Skip to content

Restoring the Elasticsearch Database


Elasticsearch Documentation

You will find a more detailed description of how to back up and restore the database in the original Elasticsearch documentation: Restore a Snapshot.

The following chapter describes how to back up and restore specific indices in the Elasticsearch database. In addition, we recommend you also back up the Elasticsearch configuration directory on a daily basis at the file system level: Back up Configuration Files.

Backup and snapshot are used interchangeably here.


Restoring Backups

Caution - version compatibility

Different Elasticsearch database versions may be incompatible to its previous or following version, refer to Snapshot compatibility.

  1. Register the snapshot repository:

    Registering a Snapshot Repository

  2. Select the required snapshot

    • in the Kibana user interface:

      http://localhost:5621/app/management/data/snapshot_restore/snapshots
      
    • in the DevTools Console:

      Example - listing snapshots

      The following command lists the latest 10 snapshots in descending order:

      GET /_snapshot/my_repository/*?size=10&sort=start_time&order=desc
      

Restoring Security Settings

Caution - restoring security settings

If you restore data in an empty Elasticsearch database, you must restore the security settings first.

We strongly recommend you use the security feature to restore your snapshot, as using the .security alias instead may be tricky. If you still want use the .security alias to restore the securtiy settings, consider the following:

The .security alias can only point to one single index. This index depends on the Elasticsearch version you use, e. g. .security-7 for version 7.x, and must not be changed. Restoring the security settings with an index name different from the current index name creates a second alias with the same name. As the software cannot handle this, it locks you out of your Kibana user interface. If this happens, refer to Troubleshooting.

The instruction below describe the restoration of the security feature for a single server Elasticsearch installation.

Literature

For details on restoring data in an Elasticsearch cluster, refer to the original documentation of the software producer:

Restore an entire cluster.

  1. Register the repository, in which the snapshots have been saved:

    PUT _snapshot/my_repository
    {
        "type": "fs",
        "settings": {
        "location": "/mount/backups/my_repository_location"
        }
    }
    
  2. Search the latest security snapshot:

    GET /_snapshot/my_repository/*security*?size=1&sort=start_time&order=desc
    

    Literature

    For details on retrieving information about one or more snapshots, refer to the original documentation of the software producer:

    Get snapshot API.

    In the response of the command, you will find the name of the snapshot in the snapshot key.

    Example of a search response

    The search for the lates snapshot provides nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna:

    {
      "snapshots" : [
        {
        "snapshot" : "nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna",
        "uuid" : "tO0Btmb3SaOCUdREwJAzSA",
        "repository" : "my_repository",
        ...
        "indices" : [
            ".security-7"
        ],
        ...
        }
      ],
      ...
    }
    
  3. Restore the selected security snapshot:

    Example of the restoring command

    The snapshot provided by the previous search is to be restored:

    POST /_snapshot/my_repository/nightly-security-snap-2022.03.16-ata_2ng7qfifayn_keydna/_restore
    {
      "feature_states": [ "security" ]
    }
    

    A proper restoration will provide the following result:

    {
      "accepted" : true
    }
    

Restoring Other Snapshots

Depending on the objective of restoring the database, you have to do consider different things.

  • Restoring data exactly with their old indices, e. g. after a complete loss of data:

    • We recommend you do not rename any indices.

    • Make sure that no new data arrive during the restoration. You can do this, for example by deactivating the fire wall rules, refer to used ports, or by stopping all Filebeat processes.

  • Restoring older data to mix them with current data:

    • We recommend you rename the indices to be restored.

    • You do not necessarily have to close the input channels of the Elasticsearch database.

Literature

For details on restoring any snapshots other than the security feature, refer to the original documentation of the software producer:

Restore an index or data stream.


Restoring the Elasticsearch Cluster Configuration

Literature

For details on restoring an Elasticsearch cluster, refer to the original documentation of the software producer:

Restore an entire cluster.


Troubleshooting

Log on Problems to Kibana After Restoring Security Settings

After restoring the security settings you cannot log on to the Kibana user interface.

Maybe the index has not been restored correctly.

You can solve this problem by disabling the security, restarting the Elasticsearch database, and manually removing the incorrectly restored index. Then reactivate xpack.security.enabled and the access protection works as before.

  1. In an editor, open the elasticsearch.yml file:

    • Linux:

      /etc/elasticsearch/elasticsearch.yml
      
    • Windows:

      C:\ProgramData\Elastic\Elasticsearch\config\elasticsearch.yml
      
  2. Deactivate the security settings and save the file:

    xpack.security.enabled: false
    
  3. Restart Elasticsearch:

    • Linux:

      sudo systemctl restart elasticsearch
      
    • Windows:

      restart-service seal-elasticsearch
      
  4. In a Browser, open the Kibana DevTools Console:

    http://localhost:5621/app/dev_tools#/console
    
  5. In the Kibana DevTools Console, search for all indices with the alias .security:

    GET _cat/aliases/.security
    

    Example of a search result

    .security .security-7 - - - -
    
  6. Delete all indices found with the previous command:

    Example of the deleting command

    DELETE /.security-7
    
  7. Restore the security feature:

    Restoring Security Settings

  8. In the elasticsearch.yml file, reactivate the security and save the file:

    xpack.security.enabled: true
    
  9. Restart Elasticsearch:

    • Linux:

      sudo systemctl restart elasticsearch
      
    • Windows:

      restart-service seal-elasticsearch
      

Back to top