Why am I unable to delete Splunk from an Ubuntu se...

splunkfly · ‎04-18-2016

I tried deleting Splunk completely from the Ubuntu server. I'm able to delete the splunk_home directory, but when I refresh I could see the Splunk directory again. I tried multiple times, but it is still not getting deleted. Under Splunk_Home I can barely see one directory Splunk_Home/var/

Please help me to delete this completely from my system. I stopped the Splunk server before I deleted with /bin/splunk stop

jensonthottian · ‎04-18-2016

what user are you logged in as, do you have permissions to delete it.

Try doing a sudo su - root before using the rm command.

splunkfly · ‎04-19-2016

Yes, I'm a root user. I have all the permissions, it is getting deleted when i delete it, but after few minutes the directory appears again at the same location.

jensonthottian · ‎04-19-2016

For sure you might have some process running which creates again files and dirs you just deleted.

Run the below and please provide the result:

cd /opt/splunk ; df .

splunkfly · ‎04-20-2016

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/dm-0 80083800 2456832 73535884 4% /

Why am I unable to delete Splunk from an Ubuntu server?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation