Snapshot restore to another elk server

112 views
Skip to first unread message

ismailctest C

unread,
Aug 24, 2023, 1:10:08 PM8/24/23
to Wazuh | Mailing List
Hi Team,
As per the below document, taken the snapshots of all the index files.
Snapshot is stored in this path , /mount/elasticsearch_backup


I have installed new wazuh and elk server.
So, need to restore this snapshots (taken from old server) to newly installed server, how to do this?
Note: All backup index need to monitor from new server, going to decommission old server.

Kindly help me on this.




Jose Camargo

unread,
Aug 24, 2023, 1:42:56 PM8/24/23
to Wazuh | Mailing List
Hi Ismail,

To restore snapshots, you must follow the process detailed here: OpenSearch Restore Snapshots:

  1. Install Snapshot Repositories: Elasticsearch uses snapshot repositories to store and manage backups. You need to set up a snapshot repository that points to the location of your snapshots. Since you mentioned your snapshots are located at /mount/elasticsearch_backup, you can configure a repository using the fs type. For example:
    PUT /_snapshot/your_repository_name
    {
      "type": "fs",
      "settings": {
        "location": "/mount/elasticsearch_backup",
        "compress": true
      }
    }

  2. Restore Indices: Once the snapshot repository is set up, you can restore the indices using the following command:
    POST /_snapshot/your_repository_name/snapshot_name/_restore
    {
      "indices": "index_name_pattern",
      "ignore_unavailable": true,
      "include_global_state": false
    }

    1. Replace your_repository_name with the name of the snapshot repository you created.
    2. Replace snapshot_name with the name of the snapshot you want to restore.
    3. Replace index_name_pattern with the pattern of indices you want to restore (e.g., wazuh-alerts-4.x-*).

I'll be awaiting your comments.


Regards,
Jose Camargo

ismailctest C

unread,
Aug 24, 2023, 3:10:55 PM8/24/23
to Wazuh | Mailing List
Jose Camargo,
Thanks for your reply.

ELK_old: 1.1.1.1
ELK_new: 1.1.1.2

Snaphot is available in elk_old.
We need to restore this snapshot in new elastic server (ELK_new) (not in the same server) How to do this?

How can we access this snapshot from new server (ELK_new) ?
How can we transfer this snapshot from  elk_old to elk_new server?

Please support.

Jose Camargo

unread,
Aug 28, 2023, 4:39:27 PM8/28/23
to Wazuh | Mailing List
Hi Ismail,

You have to copy the files from one ELK server to the other, and then run the previously sent commands, pointing to the location of the snapshot on elk_new server.

Let me know if you run into any issues, I'll be glad to help.

Regards,
Jose Camargo

Reply all
Reply to author
Forward
0 new messages