Backing Up Elasticsearch

Elasticsearch replicas protect you against a node going down here or there, but they won’t help you in the event of a catastrophic failure. Only good backup practices can help you in that case.

The process for backing up and restoring your Elasticsearch cluster takes three steps:

  • Configure a repository
  • Make a snapshot of the cluster
  • Restore from the snapshot

For more detailed information on the process, refer to the Elasticsearch administration guide, and in particular to the documentation on the Snapshot/Restore module and on backing up your cluster.

Configuring a Repository

First configure a repository where your snapshots will be kept. Several repository types are supported:

  • Shared file system, such as a Network File System or NAS
  • Amazon S3
  • HDFS (Hadoop Distributed File System)
  • Azure Cloud

If using a shared file system repository type, first register the path to the shared file system in each node’s elasticsearch.yml using the path.repo setting.

path.repo: ["path/to/shared/file/system/"]

When you create the repository using the Elasticsearch API, you can now refer to this repository location in your PUT command:

curl -XPUT localhost:9200/_snapshot/test_backup -d '{"type": "fs", "settings": { "location":"/path/to/shared/file/system/" } }'

In production replace localhost:9200 with the proper hostname:port combination for your system, and replace test_backup with the name of the repository you want to create. Additionally, use the real path to your shared file system.

If the repository is successfully set up you’ll see this message in your terminal:


Once you have a repository, you can start creating snapshots.

Snapshotting the Cluster

The easiest approach is to create is a snapshot of all the indexes in your cluster. Here’s the basic command for snapshotting everything:

curl -XPUT localhost:9200/_snapshot/test_backup/snapshot_1

If successful you see {"accepted":true} in the terminal.

You don’t have to include all indexes in a snapshot. For example, if you’re using Marvel, you might not want to include all the Marvel indexes. In this case just explicitly declare the indexes you want to include in the snapshot (leaving out the .marvel indexes):

curl -XPUT localhost:9200/_snapshot/test_backup/snapshot_2
{ "indices": "liferay-0,liferay-20116" }

It’s important to note that Elasticsearch uses a smart snapshotting approach. To understand what that means, consider a single index. The first snapshot includes a copy of the entire index, while subsequent snapshots only include the delta between the first, complete index snapshot and the current state of the index.

Eventually you’ll end up with a lot of snapshots in your repository, and no matter how cleverly you name the snapshots, you may forget what some snapshots contain. For this purpose, the Elasticsearch API includes the ability to get information about any snapshot. For example:

curl -XGET localhost:9200/_snapshot/test_backup/snapshot_1




There’s lots of useful information here, including which indexes were included in the snapshot.

If you want to get rid of a snapshot, use the DELETE command.

curl -XDELETE localhost:9200/_snapshot/test_backup/snapshot_1

You might trigger creation of a snapshot and regret it (for example, you didn’t want to include all the indexes in the snapshot). If you’re snapshotting a lot of data, this can cost time and resources. To cancel the ongoing creation of a snapshot, use the same DELETE command. The snapshot process is terminated and the partial snapshot is deleted from the repository.

Restoring from a Snapshot

What good is a snapshot if you can’t use it to restore your search indexes in case of catastrophic failure? Restoring your cluster from a snapshot is easy. You’ll leverage the _restore API:

curl -XPOST localhost:9200/_snapshot/test_backup/snapshot_1/_restore

This command restores all the indexes in the snapshot. If you want to restore only specific indexes from a snapshot, you can. For example, enter

curl -XPOST
    "indices": "liferay-20116",
    "rename_pattern": "liferayindex_(.+)",
    "rename_replacement": "restored_liferayindex_$1"

This restores only the index named liferay-20116index_1 from the snapshot. The rename... settings specify that the beginning liferayindex_ are replaced with restore_liferayindex_, so liferay-20116index_1 becomes restored_liferay-20116index_1.

As with the snapshotting process, an errant restored index can be canceled with the DELETE command:

curl -XDELETE localhost:9200/restored_liferay-20116index_3

Nobody likes catastrophic failure on a production system, but Elasticsearch’s API for snapshotting and restoring indexes can help you rest easy knowing that your search cluster can be restored if disaster strikes.

« Backing Up Liferay Enterprise SearchUpgrading to Elasticsearch 6 »
Was this article helpful?
0 out of 0 found this helpful