Snapshot and restoreedit

A snapshot is a backup taken from a running Elasticsearch cluster. You can take snapshots of an entire cluster, including all its data streams and indices. You can also take snapshots of only specific data streams or indices in the cluster.

You must register a snapshot repository before you can create snapshots.

Snapshots can be stored in either local or remote repositories. Remote repositories can reside on Amazon S3, HDFS, Microsoft Azure, Google Cloud Storage, and other platforms supported by a repository plugin.

Elasticsearch takes snapshots incrementally: the snapshotting process only copies data to the repository that was not already copied there by an earlier snapshot, avoiding unnecessary duplication of work or storage space. This means you can safely take snapshots very frequently with minimal overhead. This incrementality only applies within a single repository because no data is shared between repositories. Snapshots are also logically independent from each other, even within a single repository: deleting a snapshot does not affect the integrity of any other snapshot.

You can restore snapshots to a running cluster, which includes all data streams and indices in the snapshot by default. However, you can choose to restore only the cluster state or specific data streams or indices from a snapshot.

You can use snapshot lifecycle management to automatically take and manage snapshots.

The only reliable and supported way to back up a cluster is by taking a snapshot. You cannot back up an Elasticsearch cluster by making copies of the data directories of its nodes. There are no supported methods to restore any data from a filesystem-level backup. If you try to restore a cluster from such a backup, it may fail with reports of corruption or missing files or other data inconsistencies, or it may appear to have succeeded having silently lost some of your data.

A copy of the data directories of a cluster’s nodes does not work as a backup because it is not a consistent representation of their contents at a single point in time. You cannot fix this by shutting down nodes while making the copies, nor by taking atomic filesystem-level snapshots, because Elasticsearch has consistency requirements that span the whole cluster. You must use the built-in snapshot functionality for cluster backups.

Version compatibilityedit

Version compatibility refers to the underlying Lucene index compatibility. Follow the Upgrade documentation when migrating between versions.

A snapshot contains a copy of the on-disk data structures that comprise an index or a data stream’s backing indices. This means that snapshots can only be restored to versions of Elasticsearch that can read the indices.

The following table indicates snapshot compatibility between versions. The first column denotes the base version that you can restore snapshots from.

Cluster version

Snapshot version

2.x

5.x

6.x

7.x

1.x

Yes

No

No

No

2.x

Yes

Yes

No

No

5.x

No

Yes

Yes

No

6.x

No

No

Yes

Yes

7.x

No

No

No

Yes

The following conditions apply for restoring snapshots and indices across versions:

  • Snapshots: You cannot restore snapshots from later Elasticsearch versions into a cluster running an earlier Elasticsearch version. For example, you cannot restore a snapshot taken in 7.6.0 to a cluster running 7.5.0.
  • Indices: You cannot restore indices into a cluster running a version of Elasticsearch that is more than one major version newer than the version of Elasticsearch used to snapshot the indices. For example, you cannot restore indices from a snapshot taken in 5.0 to a cluster running 7.0.

    The one caveat is that snapshots taken by Elasticsearch 2.0 can be restored in clusters running Elasticsearch 5.0.

Each snapshot can contain indices created in various versions of Elasticsearch. This includes backing indices created for data streams. When restoring a snapshot, it must be possible to restore all of these indices into the target cluster. If any indices in a snapshot were created in an incompatible version, you will not be able restore the snapshot.

When backing up your data prior to an upgrade, keep in mind that you won’t be able to restore snapshots after you upgrade if they contain indices created in a version that’s incompatible with the upgrade version.

If you end up in a situation where you need to restore a snapshot of a data stream or index that is incompatible with the version of the cluster you are currently running, you can restore it on the latest compatible version and use reindex-from-remote to rebuild the data stream or index on the current version. Reindexing from remote is only possible if the original data stream or index has source enabled. Retrieving and reindexing the data can take significantly longer than simply restoring a snapshot. If you have a large amount of data, we recommend testing the reindex from remote process with a subset of your data to understand the time requirements before proceeding.