This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4
Use your local package management commands to uninstall Splunk. In most cases, files not originally installed by the package will be retained. This usually means your configuration and index files, which are under the same directory (default /opt/splunk) as the rest of the installation by default.
# rpm --e splunk-2.1-0
# dpkg -r splunk
# pkgrm splunk
# pkg_delete splunk
In most cases, files not originally installed by the rpm package will be retained. This usually means the configuration and index files, which are under the same directory (default ///opt/splunk) as the rest of the installation by default.
If you can't use package management commands, these commands will remove the installed components except for any init scripts that have been created.
kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`
kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`
rm -rf /opt/splunk (or wherever you installed Splunk)
rm -rf /opt/splunkdata (if a datastore or indexes outside the top-level directory exist)
userdel splunk
groupdel splunk