Snapshot and restore

edit

A snapshot is a backup taken from a running Elasticsearch cluster. You can take snapshots of an entire cluster, including all its data streams and indices. You can also take snapshots of only specific data streams or indices in the cluster.

You must register a snapshot repository before you can create snapshots.

Snapshots can be stored in either local or remote repositories. Remote repositories can reside on Amazon S3, HDFS, Microsoft Azure, Google Cloud Storage, and other platforms supported by a repository plugin.

Elasticsearch takes snapshots incrementally: the snapshotting process only copies data to the repository that was not already copied there by an earlier snapshot, avoiding unnecessary duplication of work or storage space. This means you can safely take snapshots very frequently with minimal overhead. However, snapshots are also logically independent: deleting a snapshot does not affect the integrity of any other snapshot.

You can restore snapshots to a running cluster, which includes all data streams and indices in the snapshot by default. However, you can choose to restore only the cluster state or specific data streams or indices from a snapshot.

You can use snapshot lifecycle management to automatically take and manage snapshots.

You cannot back up an Elasticsearch cluster by simply copying the data directories of all of its nodes. Elasticsearch may be making changes to the contents of its data directories while it is running; copying its data directories cannot be expected to capture a consistent picture of their contents. If you try to restore a cluster from such a backup, it may fail and report corruption and/or missing files. Alternatively, it may appear to have succeeded though it silently lost some of its data. The only reliable way to back up a cluster is by using the snapshot and restore functionality.

Version compatibility

edit

Version compatibility refers to the underlying Lucene index compatibility. Follow the Upgrade documentation when migrating between versions.

A snapshot contains a copy of the on-disk data structures that comprise an index or a data stream’s backing indices. This means that snapshots can only be restored to versions of Elasticsearch that can read the indices.

The following table indicates snapshot compatibility between versions. The first column denotes the base version that you can restore snapshots from.

Cluster version

Snapshot version

2.x

5.x

6.x

7.x

1.x

Yes

No

No

No

2.x

Yes

Yes

No

No

5.x

No

Yes

Yes

No

6.x

No

No

Yes

Yes

7.x

No

No

No

Yes

The following conditions apply for restoring snapshots and indices across versions:

  • Snapshots: You cannot restore snapshots from later Elasticsearch versions into a cluster running an earlier Elasticsearch version. For example, you cannot restore a snapshot taken in 7.6.0 to a cluster running 7.5.0.
  • Indices: You cannot restore indices into a cluster running a version of Elasticsearch that is more than one major version newer than the version of Elasticsearch used to snapshot the indices. For example, you cannot restore indices from a snapshot taken in 5.0 to a cluster running 7.0.

    The one caveat is that snapshots taken by Elasticsearch 2.0 can be restored in clusters running Elasticsearch 5.0.

Each snapshot can contain indices created in various versions of Elasticsearch. This includes backing indices created for data streams. When restoring a snapshot, it must be possible to restore all of these indices into the target cluster. If any indices in a snapshot were created in an incompatible version, you will not be able restore the snapshot.

When backing up your data prior to an upgrade, keep in mind that you won’t be able to restore snapshots after you upgrade if they contain indices created in a version that’s incompatible with the upgrade version.

If you end up in a situation where you need to restore a snapshot of a data stream or index that is incompatible with the version of the cluster you are currently running, you can restore it on the latest compatible version and use reindex-from-remote to rebuild the data stream or index on the current version. Reindexing from remote is only possible if the original data stream or index has source enabled. Retrieving and reindexing the data can take significantly longer than simply restoring a snapshot. If you have a large amount of data, we recommend testing the reindex from remote process with a subset of your data to understand the time requirements before proceeding.