Documentation: 3.3.2
Print Version Contents
This page last updated: 10/24/08 09:10am

Uninstall Splunk manually

This topic discusses how to remove installed components of Splunk if you can't use package management commands.

Note: These will not remove any init scripts that have been created.

1. Stop Splunk.

$SPLUNK_HOME/bin/splunk stop

2. Find and kill any lingering processes that contain "splunk" in its name.
For Linux and Solaris:

kill -9 `ps -ef | grep splunk | grep -v grep | awk '{print $2;}'`

For FreeBSD and Mac OS

kill -9 `ps ax | grep splunk | grep -v grep | awk '{print $1;}'`

3. Remove the Splunk installation directory, $SPLUNK_HOME.

rm -rf /opt/splunk

3. Remove any Splunk datastore or indexes outside the top-level directory, if they exist.

rm -rf /opt/splunkdata

4. Delete the splunk user and group, if they exist.
For Linux, Solaris, and FreeBSD:

userdel splunk
groupdel splunk

For Mac OS:
You can use the System Preferences > Accounts panel to manage users and groups.

Previous: Configure SELinux    |    Next: Upgrade and migrate to 3.3 and later

Comments

  1. blance and jalles: i've edited the page to clarify the steps. If you have further problems or questions, please contact support@splunk.com.
    Posted by sophy on Oct 24 2008, 9:24am

  2. I'm having the same issue, the commands do not work.
    Posted by jalles on Oct 23 2008, 9:03pm

  3. These commands do not work for Mac OS.
    Posted by blance on Oct 17 2008, 9:03am

Log in to comment.