Backup and Disaster Recovery

Energy Logserver provides two backup mechanisms:

Configuration backup — the configuration-backup.sh script saves configuration files, system indices, and templates to a local archive. This script is included with the installation and is offered automatically before each upgrade. See Backup and Restore for details.
Snapshot backup — Elasticsearch snapshot API for full index data backup and disaster recovery. This requires a configured snapshot repository (described below).

Configuration Backup

The built-in configuration-backup.sh script creates a timestamped archive in /root/:

bash /usr/share/elasticsearch/utils/configuration-backup.sh

The archive includes: Elasticsearch config, GUI config, Network Probe config, alert config, cerebro config, skimmer config, intelligence config, license-service config, e-doc config, credential keystore, system indices data, and templates.

To schedule automatic backups, add a cron entry:

0 1 * * * root /usr/share/elasticsearch/utils/configuration-backup.sh

Snapshot Backup

For full index data backup, use the Elasticsearch snapshot API. This requires configuring a shared filesystem repository.

1. Configure snapshot repository path

Add the repository path to the Elasticsearch configuration on every data node:

# /etc/elasticsearch/elasticsearch.yml
path.repo: ["/mnt/snapshots"]

Restart the data node service after changing the configuration:

systemctl restart logserver

2. Register the repository

curl -u $USER:$PASSWORD -X PUT "localhost:9200/_snapshot/backup_repo" \
  -H 'Content-Type: application/json' -d '{
  "type": "fs",
  "settings": {
    "location": "/mnt/snapshots"
  }
}'

3. Create a snapshot

curl -u $USER:$PASSWORD -X PUT "localhost:9200/_snapshot/backup_repo/snapshot_$(date +%Y%m%d)" \
  -H 'Content-Type: application/json' -d '{
  "indices": "*",
  "ignore_unavailable": true,
  "include_global_state": true
}'

4. List existing snapshots

curl -u $USER:$PASSWORD "localhost:9200/_snapshot/backup_repo/_all?pretty"

Disaster Recovery from Snapshot

1. Stop services

systemctl stop logserver-gui logstash alert cerebro e-doc skimmer \
  intelligence intelligence-scheduler license-service

2. Restore from snapshot

curl -u $USER:$PASSWORD -X POST \
  "localhost:9200/_snapshot/backup_repo/SNAPSHOT_NAME/_restore" \
  -H 'Content-Type: application/json' -d '{
  "indices": "*",
  "ignore_unavailable": true,
  "include_global_state": true
}'

3. Monitor restore progress

curl -u $USER:$PASSWORD "localhost:9200/_cat/recovery?v&active_only=true"

4. Start services

systemctl start logserver-gui alert cerebro e-doc skimmer \
  intelligence intelligence-scheduler license-service logstash