How to backup Graylog logs from elasticsearch

September 07, 2019

Page content

Graylog store the log data in elasticsearch so I will show you how to create and restore snapshot with elasticsearch.

Requirement

elasticsearch 7.5

First you will need to add the repo.path location to your elasticsearch.yml. This is the local path of the folder where the snapshot files will store.

mkdir -p /mnt/elasticsearch-backup
chown -R elasticsearch. /mnt/elasticsearch-backup

cat >> /etc/elasticsearch/elasticsearch.yml << EOF
path.repo: ["/mnt/elasticsearch-backup"]
EOF

systemctl restart elasticsearch

Elasticsearch

Elasticsearch needs to know the backup path by registering a backup repository:

curl -XPUT 'http://localhost:9200/_snapshot/my_backup' -d '{
  "type": "fs",
  "settings": {
     "location": "/mnt/elasticsearch-backup",
     "compress": true
  }
}'

Create Backup

curl -XPUT "localhost:9200/_snapshot/my_backup/snapshot_1?wait_for_completion=true"

# list snapshots:
curl -XGET 'localhost:9200/_snapshot/my_backup/_all?pretty'

Restore backup

curl -XPOST "localhost:9200/_snapshot/my_backup/snapshot_1/_restore?wait_for_completion=true"

Delete snapshot

curl -XDELETE 'localhost:9200/_snapshot/my_backup/snapshot_1'

Requirement

Elasticsearch

Create Backup

Restore backup

Delete snapshot

Your support is our everlasting motivation, that cup of coffee is what keeps us going!

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!