If you use ElasticSearch for Log analysis, you probably need to have backup and retirement strategy. It’s very handy to store a backup on a S3 bucket and configure lifecycle on that S3 bucket. I know there is a plugin (curator) that can do this but I preferred to use another approach and use ElasticSearch REST API’s. Here is a step to step guide about how to achieve this:
1) install AWS plugin:
https://www.elastic.co/guide/en/elasticsearch/plugins/current/cloud-aws.html
2) create repository in your Elasticsearch cluster:
curl -XPUT 'localhost:9200/_snapshot/backup_s3_repository?pretty' -d'
{
"type": "s3",
"settings": {
"bucket": "BUCKETNAME",
"region": "REGION",
"base_path": "DIRECTORY_NAME WITHIN BUCKET"
}
}'
Notes
- AWS plugin should be installed on all nodes and services should be restarted to recognize plugin; otherwise you will get this error:
“Unknown [repository] type [s3]”
- If
httpsis enabled for ElasticSearch, use:
curl -XPUT ‘https://localhost:9200/_snapshot/backup_s3_repository?…
3) create snapshot:
curl -k -XPUT ‘https://localhost:9200/_snapshot/backup_s3_repository/snapshot_name?pretty?wait_for_completion=true’
4) create a cron job for taking snapshots (for step 3). You can skip `wait_for_completion=true` in cron job
5) Configure Lifecycle for that S3 bucket.
Net Tweets 