Bird
Raised Fist0
Elasticsearchquery~5 mins

Snapshot and restore in Elasticsearch

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

Snapshot and restore lets you save a copy of your Elasticsearch data and bring it back later. It helps keep your data safe and move it between clusters.

You want to back up your Elasticsearch data regularly to avoid losing it.
You need to move data from one Elasticsearch cluster to another.
You want to restore your data after a failure or accidental deletion.
You want to keep historical versions of your data for auditing.
You want to migrate data to a new Elasticsearch version safely.
Syntax
Elasticsearch
PUT /_snapshot/{repository}/{snapshot}
{
  "indices": "index1,index2",
  "ignore_unavailable": true,
  "include_global_state": false
}

repository is the name of the backup location you set up.

snapshot is the name you give to this backup copy.

Examples
This creates a snapshot named snapshot_1 in the my_backup repository for two indexes: logs-2023 and users.
Elasticsearch
PUT /_snapshot/my_backup/snapshot_1
{
  "indices": "logs-2023,users",
  "ignore_unavailable": true,
  "include_global_state": false
}
This restores the logs-2023 index from snapshot_1 and renames it to restored-logs-2023.
Elasticsearch
POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "logs-2023",
  "rename_pattern": "logs-(.+)",
  "rename_replacement": "restored-logs-$1"
}
Sample Program

This example first creates a snapshot repository called my_backup that saves backups to a folder on disk. Then it takes a snapshot of the test-index. Finally, it restores that snapshot but renames the index to restored-test-index.

Elasticsearch
PUT /_snapshot/my_backup
{
  "type": "fs",
  "settings": {
    "location": "/mnt/backups/elasticsearch"
  }
}

PUT /_snapshot/my_backup/snapshot_1
{
  "indices": "test-index",
  "ignore_unavailable": true,
  "include_global_state": false
}

POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "test-index",
  "rename_pattern": "test-(.+)",
  "rename_replacement": "restored-test-$1"
}
OutputSuccess
Important Notes

You must create a snapshot repository before taking snapshots.

Snapshots are incremental, so only new or changed data is saved after the first snapshot.

Restoring can rename indexes to avoid overwriting existing data.

Summary

Snapshot and restore help protect your Elasticsearch data by saving and recovering it.

You create a repository, take snapshots, and restore them when needed.

Snapshots can include specific indexes and be renamed on restore.

Practice

(1/5)
1. What is the main purpose of taking a snapshot in Elasticsearch?
easy
A. To save a backup of your data for recovery later
B. To speed up search queries
C. To delete old indexes automatically
D. To create new indexes from templates

Solution

  1. Step 1: Understand snapshot purpose

    A snapshot in Elasticsearch is used to save a backup of your data at a point in time.

  2. Step 2: Compare options

    Options B, C, and D describe other Elasticsearch features, not snapshot backup.

  3. Final Answer:

    To save a backup of your data for recovery later -> Option A

  4. Quick Check:

    Snapshot = Backup [OK]
Hint: Snapshots save data backups for recovery [OK]
Common Mistakes:
  • Confusing snapshots with index templates
  • Thinking snapshots speed up searches
  • Assuming snapshots delete data
2. Which of the following is the correct syntax to create a snapshot repository in Elasticsearch?
easy
A. POST /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
B. PUT /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
C. GET /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
D. DELETE /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}

Solution

  1. Step 1: Identify correct HTTP method for creating repository

    Creating a snapshot repository uses the PUT method to define or update it.

  2. Step 2: Check other methods

    POST is for creating snapshots, GET is for retrieving info, DELETE is for removing repositories.

  3. Final Answer:

    PUT /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}} -> Option B

  4. Quick Check:

    Repository creation = PUT [OK]
Hint: Use PUT to create or update snapshot repositories [OK]
Common Mistakes:
  • Using POST instead of PUT for repository creation
  • Confusing GET with creation commands
  • Trying to delete instead of create repository
3. Given this snapshot restore request:
POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "index1,index2",
  "rename_pattern": "index(.*)",
  "rename_replacement": "restored_index$1"
}

What will be the name of the restored index originally named index2?
medium
A. restored_index2
B. restored_index_index2
C. index2
D. index_restored2

Solution

  1. Step 1: Understand rename_pattern and rename_replacement

    The pattern "index(.*)" captures the part after "index". The replacement "restored_index$1" adds "restored_index" plus the captured part.

  2. Step 2: Apply to index2

    For "index2", the captured part is "2", so the new name is "restored_index2".

  3. Final Answer:

    restored_index2 -> Option A

  4. Quick Check:

    Rename pattern + replacement = restored_index2 [OK]
Hint: Captured group $1 appends after renamed prefix [OK]
Common Mistakes:
  • Ignoring rename_pattern and keeping original name
  • Adding extra 'index' in the replacement
  • Misplacing the captured group in new name
4. You try to restore a snapshot but get an error: repository_missing_exception. What is the most likely cause?
medium
A. The snapshot name is incorrect
B. The cluster is running an incompatible Elasticsearch version
C. The snapshot repository does not exist or is not registered
D. The indices in the snapshot are corrupted

Solution

  1. Step 1: Understand repository_missing_exception meaning

    This error means Elasticsearch cannot find the snapshot repository to access snapshots.

  2. Step 2: Check other options

    Snapshot name errors cause different exceptions; corrupted indices cause restore failures but not repository missing; version mismatch causes other errors.

  3. Final Answer:

    The snapshot repository does not exist or is not registered -> Option C

  4. Quick Check:

    repository_missing_exception = missing repository [OK]
Hint: Check repository registration if repository_missing_exception occurs [OK]
Common Mistakes:
  • Assuming snapshot name typo causes repository_missing_exception
  • Blaming corrupted indices for repository errors
  • Ignoring repository setup before restore
5. You want to restore only specific indexes from a snapshot but rename them to avoid conflicts. Which JSON snippet correctly does this during restore?
{
  "indices": "logs-2023,metrics-2023",
  "rename_pattern": "(.*)-2023",
  "rename_replacement": "$1-restore"
}
hard
A. Restores only logs-restore and metrics-restore indexes from snapshot
B. Restores logs-2023 and metrics-2023 with original names
C. Restores all indexes in snapshot renamed with -restore suffix
D. Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore

Solution

  1. Step 1: Analyze indices and rename_pattern

    Indices "logs-2023" and "metrics-2023" match the pattern "(.*)-2023" capturing "logs" and "metrics".

  2. Step 2: Apply rename_replacement

    Replacement "$1-restore" changes names to "logs-restore" and "metrics-restore".

  3. Step 3: Confirm only specified indices restored

    Only indices listed in "indices" are restored, renamed as specified.

  4. Final Answer:

    Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore -> Option D

  5. Quick Check:

    Indices filtered + renamed correctly = Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore [OK]
Hint: Use indices + rename_pattern/replacement to rename on restore [OK]
Common Mistakes:
  • Restoring all snapshot indices ignoring filter
  • Not using rename_pattern correctly
  • Expecting renamed indexes to exist before restore