How to Uninstall Elasticsearch on Linux
Uninstalling Elasticsearch on Linux is as easy as running just a couple of simple commands; however, a bit of preparation will ensure a clean uninstall. Before attempting to remove or uninstall Elasticsearch Linux, it’s important to keep a few items in mind: Be sure that any Elastic products or service have been shutdown before beginning the uninstall process. It’s best to enter the commands to uninstall Elasticsearch as a ‘superuser’. Use the ‘sudo’ command in the terminal to elevate yourself to superuser status. * You’ll need to know which distribution or version of Linux is running on your server. To find out the distribution, use the following command:
- The output in the terminal will look similar to this:
VERSION="18.04.2 LTS (Bionic Beaver)"
- Take special note of the value of
ID_LIKEin this output: The specific method used to shut down and remove Elasticsearch for your server will vary depending on whether the value is
Shut Down The ELK Stack
- Before attempting to remove the ELK stack, it’s important to make sure the Elasticsearch service isn’t running. This can be confirmed with the following cURL request:
- The terminal output should say something similar to
Failed to connect to localhost port...if Elasticsearch is not running
- Another way to confirm that the Elasticsearch service is not running is to check for JVMs that are currently running on the system. To perform this check, use the
jpscommand-line tool, including a search of the output for
Elasticsearchto specifically check for Elasticsearch JVMs:
- If no Elasticsearch JVMs are running on your system, the terminal output will return nothing from the
- If any active Elasticsearch JVMs are still running, the output of the
grep Elasticsearchcommand will include the PID and the name of each service that’s running. To stop these services, use the
killcommand, specifying the PID of the service you want to kill.
- If any associated processes are still running that were not identified through the
grep Elasticsearchcommand, try a
grepcommand with broader search parameters to locate any active processes that are related to Elasticsearch:
- Once Elasticsearch has been completely shut down, it’s time to remove the package. The simplest method for removing a package on Debian-based distributions is to use the
apt-getcommand-line tool. Using this tool with the
removeoption will successfully uninstall the Elasticsearch package while retaining any configuration files in the appropriate directories:
- For Red Hat distributions such as Fedora or CentOS, the
rpmcommand can be used with the
-eoption if the Elasticsearch package was installed with RPM:
- In some Red Hat Linux systems, Elasticsearch may have been installed with the YUM package-management tool. If this is the case, use the following command to uninstall Elasticsearch Linux:
Note: Using the YUM command-line tool to uninstall Elasticsearch on Red Hat Linux doesn’t always preserve configuration files. This is quite different from the RPM tool, which preserves config files in a backup.
If any of these commands don’t seem to be working as expected, be sure to double-check the version of Elasticsearch that’s installed on your server, the Linux distribution, and the specific package-management tool that was used to install Elasticsearch. Problems with the uninstall commands are usually related to incorrect information about these items.
Purging Elasticsearch Configuration Files
- For Debian distributions, using the
purgecommand with the
apt-gettool yields similar results to using the
removecommand. The difference is that
purgeremoves the entire package along with all of its configuration files:
- Another simple way to remove a
.debpackage on a Debian distribution is by using the
dpkgcommand. Use the following terminal command to uninstall Elasticsearch this way:
- To make sure that a package’s configuration files are removed along with the package itself, execute the
dpkgcommand a second time, adding the
--purgeoption to clear out config files:
- In some cases, it may seem difficult to remove all traces of the Elasticsearch package on a Debian Linux distribution. Running the
dpkg --purgecommand with an additiona
--force-alloption will make sure a clean uninstall occurs:
- Removing the following directories manually can also help ensure the3 cleanest possible uninstall:
sudo rm -rf /etc/elasticsearch
- Another file to remove manually is the ‘service’ script. This script is found in the
/etc/init.d/elasticsearchdirectory, though the exact location will vary based on the installed version of Elasticsearch and the version of Linux running on the server.
Uninstalling Elasticsearch on Linux doesn’t have to be a difficult task. One key to success is to use the correct commands for the Linux distribution running on the server. Another important step is use the built-in package-management tool or repository that was used to install Elasticsearch in the first place. With these simple strategies, a clean uninstall will be quick and easy.