UNIX AIX: how to find chunks of code in logs?

Posted on 2009-02-17
Last Modified: 2013-11-17
I am able to get to the log file - 20,000 lines of code per log file
then I do:
$ grep keyword [name of log file]

then, I get all keywords found in the logs without the information corresponding to the keywords searched

In other words, how do I find chunks of code in UNIX?

$pg from to end


Question by:epifanio67
    LVL 68

    Expert Comment

    if your chunks were surrounded by blank lines or the like you could use
    grep -p [keyword]
    with -p meaning 'paragraph' (this is unique to AIX's grep).
    you can use grep -p[separator] to have a separator of your choice (instead of blank lines)
    If this is not enough, you can use gnu grep, which has options for 'preceeding' and 'following'
    Find gnu grep here -
    Its manpage is here -
    Look at the -A, -B, and -C options.

    Author Comment

    thx woolmilkporc

    I just tried it... I did:


    and I got back:

    $ inbalance

    do you know why? may be because there is colons on the keyword?
    LVL 68

    Expert Comment

    I guess SIPS:LOGBLOCK:BEGIN:SIPDATA:[  is your separator?
    Put it in single quotes ( ' ' ) to protect special characters like ']' from the shell, and omit the pace following the '-p'
    grep -p'SIPS:LOGBLOCK:BEGIN:SIPDATA:[ '  searchstring   file


    Author Comment


    SIPS:LOGBLOCK:BEGIN:SIPDATA:[  is the keyword

    I just tried:

    $ grep -p '---- separator---' 'SIPS:LOGBLOCK:BEGIN:SIPDATA:[' filename

    I got back:

    $grep: Not a recognized flag: -
    LVL 68

    Expert Comment

    Yes, that's because grep assumes the '-' in your separator to be the begin of a new flag.
    Omit the space following '-p' !
    grep -p'---- separator---' 'SIPS:LOGBLOCK:BEGIN:SIPDATA:[' filename


    Author Comment



    I even tried:

    $grep -e 'SIPS:LOGBLOCK:BEGIN:SIPDATA:[' filename

    the usage man says that -e is for patterns...

    LVL 68

    Expert Comment

    As a circumvention, omit the [
    This will make no difference for your search (well, most probably)

    Author Comment

    no, I get the same error...

    I don't know how people read this huge log files in UNIX

    is there any other way?

    LVL 68

    Accepted Solution

    As for the 'imbalance':
    yes, -e is for patterns, and as the opening bracket is an integral part of an regexp, grep tries to interpret it.
    Using the '-e' or not makes only a difference with patterns beginning with a '-' : the '-e' will protect them from being interpreted as an option.
    The only circumvention (besides not using [ ] in search strings) is, afaik, escaping the [ with a backslash '\',

    grep 'SIPS:LOGBLOCK:BEGIN:SIPDATA:\[' filename

    should work.


    Author Closing Comment

    it doesn't do anything for some reason... it outputs a blank $

    I think I am just gonna move the files to a local dir and open with Notepad... too big of a file..

    Thx wolmilkporc you deserve the points for the support and quick response... thx man
    LVL 68

    Expert Comment

    Why give up?
    If the searchstring is contained in your file at all, grep must find it!
    Whom should we trust if not grep (and all its close and not so close relatives, of course)?

    Try to shorten the search string, e.g. search for only LOGBLOCK or the like.
    Remember, if not called with the -i flag, grep is case-sensitive.

    And if the chunk processing doesn't work with AIX grep, there is still Gnu grep (see above).

    As for large logfiles:

    I think you should rotate them on a regular basis using logrotate.

    Find logrotate here:

    (the 5.1 version will work)

    and here is its manpage:

    Should you have questions/problems, come to EE and ask.
    If you put a question in the AIX zone, be sure that I'll be there!

    Thanks for the points,

    Good luck!

    Norbert (wmp)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
    Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap ( Version 1.2 2.      Jpcap( Version 0.6 Prerequisite: 1.      GCC …
    This tutorial goes over how to archive and restore FreeBSD jails that are managed by ezjail.
    Video by: Phil
    This video goes over how to configure and start a jail in FreeBSD.  This video is meant to supplement the article included with this course.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now