Snapshot and Restoreedit

Snapshot and Restore enables you to backup your Elasticsearch indices and clusters using data and state snapshots. Snapshots are important because they provide a copy of your data in case something goes wrong. If you need to roll back to an older version of your data, you can restore a snapshot from the repository.

You’ll find Snapshot and Restore under Management > Elasticsearch. With this UI, you can:

Snapshot list

Before using this feature, you should be familiar with how snapshots work. Snapshot and Restore is a good source for more detailed information.

Required permissionsedit

The minimum required permissions to access Snapshot and Restore include:

  • Cluster privileges: monitor, manage_slm, cluster:admin/snapshot, and cluster:admin/repository
  • Index privileges: all on the monitor index if you want to access content in the Restore Status tab

You can add these privileges in Management > Security > Roles.

Edit Role

Register a repositoryedit

The Repositories view provides an overview of your repositories. Click a repository name to view its type, number of snapshots, and settings, and also to verify status.

Repository list

If you don’t have a repository, you’re prompted to register one. Elasticsearch supports three repository types out of the box: shared file system, read-only URL, and source-only. For more information on these repositories and their settings, see Repositories. For an example, see registering a shared file system repository.

To use other repositories, such as S3, you can install plugins. See Repository plugins.

View your snapshotsedit

The Snapshots view gives an overview of your snapshots. You can drill down into each snapshot for further investigation.

Snapshot details

If you don’t have any snapshots, you can create them from the Kibana Console. The snapshot API takes the current state and data in your index or cluster, and then saves it to a shared repository.

The snapshot process is "smart." Your first snapshot is a complete copy of the data in your index or cluster. All subsequent snapshots save the changes between the existing snapshots and the new data.

Restore a snapshotedit

The Restore wizard walks you through the process of restoring a snapshot into a running cluster. To get started, go to the Snapshots view, find the snapshot, and click the restore icon in the Actions column.

You’re presented options for the restore, including which indices to restore and whether to modify the index settings. You can restore an existing index only if it’s closed and has the same number of shards as the index in the snapshot.

Once you initiate the restore, you’re navigated to the Restore Status view, where you can track the progress.

Snapshot details

Create a snapshot lifecycle policyedit

You can create policies to schedule automatic snapshots of your cluster. Snapshot lifecycle policies are related to index lifecycle policies. However, where an index lifecycle policy applies to a single index, a snapshot lifecycle policy can span multiple indices.

For an overview of your policies, open the Policies view. You can drill down into each policy to examine its settings and last successful and failed run.

If you don’t have any policies, use the Create policy wizard. You’ll define the snapshots and repository, when to take snapshots, and the settings, such as which indices the snapshot should contain.

Snapshot details

You can perform the following actions on a policy:

  • Run a policy immediately without waiting for the scheduled time. This action is useful before an upgrade or before performing maintenance on indices.
  • Edit a policy and immediately apply changes to the schedule.
  • Delete a policy to prevent any future snapshots from being taken. This action does not cancel any currently ongoing snapshots or remove any previously taken snapshots.

Delete a snapshotedit

Delete snapshots to manage your repository storage space. Find the snapshot in the Snapshots view and click the trash icon in the Actions column. To delete snapshots in bulk, select their checkboxes, and then click Delete snapshots.

Example: Register a shared file system repositoryedit

This example shows how to register a shared file system repository and store snapshots.

Register the repository locationedit

You must register the location of the repository in the path.repo setting on your master and data nodes. You can do this in one of two ways:

  • Edit your elasticsearch.yml to include the path.repo setting.
  • Pass the path.repo setting when you start Elasticsearch.

    bin/elasticsearch -E path.repo=/tmp/es-backups

Register the repositoryedit

Use Snapshot and Restore to register the repository where your snapshots will live.

  1. Go to Management > Elasticsearch > Snapshot and Restore.
  2. Open the Repositories view.
  3. Click Register a repository.
  4. Enter a name for your repository, for example, my_backup.
  5. Set Repository type to Shared file system.

    Register repository

  6. Click Next.
  7. In Location, enter the path to the snapshot repository, /tmp/es-backups.
  8. In Chunk size, enter 100mb so that snapshot files are not bigger than that size.
  9. Use the defaults for all other fields.
  10. Click Register.

    Your new repository is listed on the Repositories view.

  11. Click the respository and inspect its details.

    The repository currently doesn’t have any snapshots.

Add a snapshot to the repositoryedit

Use the snapshot API to create a snapshot.

  1. Go to Dev Tools > Console.
  2. Create the snapshot.

    In this example, the snapshot name is 2019-04-25_snapshot. You can also use date math expression for the snapshot name.

    Create snapshot

  3. Open Snapshot and Restore.

    Your new snapshot is available in the Snapshots view.