Restoring the Elasticsearch Database¶
Elasticsearch Documentation¶
You will find a more detailed description of how to back up and restore the database in the original Elasticsearch documentation: Restore a Snapshot.
The following chapter describes how to back up and restore specific indices in the Elasticsearch database. In addition, we recommend you also back up the Elasticsearch configuration directory on a daily basis at the file system level: Back up Configuration Files.
Backup and snapshot are used interchangeably here.
Restoring Backups¶
Caution - version compatibility
Different Elasticsearch database versions may be incompatible to its previous or following version, refer to Snapshot compatibility.
-
Register the snapshot repository:
-
Select the required snapshot
-
in the Kibana user interface:
http://localhost:5621/app/management/data/snapshot_restore/snapshots -
in the DevTools Console:
Example - listing snapshots
The following command lists the latest 10 snapshots in descending order:
GET /_snapshot/my_repository/*?size=10&sort=start_time&order=desc
-
Restoring Security Settings¶
Caution - restoring security settings
If you restore data in an empty Elasticsearch database, you must restore the security settings first.
We strongly recommend you use the security feature to restore your snapshot, as using the .security alias instead may be tricky. If you still want use the .security alias to restore the securtiy settings, consider the following:
The .security alias can only point to one single index. This index depends on the Elasticsearch version you use, e. g. .security-7 for version 7.x, and must not be changed. Restoring the security settings with an index name different from the current index name creates a second alias with the same name. As the software cannot handle this, it locks you out of your Kibana user interface. If this happens, refer to Troubleshooting.
The instruction below describe the restoration of the security feature for a single server Elasticsearch installation.
Literature
For details on restoring data in an Elasticsearch cluster, refer to the original documentation of the software producer:
-
Register the repository, in which the snapshots have been saved:
PUT _snapshot/my_repository { "type": "fs", "settings": { "location": "/mount/backups/my_repository_location" } } -
Search the latest security snapshot:
GET /_snapshot/my_repository/*security*?size=1&sort=start_time&order=descLiterature
For details on retrieving information about one or more snapshots, refer to the original documentation of the software producer:
In the response of the command, you will find the name of the snapshot in the
snapshotkey.Example of a search response
The search for the lates snapshot provides
nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna:{ "snapshots" : [ { "snapshot" : "nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna", "uuid" : "tO0Btmb3SaOCUdREwJAzSA", "repository" : "my_repository", ... "indices" : [ ".security-7" ], ... } ], ... } -
Restore the selected security snapshot:
Example of the restoring command
The snapshot provided by the previous search is to be restored:
POST /_snapshot/my_repository/nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna/_restore { "feature_states": [ "security" ] }A proper restoration will provide the following result:
{ "accepted" : true }
Restoring Other Snapshots¶
Depending on the objective of restoring the database, you have to do consider different things.
-
Restoring data exactly with their old indices, e. g. after a complete loss of data:
-
We recommend you do not rename any indices.
-
Make sure that no new data arrive during the restoration. You can do this, for example by deactivating the fire wall rules, refer to used ports, or by stopping all Filebeat processes.
-
-
Restoring older data to mix them with current data:
-
We recommend you rename the indices to be restored.
-
You do not necessarily have to close the input channels of the Elasticsearch database.
-
Literature
For details on restoring any snapshots other than the security feature, refer to the original documentation of the software producer:
Restoring the Elasticsearch Cluster Configuration¶
Literature
For details on restoring an Elasticsearch cluster, refer to the original documentation of the software producer:
Troubleshooting¶
Log on Problems to Kibana After Restoring Security Settings¶
After restoring the security settings you cannot log on to the Kibana user interface.
Maybe the index has not been restored correctly.
You can solve this problem by disabling the security, restarting the Elasticsearch database, and manually removing the incorrectly restored index. Then reactivate xpack.security.enabled and the access protection works as before.
-
In an editor, open the
elasticsearch.ymlfile:-
Linux:
/etc/elasticsearch/elasticsearch.yml -
Windows:
C:\ProgramData\Elastic\Elasticsearch\config\elasticsearch.yml
-
-
Deactivate the security settings and save the file:
xpack.security.enabled: false -
Restart Elasticsearch:
-
Linux:
sudo systemctl restart elasticsearch -
Windows:
restart-service seal-elasticsearch
-
-
In a Browser, open the Kibana DevTools Console:
http://localhost:5621/app/dev_tools#/console -
In the Kibana DevTools Console, search for all indices with the alias
.security:GET _cat/aliases/.securityExample of a search result
.security .security-7 - - - - -
Delete all indices found with the previous command:
Example of the deleting command
DELETE /.security-7 -
Restore the
securityfeature: -
In the
elasticsearch.ymlfile, reactivate the security and save the file:xpack.security.enabled: true -
Restart Elasticsearch:
-
Linux:
sudo systemctl restart elasticsearch -
Windows:
restart-service seal-elasticsearch
-