How to Find Large Files on Linux
Locate large files safely with practical commands and a real troubleshooting workflow.
Before you start
Step-by-step instructions
1. Identify the full filesystem or suspect path first
Before hunting for individual files, confirm which filesystem is actually under pressure. Otherwise you may spend time searching the wrong mount point.
df -h
If /var, /home, or another mounted filesystem is the one filling up, you should search inside that path first instead of scanning the whole server blindly.
2. Search for files larger than a useful threshold
Use find with a size filter to quickly locate files above a chosen threshold. Start with something meaningful such as 100M or 500M depending on the server.
find /var -type f -size +100M 2>/dev/null
Start with a narrow path like /var or /home when possible. This is usually faster and produces more useful results than searching from root immediately.
3. Sort large files by actual size
The raw find output is useful, but sorting by size makes it much easier to see the worst offenders first.
find /var -type f -exec du -h {} + 2>/dev/null | sort -hThis combines file discovery with readable size output and sorts the results from smallest to largest. The largest items will appear at the bottom, which is often the fastest way to spot trouble.
4. Check common heavy file areas
Real servers usually grow in a few predictable places. Logs, backups, user uploads, cache files, temporary directories, and exported reports are common sources of large files.
find /var/log -type f -size +100M 2>/dev/null
find /home -type f -size +500M 2>/dev/null
find /tmp -type f -size +100M 2>/dev/nullTargeted searches reduce noise and make it easier to understand whether the issue is operational data, user data, temporary files, or application output.
5. Verify file purpose before cleanup
Once you identify a large file, inspect it carefully. You need to know whether it is safe to delete, whether it should be rotated, or whether it indicates a deeper operational problem.
ls -alh /var/logA very large file is often a symptom, not just clutter. It may point to broken log rotation, runaway exports, backup retention issues, or an application writing more data than expected.
Real example
A server shows high usage on /var. You run find /var -type f -size +500M and discover a single rotated application log that has grown far beyond the expected size. After checking the file and its service context, you confirm that log rotation failed and the file kept growing for days.
This is the correct pattern: identify the full filesystem, find unusually large files inside the relevant path, confirm the file purpose, then apply the correct cleanup or retention fix.
Possible causes
- Application log files growing without rotation
- Large backup archives left on the local server
- User uploads or generated media files accumulating over time
- Temporary export files or reports not being removed
- Cache or session files growing unexpectedly
- Database dump files stored in operational paths
Common mistakes
- Searching the whole server first instead of narrowing to the full filesystem
- Using only
findwithout checking directory growth patterns - Deleting files before understanding whether they are active operational data
- Ignoring permission errors and assuming the scan was complete
- Focusing only on one large file while missing the broader retention or rotation issue
Environment tips
- Use
find ... -size +100Mor a higher threshold depending on server scale. - Combine
findwithduandsort -hwhen you need ordered results. - On busy servers, check
/var/log, backup paths, upload directories, and temporary file areas first. - When a large file is a log, the correct action may be rotation or truncation, not deletion without confirmation.
About this guide
This guide shows how to find large files on Linux safely and efficiently. It focuses on real troubleshooting workflows using find, du, and sort so you can identify exactly which files are consuming disk space without blindly scanning the entire server or deleting the wrong data.
How to follow this guide
- Confirm which filesystem or path is actually growing before scanning for files.
- Use find with size filters to locate unusually large files.
- Use du and sort when directory-level investigation is more useful than raw file listing.
- Narrow the search to likely heavy paths such as logs, backups, uploads, and temporary storage.
- Verify file purpose, owner, and service impact before deleting or moving anything.
Why use this method?
Finding large files is one of the fastest ways to diagnose storage problems on Linux. Full disks can break applications, email queues, databases, uploads, and log writing. A focused large-file search helps you identify the exact offender instead of guessing based on directory names alone.
Frequently Asked Questions
Should I use find or du to locate large storage usage?
Use both, but for different purposes. find is better for locating specific large files, while du is better for understanding which directories or subdirectories are consuming space overall.
Is it safe to search the whole server at once?
It can be done, but it is often inefficient and noisy. In practice it is better to identify the full filesystem first and then search inside the relevant mount point or directory tree.
Can I delete large log files immediately?
Not automatically. Some log files are actively used by running services. You should confirm whether log rotation, truncation, or application-specific cleanup is the correct action before deleting them.
Why do I see permission denied messages during searches?
Because some paths require elevated privileges. On production systems, it is common to redirect permission errors to /dev/null or run the command with appropriate privileges when necessary.