Why am I unable to delete Splunk from an Ubuntu se...

splunkfly · ‎04-18-2016

I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I refresh I could see the Splunk directory again. I tried multiple times, but it is still not getting deleted. Under Splunk_Home I can barely see one directory Splunk_Home/var/

Please help me to delete this completely from my system. I stopped the Splunk server before I deleted with /bin/splunk stop

jensonthottian · ‎04-18-2016

what user are you logged in as, do you have permissions to delete it.

Try doing a sudo su - root before using the rm command.

splunkfly · ‎04-19-2016

Yes, I'm a root user. I have all the permissions, it is getting deleted when i delete it, but after few minutes the directory appears again at the same location.

jensonthottian · ‎04-19-2016

For sure you might have some process running which creates again files and dirs you just deleted.

Run the below and please provide the result:

cd /opt/splunk ; df .

splunkfly · ‎04-20-2016

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/dm-0 80083800 2456832 73535884 4% /

Why am I unable to delete Splunk from an Ubuntu server?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

Why am I unable to delete Splunk from an Ubuntu server?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine