000029950 - Concentrator unable to catch up to decoder in RSA Security Analytics and NetWitness

Please note: changes to the timeRoll settings prunes data based on time on the decoder.  Once the data is pruned it is no longer available.
How to use the timeRoll parameter on a packet decoder:
timeRoll will prune data in the db based on time in either hours or days.
From the SA UI (any 10.X version)
Select the explorer view on the appliance, select database.
Right click on properties.
On the lower section of the screen, "Properties for Decoder  (decoder)/database"
Click on the pulldown next to "Parameters"
By default, "ls" the option, click on the pulldown and select timeRoll, example:


In the parameter window, enter a database value to pass to timeRoll.
Example:



timeroll type=packet date=2015-30-03 
..prunes packets earlier than March 30, 2015 .

Options for NwConsole (Netwitness 9.x and SA 10.X)
Example 1: Roll data older than one hour: 
/database timeroll hours=1 type=packet 
...prunes data older than 7 days 



Example 2: 
/database timeroll days=7 type=session,packet,meta 



Rolls data older than 7 days in session, packet and meta on the decoder.
This particular setting is useful in pruning all data and applies especially well to the use case described.