How to Backup and Restore Elasticsearch using Snapshots

Introduction

Hello everyone! Today in this blog, we will learn how to backup and restore Elasticsearch using snapshots. Before diving in, let’s first brush up on the basics of the topic.

Elasticsearch at a glance

• It is a search and analytics engine
• It is based on NoSQL technology
• It exposes REST API instead of CLI to perform various operations
• It is a combination of different nodes such as data, master, ingest, and client connected together.

Backup strategy at Elasticsearch

• Elasticsearch uses snapshots
• A snapshot is a backup taken from a running Elasticsearch cluster
• Repositories are used to store snapshots
• You must register a repository before you perform snapshot and restore operations
• Repositories can be either local or remote
• Different types of repositories supported by Elasticsearch are as follows:
  • Windows shares using Microsoft UNC path
  • NFS on Linux
  • Directory on Single Node Cluster
  • AWS
  • Azure Cloud
  • HPFS for Hadoop

Demo

• First, we should have elasticsearch up and running. To check the status, use the command –
  • sudo systemctl status elasticsearch

You should be seeing the following output –

• Next, we’ll make a directory where we’ll be storing all our snapshots.
  • mkdir elasticsearch-backup

• We need to make sure that the service elasticsearch can write into this directory. To give write permissions to the directory, use the command –
  • sudo chown -R elasticsearch:elasticsearch elasticsearch-backup

• We need to give the path of our directory to elasticsearch. So, we need to make these changes in the /etc/elasticsearch/elasticsearch.yml file.

• Restart the service using the following command –
  • sudo systemctl restart elasticsearch.service

• Now, we need to create the repository. Use the following command to create the repo –
  • curl -XPUT -H “content-type:application/json/” ‘http://localhost:9200/_snapshot/elasticsearch-backup’ -d ‘{“type”:”fs”,”settings”:{“location”:”/home/riya/elasticsearch-backup”,”compress”:true}}’

• You can see the repo description using the following command –
  • curl -XGET ‘http://localhost:9200/_snapshot/_all?pretty’

• Now let’s list the indices we need to backup with the following command –
  • curl -XGET ‘http://localhost:9200/_cat/indices’

• Finally, let’s take a backup for the indices. Use the command –
  • curl -XPUT ‘http://localhost:9200/_snapshot/elasticsearch-backup/first-snapshot?wait_for_completion=true’

• The snapshot is now successfully created. Let us check the status –
  • curl -XGET ‘http://localhost:9200/_snapshot/_all?pretty’

Restore

As now we have successfully taken the backup of our indices, let us just make sure if we’re able to retrieve the data if it gets lost. So, let us first delete our data using the following command –

• curl -XDELETE ‘http://localhost:9200/_all’

Now, if you’ll check, all the data must have been gone. So, let us try to restore our data using the snapshots we created.

• curl -XGET ‘http:localhost:9200/_snapshot/elasticsearch-backup/first-snapshot/_restore?wait_for_completion=true’

The above command will successfully restore all the lost or deleted data.

That’s it for now. I hope this article was useful to you. Please feel free to drop any comments, questions, or suggestions.