Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands using awk from sorted by
Terminal - Commands using awk - 1,158 results
grep 'HOME.*' data.txt | awk '{print $2}' | awk '{FS="/"}{print $NF}' OR USE ALTERNATE WAY awk '/HOME/ {print $2}' data.txt | awk -F'/' '{print $NF}'
2009-03-05 07:28:26
User: rommelsharma
Functions: awk grep
-3

grep 'HOME.*' data.txt | awk '{print $2}' | awk '{FS="/"}{print $NF}'

OR

awk '/HOME/ {print $2}' data.txt | awk -F'/' '{print $NF}'

In this example, we are having a text file that is having several entries like:

---

c1 c2 c3 c4

this is some data

HOME /dir1/dir2/.../dirN/somefile1.xml

HOME /dir1/dir2/somefile2.xml

some more data

---

for lines starting with HOME, we are extracting the second field that is a 'file path with file name', and from that we need to get the filename only and ignore the slash delimited path.

The output would be:

somefile1.xml

somefile2.xml

(In case you give a -ive - pls give the reasons as well and enlighten the souls :-) )

zgrep "Failed password" /var/log/auth.log* | awk '{print $9}' | sort | uniq -c | sort -nr | less
2009-03-03 13:45:56
User: dbart
Functions: awk sort uniq zgrep
8

This command checks for the number of times when someone has tried to login to your server and failed. If there are a lot, then that user is being targeted on your system and you might want to make sure that user either has remote logins disabled, or has a strong password, or both. If your output has an "invalid" line, it is a summary of all logins from users that don't exist on your system.

gunzip -c /var/log/auth.log.*.gz | cat - /var/log/auth.log /var/log/auth.log.0 | grep "Invalid user" | awk '{print $8;}' | sort | uniq -c | less
awk -F "=| "
2009-03-02 21:09:51
User: Bender
Functions: awk cat file
9

You can use multiple field separators by separating them with | (=or).

This may be helpful when you want to split a string by two separators for example.

#echo "one=two three" | awk -F "=| " {'print $1, $3'}

one three

ps axww | grep SomeCommand | awk '{ print $1 }' | xargs kill
2009-02-28 17:48:51
User: philiph
Functions: awk grep ps xargs
-7

This command kills all processes with 'SomeCommand' in the process name. There are other more elegant ways to extract the process names from ps but they are hard to remember and not portable across platforms. Use this command with caution as you could accidentally kill other matching processes!

xargs is particularly handy in this case because it makes it easy to feed the process IDs to kill and it also ensures that you don't try to feed too many PIDs to kill at once and overflow the command-line buffer.

Note that if you are attempting to kill many thousands of runaway processes at once you should use 'kill -9'. Otherwise the system will try to bring each process into memory before killing it and you could run out of memory. Typically when you want to kill many processes at once it is because you are already in a low memory situation so if you don't 'kill -9' you will make things worse

ifconfig | awk '/inet / {print $2}'
2009-02-27 17:05:08
User: haivu
Functions: awk ifconfig
1

On the Mac, the format ifconfig puts out is little different from Linux: the IP address is space separated, instead of colon. That makes parsing the IP address easier. See releated command for Linux/Unix:

http://www.commandlinefu.com/commands/view/651/getting-the-ip-address-of-eth0

grep "FOUND" /var/log/squidclamav.log | awk '{print $5"-"$2"-"$3","$4","$11}' | sed -e 's/\,http.*url=/\,/g' | sed -e 's/&/\,/g' | sed -e 's/source=//g' |sed -e 's/user=//g' | sed -e 's/virus=//g' | sed -e 's/stream\:+//g' | sed -e 's/\+FOUND//g'
2009-02-27 13:28:18
User: nablas
Functions: awk grep sed
0

This command will list a CSV list of infected files detected by clamav through squidclamav redirector.

awk 'BEGIN {FS=","} {loc = $4, val=$5; getline < "f0001ch1.csv"; print loc,val,$5}' f0001ch2.csv > data
2009-02-27 13:01:16
User: Masse
Functions: awk
0

Parses tektronic given csv files for both channel 1 and channel 2 and joins them together. Can be easily used by gnuplot after that.

