What is Snapshot and restore in Elasticsearch?

Elasticsearchquery~5 mins

Snapshot and restore in Elasticsearch

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Snapshot and restore lets you save a copy of your Elasticsearch data and bring it back later. It helps keep your data safe and move it between clusters.

You want to back up your Elasticsearch data regularly to avoid losing it.

You need to move data from one Elasticsearch cluster to another.

You want to restore your data after a failure or accidental deletion.

You want to keep historical versions of your data for auditing.

You want to migrate data to a new Elasticsearch version safely.

Syntax

Elasticsearch

PUT /_snapshot/{repository}/{snapshot}
{
  "indices": "index1,index2",
  "ignore_unavailable": true,
  "include_global_state": false
}

repository is the name of the backup location you set up.

snapshot is the name you give to this backup copy.

Examples

This creates a snapshot named snapshot_1 in the my_backup repository for two indexes: logs-2023 and users.

Elasticsearch

PUT /_snapshot/my_backup/snapshot_1
{
  "indices": "logs-2023,users",
  "ignore_unavailable": true,
  "include_global_state": false
}

This restores the logs-2023 index from snapshot_1 and renames it to restored-logs-2023.

Elasticsearch

POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "logs-2023",
  "rename_pattern": "logs-(.+)",
  "rename_replacement": "restored-logs-$1"
}

Sample Program

This example first creates a snapshot repository called my_backup that saves backups to a folder on disk. Then it takes a snapshot of the test-index. Finally, it restores that snapshot but renames the index to restored-test-index.

Elasticsearch

PUT /_snapshot/my_backup
{
  "type": "fs",
  "settings": {
    "location": "/mnt/backups/elasticsearch"
  }
}

PUT /_snapshot/my_backup/snapshot_1
{
  "indices": "test-index",
  "ignore_unavailable": true,
  "include_global_state": false
}

POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "test-index",
  "rename_pattern": "test-(.+)",
  "rename_replacement": "restored-test-$1"
}

OutputSuccess

Important Notes

You must create a snapshot repository before taking snapshots.

Snapshots are incremental, so only new or changed data is saved after the first snapshot.

Restoring can rename indexes to avoid overwriting existing data.

Summary

Snapshot and restore help protect your Elasticsearch data by saving and recovering it.

You create a repository, take snapshots, and restore them when needed.

Snapshots can include specific indexes and be renamed on restore.