CB Response: Events Schema Changes from v1 to v2 During Upgrade Despite Setting

CB Response: Events Schema Changes from v1 to v2 During Upgrade Despite Setting

search cancel

CB Response: Events Schema Changes from v1 to v2 During Upgrade Despite Setting

book

Article ID: 287380

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

During upgrade writer core/shard changes to v2 schema despite the CurrentEventsSchema=cbevents_v1 setting in /etc/cb/cb.conf

Environment

CB Response: 6.x

Cause

During CB Response Server upgrade v2 schema is suggested and default

Resolution

Once the writer core is on a cbevents_v2 schema , to revert back to cbevents_v1 we can force a rollover after confirming the setting below inside /etc/cb/cb.conf :

CurrentEventsSchema=cbevents_v1

Force a rollover :

sudo curl --tlsv1.2 -H "X-Auth-Token: `psql -p 5002 cb -t -c 'select auth_token from cb_user where id = '1';'`" -X POST -k "https://localhost/api/v1/storage/events/new_partition"

The new writer core should show configSet=cbevents_v1 inside the core's core.properties file (IE : /var/cb/data/solr5/cbevents/cbevents_<date>/core.properties)

Additional Information

Sha256 is not supported on cbevents_v1

Feedback

thumb_up Yes

thumb_down No