Version
Cb Response 5.x
Issue
Single process ran before MaxEventStoreDays retention settings in /etc/cb/cb.conf
Symptoms
- Process Analysis page is showing last update from x months ago beyond settings in MaxEventStoreDays.
- The last_server_update date in Solr Process Document is fewer days than MaxEventStoreDays retention setting.
Note: To collect the last_server_update field from a process document follow the Process Document section of this guide:
Query Documents Via Curl (SSH/Terminal)
Cause
A feed or watchlist hit on the processes sets the last_server_update to the current time. We want to verify that you have enough time to analyze the feed hit before the process document gets purged. This is to help reduce instances of a 404 error described here:
Selecting an event from the Alerts page results in a 404 page
Note: In rare occurrences this process can happen multiple times, extending the the retention of this document well beyond standard retention periods
Solution
The product is working as designed. When the document doesn't receive any hits till MaxEventStoreDays is reached, it will be purged.