How to Uninstall Elasticsearch on Linux


Uninstalling Elasticsearch on Linux is as easy as running just a couple of simple commands; however, a bit of preparation will ensure a clean uninstall. Before attempting to remove or uninstall Elasticsearch Linux, it’s important to keep a few items in mind: Be sure that any Elastic products or service have been shutdown before beginning the uninstall process. It’s best to enter the commands to uninstall Elasticsearch as a ‘superuser’. Use the ‘sudo’ command in the terminal to elevate yourself to superuser status. * You’ll need to know which distribution or version of Linux is running on your server. To find out the distribution, use the following command:

cat /etc/os-release
  • The output in the terminal will look similar to this:
VERSION="18.04.2 LTS (Bionic Beaver)"
  • Take special note of the value of ID_LIKE in this output: The specific method used to shut down and remove Elasticsearch for your server will vary depending on whether the value is fedora or debian.

Shut Down The ELK Stack

  • Before attempting to remove the ELK stack, it’s important to make sure the Elasticsearch service isn’t running. This can be confirmed with the following cURL request:
curl http://localhost:9200/_cluster/health?pretty
  • The terminal output should say something similar to Failed to connect to localhost port... if Elasticsearch is not running
  • Another way to confirm that the Elasticsearch service is not running is to check for JVMs that are currently running on the system. To perform this check, use the jps command-line tool, including a search of the output for Elasticsearch to specifically check for Elasticsearch JVMs:
jps | grep Elasticsearch
  • If no Elasticsearch JVMs are running on your system, the terminal output will return nothing from the grep Elasticsearch command.
  • If any active Elasticsearch JVMs are still running, the output of the grep Elasticsearch command will include the PID and the name of each service that’s running. To stop these services, use the kill command, specifying the PID of the service you want to kill.
  • If any associated processes are still running that were not identified through the grep Elasticsearch command, try a grep command with broader search parameters to locate any active processes that are related to Elasticsearch:
ps -ef | grep elas

Uninstall Elasticsearch

  • Once Elasticsearch has been completely shut down, it’s time to remove the package. The simplest method for removing a package on Debian-based distributions is to use the apt-get command-line tool. Using this tool with the remove option will successfully uninstall the Elasticsearch package while retaining any configuration files in the appropriate directories:
sudo apt-get remove elasticsearch
  • For Red Hat distributions such as Fedora or CentOS, the rpm command can be used with the -e option if the Elasticsearch package was installed with RPM:
rpm -e elasticsearch
  • In some Red Hat Linux systems, Elasticsearch may have been installed with the YUM package-management tool. If this is the case, use the following command to uninstall Elasticsearch Linux:
sudo yum remove elasticsearch
  • Note: Using the YUM command-line tool to uninstall Elasticsearch on Red Hat Linux doesn’t always preserve configuration files. This is quite different from the RPM tool, which preserves config files in a backup.

  • If any of these commands don’t seem to be working as expected, be sure to double-check the version of Elasticsearch that’s installed on your server, the Linux distribution, and the specific package-management tool that was used to install Elasticsearch. Problems with the uninstall commands are usually related to incorrect information about these items.

Purging Elasticsearch Configuration Files

  • For Debian distributions, using the purge command with the apt-get tool yields similar results to using the remove command. The difference is that purge removes the entire package along with all of its configuration files:
sudo apt-get --purge autoremove elasticsearch
  • Another simple way to remove a .deb package on a Debian distribution is by using the dpkg command. Use the following terminal command to uninstall Elasticsearch this way:
sudo dpkg --remove elasticsearch
  • To make sure that a package’s configuration files are removed along with the package itself, execute the dpkg command a second time, adding the --purge option to clear out config files:
sudo dpkg --purge elasticsearch
  • In some cases, it may seem difficult to remove all traces of the Elasticsearch package on a Debian Linux distribution. Running the dpkg --purge command with an additiona --force-all option will make sure a clean uninstall occurs:
sudo dpkg --purge --force-all elasticsearch
  • Removing the following directories manually can also help ensure the3 cleanest possible uninstall:
sudo rm -rf /var/lib/elasticsearch/
sudo rm -rf /etc/elasticsearch
  • Another file to remove manually is the ‘service’ script. This script is found in the /etc/init.d/elasticsearch directory, though the exact location will vary based on the installed version of Elasticsearch and the version of Linux running on the server.


Uninstalling Elasticsearch on Linux doesn’t have to be a difficult task. One key to success is to use the correct commands for the Linux distribution running on the server. Another important step is use the built-in package-management tool or repository that was used to install Elasticsearch in the first place. With these simple strategies, a clean uninstall will be quick and easy.

Pilot the ObjectRocket platform free for 30 Days

It's easy to get started. Imagine the time you'll save by not worrying about database management. Let's do this!


Keep in the know!

Subscribe to our emails and we’ll let you know what’s going on at ObjectRocket. We hate spam and make it easy to unsubscribe.