• Read This First
  • Before you install
    • System Requirements
    • Installing as root
  • What Gets Installed
• Step by Step Installation
  • Step 1: Unpack the software
    • Tarball
    • RPM
    • deb
    • FreeBSD
    • Mac OS
    • Solaris
  • Step 2: Start Splunk
  • Step 3: Install your license
    • Using SplunkWeb
    • From the command line
  • Install Splunk Enterprise Manager
• Install Splunk Toolbar
  • How to Install the Splunk toolbar for Firefox
    • Install from download page
    • Install from Splunk server
    • Uninstall Splunk toolbar
  • How to install the Splunk toolbar for Internet Explorer (beta)
    • Install Internet Explorer toolbar from download page
    • Install toolbar in Internet Explorer
    • Uninstall Internet Explorer toolbar
• Advanced Installation Topics
  • Automated installation
  • Configure Splunk to Start at System Startup
  • Run Splunk as a non-root user
    • Start Splunk as a non-root user
  • SELinux
  • License Management
    • Installing or updating a license
  • Uninstall Splunk
    • RedHat Linux
    • Debian Linux
    • Solaris
    • FreeBSD
    • Manual uninstall
• Upgrade Instructions
  • Read this first before upgrading to 3.1.x
    • Form search
    • Search language simplification
    • Archiving
  • Upgrading 2.1.x or 2.2.x to 3.1.x
    • Step 1: Administrative preparation
    • Step 2: Install a 3.x package and update your database
    • Step 3: Update and restore your configuration files
  • Upgrading from Splunk versions 3.0.x through 3.1.x to Splunk versions 3.1.x through 3.1.5
    • For rpm, pkg, and deb upgrades
    • For tar upgrades
  • Upgrading a forwarder from 2.x to 3.x
    • To upgrade a forwarder from 2.x to 3.x
• Help
  • Getting Help
    • Accessing help in SplunkWeb
    • Accessing help in the command line (CLI)
    • How can I learn more about Splunk's advanced features?
    • I lost my Splunk.com password. What do I do?
    • How do I report problems?
    • How can I make suggestions?
    • I have some questions that aren't answered here. Where can I get help?
  • Installer options
• Reference
  • File Manifest
  • PGP Public Key
    • Installing the key

Uninstall Splunk

Use your local package management commands to uninstall Splunk. In most cases, files not originally installed by the package will be retained. This usually means your configuration and index files, which are under the same directory (default /opt/splunk) as the rest of the installation by default.

RedHat Linux

# rpm --e splunk-2.1-0

Debian Linux

# dpkg -r splunk

Solaris

# pkgrm splunk

FreeBSD

# pkg_delete splunk

In most cases, files not originally installed by the rpm package will be retained. This usually means the configuration and index files, which are under the same directory (default ///opt/splunk) as the rest of the installation by default.

Manual uninstall

If you can't use package management commands, these commands will remove the installed components except for any init scripts that have been created.

1. First, find and kill any process with "splunk" in its name.
   • For Linux and Solaris: kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`
   • For FreeBSD and Mac OS: kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`
2. rm -rf /opt/splunk (or wherever you installed Splunk)
3. rm -rf /opt/splunkdata (if a datastore or indexes outside the top-level directory exist)
4. userdel splunk
5. groupdel splunk