Bird
Raised Fist0
Elasticsearchquery~5 mins

Snapshot and restore in Elasticsearch - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is a snapshot in Elasticsearch?
A snapshot is a backup of your Elasticsearch cluster data and metadata, stored in a repository. It helps you save the current state to restore later if needed.
Click to reveal answer
beginner
How do you create a snapshot repository in Elasticsearch?
You create a snapshot repository by sending a PUT request to Elasticsearch with repository settings, like type (e.g., 'fs' for file system) and location path.
Click to reveal answer
beginner
What is the purpose of restoring a snapshot?
Restoring a snapshot recovers your cluster data and settings from a saved backup, useful after data loss or to move data between clusters.
Click to reveal answer
intermediate
Can you take snapshots while Elasticsearch is running and serving requests?
Yes, snapshots are taken without stopping the cluster. Elasticsearch uses a consistent view of data, so backups do not interrupt normal operations.
Click to reveal answer
intermediate
What types of repositories can be used for snapshots in Elasticsearch?
Common repository types include 'fs' (file system), 's3' (Amazon S3), 'gcs' (Google Cloud Storage), and 'azure' (Microsoft Azure Blob Storage).
Click to reveal answer
What command creates a snapshot repository in Elasticsearch?
ADELETE /_snapshot/my_backup
BGET /_snapshot/my_backup
CPOST /_snapshot/my_backup/_restore
DPUT /_snapshot/my_backup
Which repository type is used for storing snapshots on local disk?
As3
Bgcs
Cfs
Dazure
Can you restore a snapshot to a running Elasticsearch cluster?
AYes, cluster can be running
BNo, cluster must be stopped
COnly if cluster is in read-only mode
DOnly during off-peak hours
What does a snapshot include?
AIndex data and cluster metadata
BOnly index data
COnly cluster settings
DOnly node configurations
Which API call starts a snapshot creation?
APOST /_snapshot/my_backup/snapshot_1/_create
BPUT /_snapshot/my_backup/snapshot_1
CPOST /_snapshot/my_backup/snapshot_1/_restore
DGET /_snapshot/my_backup/snapshot_1
Explain the process of creating and restoring a snapshot in Elasticsearch.
Think about backup and recovery steps.
You got /4 concepts.
    Why is snapshot and restore important for Elasticsearch clusters?
    Consider real-life data safety and availability.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of taking a snapshot in Elasticsearch?
      easy
      A. To save a backup of your data for recovery later
      B. To speed up search queries
      C. To delete old indexes automatically
      D. To create new indexes from templates

      Solution

      1. Step 1: Understand snapshot purpose

        A snapshot in Elasticsearch is used to save a backup of your data at a point in time.

      2. Step 2: Compare options

        Options B, C, and D describe other Elasticsearch features, not snapshot backup.

      3. Final Answer:

        To save a backup of your data for recovery later -> Option A

      4. Quick Check:

        Snapshot = Backup [OK]
      Hint: Snapshots save data backups for recovery [OK]
      Common Mistakes:
      • Confusing snapshots with index templates
      • Thinking snapshots speed up searches
      • Assuming snapshots delete data
      2. Which of the following is the correct syntax to create a snapshot repository in Elasticsearch?
      easy
      A. POST /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
      B. PUT /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
      C. GET /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}
      D. DELETE /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}}

      Solution

      1. Step 1: Identify correct HTTP method for creating repository

        Creating a snapshot repository uses the PUT method to define or update it.

      2. Step 2: Check other methods

        POST is for creating snapshots, GET is for retrieving info, DELETE is for removing repositories.

      3. Final Answer:

        PUT /_snapshot/my_backup {"type": "fs", "settings": {"location": "/mount/backups"}} -> Option B

      4. Quick Check:

        Repository creation = PUT [OK]
      Hint: Use PUT to create or update snapshot repositories [OK]
      Common Mistakes:
      • Using POST instead of PUT for repository creation
      • Confusing GET with creation commands
      • Trying to delete instead of create repository
      3. Given this snapshot restore request:
      POST /_snapshot/my_backup/snapshot_1/_restore
{
  "indices": "index1,index2",
  "rename_pattern": "index(.*)",
  "rename_replacement": "restored_index$1"
}

      What will be the name of the restored index originally named index2?
      medium
      A. restored_index2
      B. restored_index_index2
      C. index2
      D. index_restored2

      Solution

      1. Step 1: Understand rename_pattern and rename_replacement

        The pattern "index(.*)" captures the part after "index". The replacement "restored_index$1" adds "restored_index" plus the captured part.

      2. Step 2: Apply to index2

        For "index2", the captured part is "2", so the new name is "restored_index2".

      3. Final Answer:

        restored_index2 -> Option A

      4. Quick Check:

        Rename pattern + replacement = restored_index2 [OK]
      Hint: Captured group $1 appends after renamed prefix [OK]
      Common Mistakes:
      • Ignoring rename_pattern and keeping original name
      • Adding extra 'index' in the replacement
      • Misplacing the captured group in new name
      4. You try to restore a snapshot but get an error: repository_missing_exception. What is the most likely cause?
      medium
      A. The snapshot name is incorrect
      B. The cluster is running an incompatible Elasticsearch version
      C. The snapshot repository does not exist or is not registered
      D. The indices in the snapshot are corrupted

      Solution

      1. Step 1: Understand repository_missing_exception meaning

        This error means Elasticsearch cannot find the snapshot repository to access snapshots.

      2. Step 2: Check other options

        Snapshot name errors cause different exceptions; corrupted indices cause restore failures but not repository missing; version mismatch causes other errors.

      3. Final Answer:

        The snapshot repository does not exist or is not registered -> Option C

      4. Quick Check:

        repository_missing_exception = missing repository [OK]
      Hint: Check repository registration if repository_missing_exception occurs [OK]
      Common Mistakes:
      • Assuming snapshot name typo causes repository_missing_exception
      • Blaming corrupted indices for repository errors
      • Ignoring repository setup before restore
      5. You want to restore only specific indexes from a snapshot but rename them to avoid conflicts. Which JSON snippet correctly does this during restore?
      {
  "indices": "logs-2023,metrics-2023",
  "rename_pattern": "(.*)-2023",
  "rename_replacement": "$1-restore"
}
      hard
      A. Restores only logs-restore and metrics-restore indexes from snapshot
      B. Restores logs-2023 and metrics-2023 with original names
      C. Restores all indexes in snapshot renamed with -restore suffix
      D. Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore

      Solution

      1. Step 1: Analyze indices and rename_pattern

        Indices "logs-2023" and "metrics-2023" match the pattern "(.*)-2023" capturing "logs" and "metrics".

      2. Step 2: Apply rename_replacement

        Replacement "$1-restore" changes names to "logs-restore" and "metrics-restore".

      3. Step 3: Confirm only specified indices restored

        Only indices listed in "indices" are restored, renamed as specified.

      4. Final Answer:

        Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore -> Option D

      5. Quick Check:

        Indices filtered + renamed correctly = Restores logs-2023 and metrics-2023 as logs-restore and metrics-restore [OK]
      Hint: Use indices + rename_pattern/replacement to rename on restore [OK]
      Common Mistakes:
      • Restoring all snapshot indices ignoring filter
      • Not using rename_pattern correctly
      • Expecting renamed indexes to exist before restore