TOC & Recently Viewed

Recently Viewed Topics

Remove the LCE Splunk Client

Note: All shell commands need to be executed by a user with root privileges.

To remove the LCE Splunk Client:

  1. To query the rpm database to obtain the name of the currently installed package, type rpm -qa |grep lce_.


    # rpm -qa |grep lce_


  2. Type rpm -e lce_splunk.

    The Splunk Client package is removed.


    # rpm -e lce_splunk

    warning: /opt/lce_splunk/server_assignment.xml saved as /opt/lce_splunk/server_assignment.xml.rpmsave

  3. Optionally, type rm -rf /opt/lce_splunk/ to remove the Splunk Client install directory. Configuration and log files will remain unless the directory is removed.

    An additional file, /etc/tenable_tag, will be installed with the Splunk Client if it does not already exist. This file contains a UUID that tracks all events related to the endpoint on which the client is installed. This file should only be removed if no other Tenable products are in use, and no others will be installed on the endpoint in the future.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.