For reason I don’t want to go into, we need to uninstall our Splunkforwarders and then reinstall them. We are alson in the process of moving from Puppet to Bigfix. So we setup Puppet to uninstall splunk and then plan to use Bigfix to install the new version and environment. However, Bigfix on our Ubuntu systems don’t seem to recognize that splunk has been uninstalled.
apt purge splunkforwarder
Reading package lists… Done
Building dependency tree
Reading state information… Done
Package ‘splunkforwarder’ is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 75 not upgraded.
Default masthead location, using /etc/opt/BESClient/actionsite.afxm
Q: (version of it) of packages whose (name of it contains “splunkforwarder”) of debianpackages
As you can see, debianpackages is still reporting that the splunkforwarder is install, when it has been deleted from the system. Anyone seen this behavior?