How to create and manage Elasticsearch snapshots

Snapshots in Elasticsearch capture the state of indices at a given point in time, providing a reliable backup mechanism.

They are stored in a repository, typically a shared filesystem or cloud-based storage, and can be restored as needed to recover data or move it between clusters.

By using snapshots, administrators ensure resilience against data loss, simplify migration, and maintain versioned backups for disaster recovery and compliance requirements.

Steps to create and manage Elasticsearch snapshots:

$ curl --request PUT --header "Content-Type: application/json" --data '{
  "type": "fs",
  "settings": {
    "location": "/mount/backups",
    "compress": true
  }
}' http://localhost:9200/_snapshot/my_backup
{"acknowledged":true}

Ensure the Elasticsearch node has permissions to access the repository path.

Create a snapshot of the desired indices.

$ curl --request PUT http://localhost:9200/_snapshot/my_backup/snapshot_1?wait_for_completion=true
{"snapshot":{"snapshot":"snapshot_1","indices":["my_index"],"shards":...}}

Use wait_for_completion to get immediate results and verify snapshot success.

Verify available snapshots.

$ curl --request GET --silent http://localhost:9200/_snapshot/my_backup/_all | jq
{
  "snapshots": [
    {
      "snapshot": "snapshot_1",
      "indices": ["my_index"], ...
    }
  ]
}

Restore a snapshot to recover an index.

$ curl --request POST --header "Content-Type: application/json" --data '{
  "indices": "my_index",
  "include_global_state": false
}' http://localhost:9200/_snapshot/my_backup/snapshot_1/_restore
{"accepted":true}

Restoring overwrites existing data if the target index name matches an existing one.

Monitor restoration progress and verify the recovered data.

Clean up old snapshots to manage storage costs as needed.

$ curl --request DELETE http://localhost:9200/_snapshot/my_backup/old_snapshot
{"acknowledged":true}

Rotate snapshot schedules and repositories for a robust backup strategy.

For related backup procedures, see: How to configure Elasticsearch for production

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.