I search on internet that we have to unistall each of the ELK part one by one like unistall stand-alone kibana, elastic search, and logstash. Is there any command which no need to unistall all of them one by one but using only one single command ?
this is the package that i used in my source.list
deb https://artifacts.elastic.co/packages/6.x/apt stable main
Take a look at the configured data directories in the respective files under /etc/elasticsearch, logstash and kibana. Remember the data directories. /var/lib/elasticsearch and so on are the defaults.
Then:
apt-get remove --purge elasticsearch logstash kibana
This should remove the package contents and the config files. As for data and cache files, you need to check the directories configured in the config files and remove those with manually.
As per ELK V.7 upwards, an IDS security apps for server called WAZUH have some documentation about uninstalling ELK from Debian systems. It says:
To uninstall Elasticsearch:
apt-get remove elasticsearchThere are files marked as configuration and data files. Due to this designation, the package manager doesn’t remove those files from the filesystem. The complete files removal action is a user responsibility. It can be done by removing the folder /var/lib/elasticsearch and /etc/elasticsearch.
and
To uninstall Kibana:
apt-get remove kibanaAs in the previous case, the complete files removal can be done by removing the folder /var/lib/kibana and /etc/kibana.
