Elasticsearch Backup Overview

There are two types of Elasticsearch repositories and both are the File System type. For more information, read https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-filesystem-repository.html.

The two repositories are:

Continuous_backup

Used for backing up the whole cluster. This repository holds snapshots that are being taken every hour with the following name format "fam-backup-yyyy.MM.dd-hh:mm:ss-UUID." Every snapshot will be saved for 60 days.

This repository can contain up to 1500 snapshots (in case of also creating snapshots manually) and minimum of 100.

Retention_backup

Used for backing up the events indices which are deleted in the activity data retention process. A snapshot of the deleted indices will be created with the following name format: “retention_backup-yyyy.MM.dd-hh:mm:ss." These snapshots will be saved forever.