grep — PCRE

Shortcuts and Shorthand

Match IPv4 addresses using PCRE digit shorthand

grep -P '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'

Extract value after key= using \K reset marker

grep -oP 'key=\K[^&]+'

Positive lookbehind — match digits preceded by port=

grep -P '(?<=port=)\d+'

Positive lookahead — match word before .conf suffix

grep -P '\b\w+(?=\.conf\b)'

Count non-blank lines using PCRE

grep -Pc '^\S+' file

Lookaround

Lookaheads and lookbehinds match positions, not characters. They assert what’s next or behind without consuming input.

Positive lookahead — lines with "error" followed by a number

grep -nP 'error(?=.*\d)' /var/log/syslog

Negative lookahead — "password" NOT followed by "expired"

grep -nP 'password(?!.*expired)' /etc/security/pwquality.conf

Positive lookbehind — value after "port="

grep -oP '(?<=port=)\d+' app.conf

Negative lookbehind — unescaped pipe in AsciiDoc tables

# The pattern that caught bugs in discovery-protocol.adoc and qradar-api-quick-reference.adoc
grep -nP '^\|.*`[^`]*(?<!\\)\|[^`]*`' docs/modules/ROOT/**/*.adoc

Named capture groups — extract key=value pairs

grep -oP '(?P<key>\w+)=(?P<val>[^ ]+)' config.env