I tried $SPLUNK_HOME$/bin/splunk remove app SplunkEnterpriseSecuritySuite and it tells me "app doesn't exist" -- It does... I'm looking at it. Same thing when I try to uninstall any of the SA or DA apps using the splunk binary.
I'm about to hard rip the directories but I just wanted to check to see if anyone had a more elegant way of doing this.
Hey proletariat99, the change from https to http is expected. The Splunk App for Enterprise Security changes splunkweb from http to https, so upon removal, it would revert back.
Also, if you're antsy about removing apps in the future, you can just move an app to the disabled-apps directory $SPLUNK_HOME/etc/disabled-apps) and restart. That way they're always there if you want to move them back.
Thanks. I just needed one confirmation before I felt okay pulling the trigger.
So I removed all the apps by using the following commands:
$ rm -rf SplunkEnterpriseSecurity*
$ rm -rf SA-*
$ rm -rf DA-ESS*
I thought that was odd, because I didn't change anything else.