How to monitor Elasticsearch snapshots

mwise29 · November 19, 2020, 8:48pm

I'd like advice on how to monitor snapshots. Is there a way to do it via a monitor? We'd only want the status of the last snapshot taken (report either success or failed).

AClerk · November 19, 2020, 11:37pm

You can use the 'Get Snapshot Status API'

mwise29 · November 20, 2020, 12:30am

I want this to alert me via a monitor if the last snapshot fails. I won't know the snapshot name because we use SLM which appends the unique identifier. Wouldn't I need to know the snapshot name to get the details of the last snapshot with this command?

mwise29 · November 20, 2020, 12:42am

The goal is to create an automated check that would run every X minutes to check the status of the last snapshot. It would then email me the status (success or fail).

mwise29 · November 20, 2020, 4:57pm

Here's how I could do it if I knew the name of the snapshot (snapshot name is v780nightlysnap-2020.11.20-mrage5htsvihwjav6mca5w). The problem is I don't know of a way to get the name of the last snapshot.

{
  "trigger": {
    "schedule": {
      "interval": "30m"
    }
  },
  "input" : {
    "http" : {
      "request" : {
        "host" : "localhost",
        "port" : 9200,
        "path" : "_snapshot/<repo>/v780nightlysnap-2020.11.20-mrage5htsvihwjav6mca5w"
      }
    }
  },
  "actions": {
    "email_action": {
      "email": {
        "to": "XXXXXXXX@XXXXX.com",
        "subject": "Snapshot status",
        "body": "Snapshot status is {{ctx.payload.snapshots.0.state}}"
      }
    }
  }
}

AClerk · November 22, 2020, 10:31pm

You can get all snapshots, either from a specific repository or from all repositories. And then filter for the last one/top one.

mwise29 · November 22, 2020, 11:17pm

I haven't been able to figure out how to filter for just the last one. Do you have sample code for how to do that?

AClerk · November 23, 2020, 1:16am

Search for top hits.
There are multiple examples out there.
By the way, why you are not using an elastic query?

mwise29 · November 27, 2020, 1:48pm

Thanks for the information. I'll check on the top hits. Out of curiosity how would I be able to do a query against the snapshot repository? I tried using _search, but it comes up with no handler found for uri [/_cat/snapshots//_search] and method [GET]. Unfortunately I'm new to elasticsearch. I'm a database administrator that has recently also become the ElasticSearch admin for storage related tasks.

dadoonet · November 27, 2020, 2:05pm

You can't for now. You need to restore first.
It will be supported in the future with the frozen tier.

mwise29 · November 27, 2020, 2:33pm

Thanks for the info. I guess I'll have to continue logging in on the weekends to make sure the last snapshot was successful and current.

dadoonet · November 27, 2020, 5:55pm

Not sure I understood the last part.

If you snapshot your index and have at the end a success status, you'll be all good.

mwise29 · November 27, 2020, 6:13pm

We currently do a snapshot daily via SLM. What I'm trying to do is have some sort of automated daily process that sends me an e-mail with the status of the last snapshot and if it was current so I don't have to check it manually. This would be especially handy on weekends and holidays. Right now I login daily to check it.

dadoonet · November 28, 2020, 4:53am

I'd like to complete my previous answer by linking to this new feature in 7.10.

system · December 26, 2020, 4:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.