IPADDR=`ifconfig eth0 | grep -i inet | awk -F: '{print $2}'| awk '{print $1}'`
2009-02-25 22:58:19
User: rockon
Functions: awk grep
0

Useful in scripts while you just need an IP address in a variable.

du --max-depth=1 | sort -r -n | awk '{split("k m g",v); s=1; while($1>1024){$1/=1024; s++} print int($1)" "v[s]"\t"$2}'
2009-02-24 11:03:08
User: hans
Functions: awk du sort
16

I use this on debian testing, works like the other sorted du variants, but i like small numbers and suffixes :)

for x in `psql -e\l | awk '{print $1}'| egrep -v "(^List|^Name|\-\-\-\-\-|^\()"`; do pg_dump -C $x | gzip > /var/lib/pgsql/backups/$x-nightly.dmp.gz; done
2009-02-21 15:21:09
User: f4nt
Functions: awk egrep gzip
1

Ran as the postgres user, dumps each database individually. It dumps with the create statements as well, so you can just 'zcat $x-nightly.dmp.gz | psql' to reimport/recreate a database from a backup.

N="filepath" ; P=/proc/$(lsof +L1 | grep "$N" | awk '{print $2}')/fd ; ls -l $P | sed -rn "/$N/s/.*([0-9]+) ->.*/\1/p" | xargs -I_ cat $P/_ > "$N"
2009-02-21 02:31:24
User: laburu
Functions: awk cat grep ls sed xargs
5

Note that the file at the given path will have the contents of the (still) deleted file, but it is a new file with a new node number; in other words, this restores the data, but it does not actually "undelete" the old file.

I posted a function declaration encapsulating this functionality to http://www.reddit.com/r/programming/comments/7yx6f/how_to_undelete_any_open_deleted_file_in_linux/c07sqwe (please excuse the crap formatting).

for i in `ps aux | grep ssh | grep -v grep | awk {'print $2'}` ; do kill $i; done
ps auxwww | grep outofcontrolprocess | awk '{print $9}' | xargs kill -9
ps aux | awk '/name/ {print $2}'
2009-02-20 21:35:52
User: evil_otto
Functions: awk ps
-5

This finds a process id by name, but without the extra grep that you usually see. Remember, awk can grep too!

top -b -n 1 | awk '{if (NR <=7) print; else if ($8 == "D") {print; count++} } END {print "Total status D: "count}'
lsof | awk '{print $1}' | sort | uniq -c | sort -rn | head
ps aux | grep -i firefox | grep -v grep | awk '{print $2}' | xargs -t -i kill -9 {}
2009-02-19 18:50:00
User: blackdude
Functions: awk grep kill ps xargs
-7

This is a nice way to kill processes.. the example here is for firefox!!! substitute firefox for whatever the process name is...

lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'
2009-02-19 16:11:54
User: rjamestaylor
Functions: awk netstat
2

Ever logged into a *nix box and needed to know which webserver is running and where all the current access_log files are? Run this one liner to find out. Works for Apache or Lighttpd as long as CustomLog name is somewhat standard. HINT: works great as input into for loop, like this:

for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ; do echo $i; done

Very useful for triage on unfamiliar servers!

svn st | grep ^\? | awk '{print $2}' | xargs svn add
netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
du -sk * | awk '{print $1} END {print "[+z1<y]sy\nlyx\np"}' | dc
last | grep -v "^$" | awk '{ print $1 }' | sort -nr | uniq -c
2009-02-18 16:38:59
User: hkyeakley
Functions: awk grep last sort uniq
15

This command takes the output of the 'last' command, removes empty lines, gets just the first field ($USERNAME), sort the $USERNAMES in reverse order and then gives a summary count of unique matches.

printf %d 0x`dd if=/dev/urandom bs=1 count=4 2>/dev/null | od -x | awk 'NR==1 {print $2$3}'`
2009-02-18 16:23:09
User: introp
Functions: awk od printf
1

Sometimes, in a shell script, you need a random number bigger than the range of $RANDOM. This will print a random number made of four hex values extracted from /dev/urandom.

ps -ef | grep $USERNAME | awk {'print $2'} | xargs kill [-9]
2009-02-17 20:35:35
User: TheNomad
Functions: awk grep kill ps xargs
3

This is a 'killall' command equivalent where it is not available.

Prior to executing it, set the environment variable USERNAME to the username, whose processes you want to kill or replace the username with the $USERNAME on the command above.

Side effect: If any processes from other users, are running with a parameter of $USERNAME, they will be killed as well (assuming you are running this as root user)

[-9] in square brackets at the end of the command is optional and strongly suggested to be your last resort. I do not like to use it as the killed process leaves a lot of mess behind.