|Applies To||RSA Product Set: Security Analytics, NetWitness|
RSA Product/Service Type: Concentrator, Decoder
RSA Version/Condition: 9.8.x, 10.x
|Issue||When a failed concentrator is brought back online (for reason inspecific) without its previous meta set, the concentrator may fail to reasonably catch up to the decoder due to the sheer volume of decoder data (several terabyte, for example). In circumstances such as this, a practical solution is to establish a reasonable amount of data that the concentrator will be able to consume based on time.|
Please note: changes to the timeRoll settings prunes data based on time on the decoder. Once the data is pruned it is no longer available.