Is is possible to filter the output of tail?

Question

I'd like to tail a file but only output lines that have a certain string in them. Is this possible?

Ryan H · Accepted Answer · 2011-03-04T00:27:26.257

33

use grep. Its built just for that purpose.

To find lines from a tail of /var/log/syslog that have "cron" in them, just run:

tail -f /var/log/syslog | grep cron

And since it accepts anything over stdin, you can use it on the output of any other command as well, by piping in the same way as above (using the | symbol).

edited Mar 04 '11 at 00:27

answered Mar 04 '11 at 00:21

Ryan H

1,398
3
14
18

8

While this is essentially right, it's important to realize that `grep` will buffer when it is used non-interactively, such as when it is part of a longer pipeline. GNU grep 2.5.1 offers the `--line-buffered` option to work around this when eliminating grep from the pipeline isn't an option. (When I say grep will *buffer* I mean you won't see output until the buffer has reached something like 4k.) – kojiro Mar 04 '11 at 03:41
To supplement previous comment, "tail -f" under modern Linux will work in a loop, waiting for more input in the syslog file. To have the command actually finish with the existin contents of the file, omit the -f switch: tail /var/log/syslog | grep cron – Gnudiff Mar 04 '11 at 09:52

score 7 · Answer 2 · answered Mar 04 '11 at 00:19

7

tail -f /var/log/messages | grep "myfilterword"

Hope that helps.

answered Mar 04 '11 at 00:19

pablo

3,020
1
18
23

score 4 · Answer 3 · answered Mar 04 '11 at 07:07

Here's a couple other ideas, which while not as simple, may offer some interesting additional flexibility:

First, you can filter with awk instead of grep:

tail -f /var/log/messages | awk '/myfilterword/'

that works exactly the same as the example using grep. You can expand on this by using the power of awk, for example:

tail -f /var/log/messages | \
awk '/myfilterword/ { for (i=6; i<=NF; i++) printf("%s ", $i); printf("\n")}'

which will print the 6th through the last field of the output (fields are whitespace separated)

Another similar idea is to use a perl one-liner:

tail -f /var/log/messages | perl -ne "/myfilterword/ and print"

that works exactly like grep. Maybe you want a line number counter and just the 6th field? How about this:

tail -f /var/log/messages | \ 
perl -lane "/myfilterword/ and printf \"%6d %s\n\",++\$a,\$F[6]"

Obviously all of these sorts of things can be done with other tools too, but I wanted to illustrate that there are some fun ways to use more general purpose languages like awk or perl here.

+1 great elaboration on how to expand further than grep! – pablo Mar 04 '11 at 12:47 — pablo, Mar 04 '11 at 12:47

score 2 · Answer 4 · answered Mar 04 '11 at 14:30

Another trick worth noting, if you have a CSV file with headers that you want to omit, e.g.:

% cat data.txt
fruit        dessert        calories
Apple        Pie            770
Banana       Pudding        625
Cherry       Cobbler        990
% tail -n +2 data.txt
Apple        Pie            770
Banana       Pudding        625
Cherry       Cobbler        990

It doesn't matter how long the input to tail is, the +n -2 will omit the first line.

Is is possible to filter the output of tail?

4 Answers4