Greetings. I run the Graylog Open edition that uses ElasticSearch under the hood. Unfortunately, the archive feature is behind a paywall. Nonetheless, I need to backup my data and snapshots are the best way.
I have been following the instructions found here: Create a snapshot | Elasticsearch Guide [8.3] | Elastic (and the links contained therein) but have run into the following error when attempting to set the SLM policy:
curl -X PUT "localhost:9200/_slm/policy/daily-snapshots?pretty" -H 'Content-Type: application/json' -d @elastic_SLM_policy
Here is my @elastic_SLM_policy:
{
"schedule": "0 */12 * * * ?",
"name": "<every12h-snap-{now/d}>",
"repository": "my_fs_backup",
"config": {
"indices": "*",
"include_global_state": true
},
"retention": {
"expire_after": "90d",
"min_count": 5,
"max_count": 180
}
}
And I receive the following error:
{
"error" : {
"root_cause" : [
{
"type" : "index_not_found_exception",
"reason" : "no such index [_slm]",
"resource.type" : "index_expression",
"resource.id" : "_slm",
"index_uuid" : "_na_",
"index" : "_slm"
}
],
"type" : "index_not_found_exception",
"reason" : "no such index [_slm]",
"resource.type" : "index_expression",
"resource.id" : "_slm",
"index_uuid" : "_na_",
"index" : "_slm"
}, "status" : 404
}
Thank you for all your help!