Grep Regex Cheat Sheet

Posted on |



  1. Regex Cheat Sheet Pdf
  2. Linux Grep Command Cheat Sheet

I've used grep for a long time, how can I do things on Sumo?

Searching across multiple servers and aggregating the results is where the power of Sumo really lies. This cheat sheet can make it easier for you to move from greping logs to more in-depth querying with Sumo Logic.

Remember that Sumo Logic queries are time-constrained.

We recommend that search your data using the _sourceCategory metadata tag, but you’ll see that the examples below use the _sourceName metadata tag because _sourceName should reflect the full canonical path of the file, which is typically what you use when greping files. You should still follow the seven search rules to live by.

Quick-Start: Regex Cheat Sheet. The tables below are a reference to basic regex. While reading the rest of the site, when in doubt, you can always come back and look here. (It you want a bookmark, here's a direct link to the regex reference tables ). I encourage you to print the tables so you have a cheat sheet on your desk for quick reference. BBEdit-TextWrangler Regular Expression Cheat-Sheet - BBEdit-TextWranglerRegExCheatSheet.txt. Allow the grep engine to match at ^ and $ after and before at r.

grep Command Line

Sumo Equivalent

Description

cat ./log_file

_sourceName=*/log_file

Returns the contents of a file named log_file for a specific timeframe. In Sumo, you must paginate through the results, but you can also search for ALL log files across your stack which share the same name.

grep -i 'string' ./log_file

_sourceName=*/log_file AND 'string'

Returns all log lines containing the term 'string' (case insensitive) in a file named log_file.

grep -i 'string' ./log_*

_sourceName=*/log_* AND 'string'

Returns all log lines containing the word 'string' (case insensitive) in a file that starts with 'log_' in its name.

grep 'literal_string' ./log_file

_sourceName=*/log_file AND 'literal_string'
| parse regex '(?<sample>literal_string)'
| fields - sample

Returns all log lines containing the term 'literal_string' (case sensitive) in a file named log_file.

grep 'start.*end' ./log_file

_sourceName=*/log_file
| parse regex '(?<sample>start.*end)'
| fields - sample

Using regex, returns all events where a particular pattern is present on the log line.

grep -iw 'string' ./log_file

_sourceName=*/log_file AND ' string '

Finds all words which match the term 'string' in a file named 'log_file'. Notice the spaces around string.

grep -A 3 -i 'example' ./log_file

No equivalent operation.

Returns the log events 3 lines after the line which included the term 'example'. While there is no query language equivalent operation, you can search surrounding messages.

grep -B 3 -i 'example' ./log_file

No equivalent operation.

Returns the log events 3 lines before the line which included the term 'example'. While there is no query language equivalent operation, you can search surrounding messages.

grep -C 3 -i 'example' ./log_file

No equivalent operation.

Returns the log events 3 lines before and after the line which included the term 'example'. While there is no query language equivalent operation, you can search surrounding messages.

grep -r 'string' ./*

_sourceHost=server_name AND _sourceName=* AND 'string'
| fields _sourceName, _raw

Returns all files and events within a specific server which include the term “string”. Notice the _sourceHost metadata tag is used to hone in on a single server.

grep -c 'string' ./log_file

_sourceName=*/log_file AND 'string'
| count

Count the number of lines which match the term 'string'.

grep -v 'string' ./log_file

_sourceName=*/log_file AND !'string'

Returns only the log events where the term 'string' was not found.

grep -l 'string' ./log_*

_sourceName=*/log_* AND 'string'
| count by _sourceName
| fields _sourceName

Returns only the file names where the term 'string' was found.

grep -o 'start.*end' ./log_file

_sourceName=*/log_file
| parse regex '(?<match>start.*end)'
| fields match

Returns only the part of the log event which matches my search term.

Grep Regex Cheat Sheet

Cheat sheet based off the Udemy cysa+ course from Jason Dion – video 75 as i’m sure i’ll end up looking for it at some point in the future.

Regex cheatsheet Many programs use regular expression to find & replace text. However, they tend to come with their own different flavor.

REGEX:

[] – Match a single instance of a chracter from a range such as a-z A-Z 0-9 or for all [a-zA-Z0-9]

[s] – Match whitespace

[d] – Match a digit

+ – Match one or more occurrences e.g. d+-

*- Match zero or more occurrences e.g. d*

? – Match one or none occureences e.g. d?

Regex Cheat Sheet Pdf

{} – Match the number of times within the braces e.g. d{3} finds 3 digits in a row or d{7-10} matches 7,8,9 or 10 digits in a row

| – OR

Grep regex cheat sheet

^ – Only search at the start of a line

$ – Only search at the end of a line

GREP:

Linux Grep Command Cheat Sheet

-F = search for a literal value, can use “” instead of -F

-r = recursive

-i = Ignore case sensitivity

-v = Find things which do not match

-w = Treat search strings as words (instead of parts of words)

-c = Show count of matches

-l = Return names of files containing matches

-L = Return names of files without matches