Remove the Log Correlation Engine Splunk Client
Note: All shell commands need to be executed by a user with root privileges.
To remove the Log Correlation Engine Splunk Client:
To query the rpm database to obtain the name of the currently installed package, type
rpm -qa |grep lce_.
# rpm -qa |grep lce_
rpm -e lce_splunk.
The Splunk Client package is removed.
# rpm -e lce_splunk
warning: /opt/lce_splunk/server_assignment.xml saved as /opt/lce_splunk/server_assignment.xml.rpmsave
rm -rf /opt/lce_splunk/to remove the Splunk Client install directory. Configuration and log files will remain unless the directory is removed.
An additional file, /etc/tenable_tag, will be installed with the Splunk Client if it does not already exist. This file contains a UUID that tracks all events related to the endpoint on which the client is installed. This file should only be removed if no other Tenable products are in use, and no others will be installed on the endpoint in the future.