Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

Uninstall Splunk

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6

Uninstall Splunk

Before you uninstall, stop Splunk. Navigate to $SPLUNK_HOME/bin and type ./splunk stop (or just splunk stop on Windows).

Use your local package management commands to uninstall Splunk. In most cases, files that were not originally installed by the package will be retained. These files include your configuration and index files which are under your installation directory.

Note: $SPLUNK_HOME refers to the Splunk installation directory. On Windows, this is C:\Program Files\Splunk by default. For most Unix platforms, the default installation directory is /opt/splunk; for Mac OS, it is /Applications/splunk.

RedHat Linux

To uninstall Splunk on RedHat: 

rpm -e splunk_product_name

Debian Linux

To uninstall Splunk on Debian: 

dpkg -r splunk

To purge (delete everything, including configuration files) on Debian: 

dpkg -P splunk

FreeBSD

To uninstall Splunk from the default location on FreeBSD: 

pkg_delete splunk

To uninstall Splunk from a different location on FreeBSD: 

pkg_delete -p /usr/splunk splunk

Solaris

To uninstall Splunk on Solaris: 

pkgrm splunk

Windows

To uninstall Splunk on Windows:

Use the Add or Remove Programs option in the Control Panel.

Uninstall Splunk manually

If you can't use package management commands, use these instructions to uninstall Splunk.

Note: These instructions will not remove any init scripts that have been created.

1. Stop Splunk. 

$SPLUNK_HOME/bin/splunk stop

2. Find and kill any lingering processes that contain "splunk" in its name.

For Linux and Solaris: 

kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`

For FreeBSD and Mac OS 

kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`

3. Remove the Splunk installation directory, $SPLUNK_HOME. For example: 

rm -rf /opt/splunk

Note: For Mac OS, you can also remove the installation directory by dragging the folder into the trash.

3. Remove any Splunk datastore or indexes outside the top-level directory, if they exist. 

rm -rf /opt/splunkdata

4. Delete the splunk user and group, if they exist.

For Linux, Solaris, and FreeBSD: 

userdel splunk
groupdel splunk

For Mac OS: You can use the System Preferences > Accounts panel to manage users and groups.

For Windows: Open a command prompt and run the command msiexec /x against the msi package that you installed.

Retrieved from "http://www.splunk.com/base/Documentation/4.0.6/Installation/UninstallSplunk"
Revision: 207 | Contact | Privacy Policy | Terms of Use | Community content licensed under Creative Commons

Copyright © 2005-2009 Splunk Inc. All rights reserved.