How to enable to event cold storage for later viewing

• EDR Server: 6.1.x and above (Formerly CB Response)

1. Log into the server via ssh/terminal
2. Open /etc/cb/cb.conf
3. Find the value "AlwaysDeleteColdPartitions=" and set to false
4. Restart the server services: How to Restart Server Services

• For clustered environments, the configuration needs to be added to the minions/nodes as well before service restart
• If "AlwaysDeleteColdPartitions=" does not exist, add it anywhere as a line in the cb.conf file
• Cold cores should be moved off the Response data drive to ensure warm core retention has enough space

How to remount Solr Cold Core Partitions