All the indices data are saved at /var/lib/elasticsearch by default.
Is it necessary to backup indices by snapshot?
They are both cold data saved in disk, what is the difference between them?
Snapshots are an incremental, point-in-time copy of the index. So the first time you take a snapshot, it will be very similar to the index stored in the data directory (barring some differences in serialization format).
But the second snapshot you take will only record the delta between the current index and the last snapshot. So it will be considerably smaller than a complete backup of the index. Each new snapshot is basically just recording deltas from the available data in the snapshot repository.
The other large difference is that snapshots are static, while the indices in the data directory can be changed at any time by clients, kibana, etc 
It's the data in the index and is live, not static like a backup.
Sooo.... snapshots are used for backups when you need to recover after some kind of disaster. Data in your /var/lib/elasticsearch directory is your "live" data that you interact with on a daily basis.
Thanks a lot for your explanation, but I am still a little confused...
Is there a guide about this...?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.