Skip to content

Elasticsearch Backup Overview

There are two types of Elasticsearch repositories, both of which are of the File System type. For more information, read Elasticsearch File System Repository Documentation.

The two repositories are:

Continuous_backup

Used for backing up the whole cluster. This repository holds snapshots that are taken every hour with the following name format: fam-backup-yyyy.MM.dd-hh:mm:ss-UUID. Every snapshot will be saved for 60 days.

  • This repository can contain up to 1500 snapshots (in case snapshots are also created manually).
  • It requires a minimum of 100 snapshots.

Retention_backup

Used for backing up the event indices that are deleted in the activity data retention process. A snapshot of the deleted indices will be created with the following name format: retention_backup-yyyy.MM.dd-hh:mm:ss. These snapshots will be saved forever.