Splunk® Security Essentials

Install and Configure Splunk Security Essentials

Uninstall Splunk Security Essentials

You can uninstall Splunk Security Essentials from either the user interface or the command line.

Uninstall Splunk Security Essentials from the user interface

If you are a cloud user of Splunk Security Essentials, you can uninstall Splunk Security Essentials from the user interface.

  1. From Splunk Enterprise or Splunk Cloud Platform, select Apps then Manage Apps.
  2. Find the entry for Splunk Security Essentials and select Uninstall.

Uninstall Splunk Security Essentials from the command line

To remove Splunk Security Essentials from the command line, follow these steps:

  1. (Optional) Remove the app or add-on's indexed data. Typically, the Splunk platform does not access indexed data from a deleted app or add-on. However, you can use the Splunk CLI clean command to remove indexed data from an app before deleting the app. See Remove data from indexes with the CLI command.
  2. Delete the app and its directory. The app and its directory are typically located in $SPLUNK_HOME/etc/apps/<appname>. You can run the following command in the CLI:
    ./splunk remove app [appname] -auth <username>:<password>
  3. You may need to remove user-specific directories created for your app or add-on by deleting any files found here: $SPLUNK_HOME/etc/users/*/<appname>
  4. Restart the Splunk platform.
Last modified on 25 July, 2023
Install Splunk Security Essentials   Configure Splunk Security Essentials

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters