• Unexpectedly large disk usage on the /var/cb partition
• Outdated (legacy) cbevents files consuming unexpectedly high disk usage
• Low event retention

• EDR (formerly CB Response) Server: 6.1 or Higher
• EDR (formerly CB Response) Server 5.x previously installed

• An unusually large cbevents core was generated after upgrade from 5.x to 6.x
• The core did not get automatically deleted due to process timeout and a retry was never attempted

1. Identify the oldest, or outdated 5.x cbevents core file(s):

curl "http://127.0.0.1:8080/solr/admin/cores?action=STATUS&wt=json&indexInfo=false&indent=true" | grep name | grep cbevents5_

2. Manually unload each of the outdated cbevents core file(s), substituting <core_name> with the core folder name:

curl "http://localhost:8080/solr/admin/cores?action=UNLOAD&core=​​<core_name>"

3. Verify outdated cbevents core file(s) were successfully unloaded:

curl "http://127.0.0.1:8080/solr/admin/cores?action=STATUS&wt=json&indexInfo=false&indent=true" | grep name | grep cbevents5_

4. Manually delete the outdated cbevents core file(s) from the Linux file system, subsituting <core_name> with the core folder name:
   • This solution will irrecoverably remove data from the Cb Response server.

rm -rf /var/cb/data/solr5/cbevents/<core_name>

• Outdated cbevents core files will be named:  cbevents5_*  Example:  cbevents5_0, cbevents5_1, cbevents5_2, etc.
• If Solr is not running, cores can be removed by running the rm command above without unmounting via curl
• After removing this data, a 404 page may appear on the Process Analysis page when attempting to view process information for event data collected by these older cores.
• Events from removed cores will no longer appear in Process Search.