Restoring Snapshots

By default, Elastic Cloud takes a snapshot of all the indices in your Elasticsearch cluster every 30 minutes. You can set a different interval if needed for your environment. Elastic Cloud keeps the 100 most recent, successful snapshots. These snapshots can be used to recover from failure when not enough availability zones are used to provide high availability, to recover from accidental deletion, and to copy an index.

Important

Snapshots back up all open indices. If you close an index, it is not included in snapshots and you will not be able to restore the data.

List Available Snapshots

To list all available snapshots:

  1. Log into the Elastic Cloud Console.
  2. On the Deployments page, select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, go to Elasticsearch and then Snapshots where the list of available snapshots is shown, newest first.
  4. Click on a specific snapshot to see more details.

The list shows when the snapshot was completed, whether the snapshot succeeded or was only partially successful, along with the number of shards and indices in the snapshot.

Change the Snapshot Interval

If you find the the default snapshot interval isn’t working for your environment, you can change it. It might make sense to use a 4 or 24 hour interval if the data in your index doesn’t change that often but you need more snapshot history.

  1. Log into the Elastic Cloud Console and select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  2. Make a selection from the Snapshot interval drop-down menu.
  3. Save your changes.

When you change the interval, the interval timer begins after the next scheduled snapshot.

Restore a Snapshot

To restore a snapshot:

  1. List the available snapshots, and click on the timestamp link of a snapshot to see the snapshot details.
  2. Optional: In the Restore Snapshot section, specify how you want to restore the snapshot. If you do not specify any options, all the indices of the snapshot are restored on the Elasticsearch cluster where the snapshot was taken.

    Snapshot restore

    • In the Specify Indices field, you can limit which indices get restored by specifying an index pattern. For example, entering logstash-*,.kibana restores any indices starting with logstash- as well as the .kibana index. All other indices are ignored.
    • You might need to specify values in the Match and Replace with fields, if you restore to the same cluster, as you cannot restore to an index that already exists.
  3. Click Restore.

After the snapshot is restored, a brief message indicates that the operation was successful.

Restore Across Clusters

Snapshots can be restored to either the same Elasticsearch cluster or to another cluster. If you are restoring all indices to another cluster, you can clone a cluster.

Note

Users created using the X-Pack security features or using Shield are not included when you restore across clusters, only data from Elasticsearch indices is restored. If you do want to create a cloned cluster with the same users as your old cluster, you need to recreate the users manually on the new cluster.

Restoring to another cluster is useful for scenarios where isolating activities on a separate cluster is beneficial, such as:

Performing ad hoc analytics
For most logging and metrics use cases, it is cost prohibitive to have all the data in memory, even if it would provide the best performance for aggregations. Cloning the relevant data to an ad hoc analytics cluster that can be discarded after use is a cost effective way to experiment with your data, without risk to existing clusters used for production.
Testing upgrades
The safest way to check that both your indices and your applications are ready for the next Elasticsearch version is to copy the indices to a new cluster and to test your applications with the new version of Elasticsearch there. It’s what we recommend for major version upgrades.
Enabling your developers
Realistic test data is crucial for uncovering unexpected errors early in the development cycle. What can be more realistic than actual data from a production cluster? Giving your developers access to real production data is a great way to break down silos.
Testing mapping changes
Mapping changes almost always require reindexing. Unless your data volume is trivial, reindexing requires time and tweaking the parameters to achieve the best reindexing performance usually takes a little trial and error. While this use case could also be handled by running the scan and scroll query directly against the source cluster, a long lived scroll has the side effect of blocking merges even if the scan query is very light weight.
Integration testing
Test your application against a real live Elasticsearch cluster with actual data. If you automate this, you could also aggregate performance metrics from the tests and use those metrics to detect if a change in your application has introduced a performance degradation.
Important

A cluster is eligible as a destination for a snapshot restore if it meets these criteria:

  • The cluster is in the same region. For example, a snapshot made in eu-west-1 cannot be restored to us-east-1 at this point. If you need to restore snapshots across regions, use a custom repository.
  • The destination cluster is able to read the indices. For the time being, this means that a cluster must have an Elasticsearch version that is equal to or higher than the source cluster.

To restore snapshots across clusters:

  1. First, create a new deployment and in the Restore from snapshot section, select the deployment that you want to restore a snapshot from.

    The latest successful snapshot from the cluster you selected is restored on the new cluster when you create it. If you don’t know the exact name, you can put in a few characters and then select from the list of matching deployments.

    Restoring from a snapshot

  2. Manually recreate users using the X-Pack security features or using Shield on the new cluster. User information is not included when you restore across clusters.