If you are a cloud user of Splunk Security Essentials, you can uninstall Splunk Security Essentials from the user interface.

1. From Splunk Enterprise or Splunk Cloud Platform, select Apps then Manage Apps.
2. Find the entry for Splunk Security Essentials and select Uninstall.

To remove Splunk Security Essentials from the command line, follow these steps:

1. (Optional) Remove the app or add-on's indexed data. Typically, the Splunk platform does not access indexed data from a deleted app or add-on. However, you can use the Splunk CLI clean command to remove indexed data from an app before deleting the app. See Remove data from indexes with the CLI command.
2. Delete the app and its directory. The app and its directory are typically located in $SPLUNK_HOME/etc/apps/<appname>. You can run the following command in the CLI:
3. You may need to remove user-specific directories created for your app or add-on by deleting any files found here: $SPLUNK_HOME/etc/users/*/<appname>
4. Restart the Splunk platform.