EDR Server: There are two solr directories with events the same events - /var/cb/data/solr and /var/cb/data/solr5
search cancel

EDR Server: There are two solr directories with events the same events - /var/cb/data/solr and /var/cb/data/solr5

book

Article ID: 290218

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

The data directory (normally /var/cb/data) contains two solr directories. The solr directory appear to have the same event data seen in solr5

Environment

  • EDR Server: 6.x and higher

Cause

  • There is a symlink from solr to the solr5 directory
  • When a directory list is run against solr, it will list the content of the solr5 directory

Resolution

The symlink is created to handle the migration from previous solr version's event logs. There is no duplicate data and disc space should not be affected

Additional Information

The number on the second solr may vary depending on the previous solr versionĀ 
Powered by Wolken Software