yes I would use awk for such a challenge
 
Old 12-11-2015, 08:21 AM   #3
MrScoville
LQ Newbie
 
Registered: Dec 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by grail View Post
Yes I would use awk for such a challenge
I guessed so, but because I am a Newbie (at least when it comes to awk and fellows) I've posted my question to the Newbie Forum. Perhaps you have some hints at hand? Thanks
 
Old 12-11-2015, 08:40 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,349
Blog Entries: 36

Rep: Reputation: Disabled
something like
Code:
tail -n 3 -f  /path/to/file.log | grep <keyword>
?

source:
Code:
2015-12-10 01:04:43,093 fail2ban.actions: WARNING [c9badbots] Ban 203.133.170.11
2015-12-10 02:17:47,933 fail2ban.actions: WARNING [c9custom] Ban 46.166.139.20
2015-12-10 06:20:52,645 fail2ban.actions: WARNING [c9custom] Ban 192.129.227.26
shows
Code:
tail -n 3 -f  /var/log/fail2ban.log | grep c9custom
2015-12-10 02:17:47,933 fail2ban.actions: WARNING [c9custom] Ban 46.166.139.20
2015-12-10 06:20:52,645 fail2ban.actions: WARNING [c9custom] Ban 192.129.227.26
Have Fun!
 
Old 12-11-2015, 08:51 AM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,073

Rep: Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813Reputation: 1813
How about
Code:
sed -n '/Keyword/,$p'
 
1 members found this post helpful.
Old 12-11-2015, 09:11 AM   #6
MrScoville
LQ Newbie
 
Registered: Dec 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thumbs up

Quote:
Originally Posted by rknichols View Post
How about
Code:
sed -n '/Keyword/,$p'
100.00 percent perfect! I knew there had to be a simple solution. As there is always one in Linux. Exactly this is what I've been looking for! Thank you, @rknichols!

Kudos!

Last edited by MrScoville; 12-11-2015 at 09:18 AM.
 
Old 12-11-2015, 09:15 AM   #7
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,642

Rep: Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960Reputation: 2960
Code:
awk '/Keyword/{x=1}x'
 
1 members found this post helpful.
Old 12-11-2015, 09:45 AM   #8
MrScoville
LQ Newbie
 
Registered: Dec 2015
Posts: 10

Original Poster
Rep: Reputation: Disabled
Just in case somebody might be curious why I asked the initial question... On a Linux running systemd emitting "mount" will result in a bunch of confusing... well... stuff, like this on my Raspberry Pi almost instantly after installing the image:

/dev/mmcblk0p2 on / type ext4 (rw,noatime,nodiratime,errors=remount-ro,commit=120,data=ordered)
devtmpfs on /dev type devtmpfs (rw,relatime,size=494116k,nr_inodes=123529,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mmcblk0p1 on /boot type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)

"Almost instantly", because I've added a swap partition. Where is it? Right, not listed.

Next try: df -a

Filesystem 1K-blocks Used Available Use Mounted on
/dev/root 721848 465468 203880 70% /
devtmpfs 494116 0 494116 0% /dev
sysfs 0 0 0 - /sys
proc 0 0 0 - /proc
tmpfs 498420 0 498420 0% /dev/shm
devpts 0 0 0 - /dev/pts
tmpfs 498420 6592 491828 2% /run
tmpfs 5120 0 5120 0% /run/lock
tmpfs 498420 0 498420 0% /sys/fs/cgroup
cgroup 0 0 0 - /sys/fs/cgroup/systemd
cgroup 0 0 0 - /sys/fs/cgroup/cpuset
cgroup 0 0 0 - /sys/fs/cgroup/cpu,cpuacct
cgroup 0 0 0 - /sys/fs/cgroup/blkio
cgroup 0 0 0 - /sys/fs/cgroup/devices
cgroup 0 0 0 - /sys/fs/cgroup/freezer
cgroup 0 0 0 - /sys/fs/cgroup/net_cls
systemd-1 0 0 0 - /proc/sys/fs/binfmt_misc
mqueue 0 0 0 - /dev/mqueue
debugfs 0 0 0 - /sys/kernel/debug
configfs 0 0 0 - /sys/kernel/config
/dev/mmcblk0p1 62378 19866 42512 32% /boot

Again not. Next idea: Assume all filesystems in /etc/fstab have been mounted, and look at fstab:

/dev/mmcblk0p1 /boot vfat defaults 0 2
/dev/mmcblk0p2 / ext4 errors=remount-ro,noatime,nodiratime,commit=120 0 1
/dev/mmcblk0p3 swap swap defaults 0 0

But where have blocks and sizes gone?

Well, now comes @rknichols solution: fstab -l | sed -n '/Device/,$p'

Edit ~/.bashrc and add:

alias pmount='fdisk -l | sed -n \/^Device\/,\$p'

Import it: . ~/.bashrc

Then emit pmount:

Device Boot Start End Sectors Size Id Type
/dev/mmcblk0p1 16 125055 125040 61.1M b W95 FAT32
/dev/mmcblk0p2 125056 1626112 1501057 733M 83 Linux
/dev/mmcblk0p3 1628160 10016767 8388608 4G 82 Linux swap / Solaris

THERE it is!

 
Old 12-11-2015, 09:51 AM   #9
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,043

Rep: Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811Reputation: 811
How about

Code:
grep -A 1000 Keyword
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Use "Tail -f" with log file to sound error on predefined messages Southpaw94 Linux - Server 2 06-20-2013 12:55 PM
[SOLVED] Bash, find : How to avoid [...] pattern matching in file names expanded from "$var"? Telengard Programming 19 04-23-2011 03:36 AM
"Unknown keyword in config file" when trying to boot from CD jkh107 Fedora - Installation 7 03-26-2009 01:29 AM
How to make newer "tail" behave like older "tail" rylan76 Linux - Software 4 12-07-2007 05:27 AM
problem "make"ing gtk+ "/usr/bin/env: perl -w" caid Linux - Newbie 8 07-29-2005 05:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration