Remove the Log Correlation Engine Splunk Client

Note: All shell commands need to be executed by a user with root privileges.

To remove the Log Correlation Engine Splunk Client:

  1. To query the rpm database to obtain the name of the currently installed package, type rpm -qa |grep lce_.


    # rpm -qa |grep lce_


  2. Type rpm -e lce_splunk.

    The Splunk Client package is removed.


    # rpm -e lce_splunk

    warning: /opt/lce_splunk/server_assignment.xml saved as /opt/lce_splunk/server_assignment.xml.rpmsave

  3. Optionally, type rm -rf /opt/lce_splunk/ to remove the Splunk Client install directory. Configuration and log files will remain unless the directory is removed.

    An additional file, /etc/tenable_tag, will be installed with the Splunk Client if it does not already exist. This file contains a UUID that tracks all events related to the endpoint on which the client is installed. This file should only be removed if no other Tenable products are in use, and no others will be installed on the endpoint in the future.