Deployment Architecture
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Uninstall Splunk on Linux

Bill_B
Communicator
‎06-05-2014 11:39 AM

In the guide for uninstalling Splunk from Linux, it says; "rpm -e splunk_product_name".
What is meant by, "splunk_product_name"? Is that the name of the installed file?
I installed using the wget URL. So would the command be, "rpm -e splunk-6.1.1-207789-Linux-x86_64.tgz"?
Also, what directory should this command be executed from?

-Thank you

Tags (3)
0 Karma
Reply

mhouse3
Path Finder
‎02-20-2020 06:20 PM

It does not work for me. When I run it I get a bunch of errors and the /opt/splunk/ path is still there:

warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/messaging/Message.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/messaging: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/DispatchingModule.js: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/DispatchingModule.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/AbstractModule.js: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new/AbstractModule.conf: remove failed: No such file or directory
warning: file /opt/splunk/share/splunk/search_mrsparkle/modules.new: remove failed: No such file or directory
warning: file /opt/splunk/ftr: remove failed: No such file or directory

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-21-2020 02:18 PM

Hi

It is warning that there are some files which are not part of that rpm package. Basically you should remove those after uninstall by rm -fr /opt/splunk.

Also remember possible volumes and/or SPLUNK_DB -directory if those are somewhere else than /opt/splunk/var/lib

Btw. It’s better to use yum remove splunk than rpm -e if yum is in use. Pure rpm can generate som lock issues to rpm db.

Ismo

0 Karma
Reply

codebuilder
Influencer
‎02-24-2020 09:28 AM

Agree with @soutamo , yum remove is always better practice, if available on your distro.

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Reply

SantoshBansode
Explorer
‎05-10-2016 03:11 AM

rpm -qa | grep -i splunk
Then put the command rpm -e above_command_result
Example : rpm -e splunkforwarder-6.3.2-aaff59bb082c.x86_64

Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-05-2014 12:16 PM

Run the following command to find the correct package name.

rpm -q -a | grep -i splunk

Pass the result to the rpm -e command.

---
If this reply helps you, Karma would be appreciated.
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-05-2014 01:06 PM

If you get no results from the rpm command then it probably means Splunk was not installed using rpm. You would then need to uninstall it manually.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

Bill_B
Communicator
‎06-05-2014 12:31 PM

If the above command returns no result then a manual uninstall must done. Yes?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
li.common.scroll-to.top