Deployment Architecture

Uninstall Splunk on Linux

Bill_B
Communicator

In the guide for uninstalling Splunk from Linux, it says; "rpm -e splunk_product_name".
What is meant by, "splunk_product_name"? Is that the name of the installed file?
I installed using the wget URL. So would the command be, "rpm -e splunk-6.1.1-207789-Linux-x86_64.tgz"?
Also, what directory should this command be executed from?

-Thank you

Tags (3)
0 Karma

mhouse3
Path Finder

It does not work for me. When I run it I get a bunch of errors and the /opt/splunk/ path is still there:

warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/messaging/Message.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/messaging: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/DispatchingModule.js: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/DispatchingModule.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/AbstractModule.js: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/AbstractModule.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new: remove failed: No such file or directory
warning: file /opt/splunk/ftr: remove failed: No such file or directory

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

It is warning that there are some files which are not part of that rpm package. Basically you should remove those after uninstall by rm -fr /opt/splunk.

Also remember possible volumes and/or SPLUNK_DB -directory if those are somewhere else than /opt/splunk/var/lib

Btw. It’s better to use yum remove splunk than rpm -e if yum is in use. Pure rpm can generate som lock issues to rpm db.

Ismo

0 Karma

codebuilder
Influencer

Agree with @soutamo , yum remove is always better practice, if available on your distro.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma

SantoshBansode
Explorer

rpm -qa | grep -i splunk
Then put the command rpm -e above_command_result
Example : rpm -e splunkforwarder-6.3.2-aaff59bb082c.x86_64

richgalloway
SplunkTrust
SplunkTrust

Run the following command to find the correct package name.

rpm -q -a | grep -i splunk

Pass the result to the rpm -e command.

---
If this reply helps you, Karma would be appreciated.

richgalloway
SplunkTrust
SplunkTrust

If you get no results from the rpm command then it probably means Splunk was not installed using rpm. You would then need to uninstall it manually.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Bill_B
Communicator

If the above command returns no result then a manual uninstall must done. Yes?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...