Elasticsearch 8.5.2 -- Restoring datastreams isn’t working as planned

Hello, I encountered an issue during a datastream restore this morning:

What I want to achieve:

• restore the backuped indices from may 2023 in the same current working datastream ; I would like to avoid interruption of service as the dataflow are bulking continuously into the datastream.

The behaviour I observed:

• restoring the latest may 2023 snapshot overwrite the current datastream
• it does not break the data indexation, but redirect the flow not in a july (date of the day) indices BUT in a old 31th of may indices.
• all indices starting from june until today are still present on the cluster BUT NOT LINKED to the datastream anymore and therefore not searchable in kibana discover section

How can I fix this situation?

Thanks in advance for your time and help.

kr,

ps: the procedure I followed:

• Restore a managed data stream or index | Elasticsearch Guide [8.8] | Elastic
• restore from the kibana UI, selecting only the datastream I would like to restore -> didn't expect that will overwrite the current one ; Do I have to select, unselect or specify a particular parameters to achive this ?

nb: related topcis:

• Restoring datastreams isn’t working as planned
• Restore historical into data stream - Elastic Stack / Elasticsearch - Discuss the Elastic Stack

In order to fix the no more linked indices, we can use the api:

POST _data_stream/_modify
{
  "actions": [
  
    {
      "add_backing_index": {
        "data_stream": "lyourdsnamehere-default",
        "index": ".ds-logs-yourdsnamehere-2023.06.02-000085"
      }
    }
  ]
}

BUT I still wondering what is the best approach to restore old index of a datastream into the datastream without breaking anything

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.