Backup and Disaster Recovery

This section covers Energy Logserver snapshot-based backup for disaster recovery. For configuration backup (system indexes, templates, Network Probe and GUI config), see Backup and Restore.

Note

A complete backup strategy should also cover the following components outside of ELS Data Node snapshots:

  • License Service configuration: /etc/logserver/license-service/

  • Intelligence data: /etc/logserver/intelligence/

  • Credential keystore: /etc/logserver-store/logserver.keystore

Automated Backup Configuration

#!/bin/bash
# backup-script.sh
BACKUP_REPO="/backup/logserver"
DATE=$(date +%Y%m%d-%H%M%S)
# Create backup repository
curl -u $USER:$PASSWORD -X PUT "localhost:9200/_snapshot/backup_repo" \
  -H 'Content-Type: application/json' \
  -d '{
    "type": "fs",
    "settings": {
      "location": "'$BACKUP_REPO'"
    }
  }'
# Create snapshot
curl -u $USER:$PASSWORD -X PUT "localhost:9200/_snapshot/backup_repo/snapshot_$DATE" \
  -H 'Content-Type: application/json' \
  -d '{
    "indices": "*",
    "ignore_unavailable": true,
    "include_global_state": false,
    "metadata": {
      "taken_by": "automated_backup",
      "taken_because": "scheduled_backup"
    }
  }'
# Cleanup old snapshots (keep last 7 days)
OLD_SNAPSHOTS=$(curl -s -u $USER:$PASSWORD "localhost:9200/_snapshot/backup_repo/_all" | \
  jq -r '.snapshots[] | select(.start_time_in_millis < (now - 604800) * 1000) | .snapshot')
for snapshot in $OLD_SNAPSHOTS; do
  curl -u $USER:$PASSWORD -X DELETE "localhost:9200/_snapshot/backup_repo/$snapshot"
done
echo "Backup completed: snapshot_$DATE"

Disaster Recovery Procedures

#!/bin/bash
# disaster-recovery.sh
BACKUP_REPO="/backup/logserver"
SNAPSHOT_NAME=$1
if [ -z "$SNAPSHOT_NAME" ]; then
  echo "Usage: $0 <snapshot_name>"
  echo "Available snapshots:"
  curl -s -u $USER:$PASSWORD "localhost:9200/_snapshot/backup_repo/_all" | jq -r '.snapshots[].snapshot'
  exit 1
fi
echo "Starting disaster recovery from snapshot: $SNAPSHOT_NAME"
# Stop data ingestion
curl -u $USER:$PASSWORD -X PUT "localhost:9200/_cluster/settings" \
  -H 'Content-Type: application/json' \
  -d '{
    "persistent": {
      "cluster.routing.allocation.enable": "primaries"
    }
  }'
# Close indices
curl -u $USER:$PASSWORD -X POST "localhost:9200/_all/_close"
# Restore from snapshot
curl -u $USER:$PASSWORD -X POST "localhost:9200/_snapshot/backup_repo/$SNAPSHOT_NAME/_restore" \
  -H 'Content-Type: application/json' \
  -d '{
    "indices": "*",
    "ignore_unavailable": true,
    "include_global_state": false,
    "rename_pattern": "(.+)",
    "rename_replacement": "restored_$1"
  }'
# Monitor restore progress
while true; do
  STATUS=$(curl -s -u $USER:$PASSWORD "localhost:9200/_recovery" | jq -r '[.[] | select(.stage != "DONE")] | length')
  if [ "$STATUS" = "0" ]; then
    break
  fi
  echo "Restore in progress..."
  sleep 30
done
# Re-enable allocation
curl -u $USER:$PASSWORD -X PUT "localhost:9200/_cluster/settings" \
  -H 'Content-Type: application/json' \
  -d '{
    "persistent": {
      "cluster.routing.allocation.enable": null
    }
  }'
echo "Disaster recovery completed successfully"