Restoring OpenSearch data in AWS

If you are using OpenSearch (previously known as the ELK stack) in AWS, have enabled automatic snapshots and by some weird chance, you delete all data by error. There is a way to restore those.

Navigate to Dev Tools in Kibana and get the snapshots using the below request:

GET /_snapshot/cs-automated/_all?pretty

The “pretty” query parameter is not required, but who doesn’t love a nice formatted output (unlike the section below, pfff).

This will return sth like:

{
"snapshots" : [ {
"snapshot" : "2022-01-20t08-59-43.3794103d-234a-uhyas-jhabsdfjhejsj", // this is the id you pick
"uuid" : "some id",
"version_id" : 123123123,
"version" : "6.8.0",
"indices" : [ // ... list of indices ],
"include_global_state" : true,
"state" : "SUCCESS",
"start_time" : "2022-01-20T08:59:43.919Z",
"start_time_in_millis" : 1642669183919,
"end_time" : "2022-01-20T09:00:57.495Z",
"end_time_in_millis" : 1642669257495,
"duration_in_millis" : 73576,
"failures" : [ ],
"shards" : {
"total" : 181,
"failed" : 0,
"successful" : 181
}
},
// more snapshots below.
]
}

Then using the value of the “snapshot” field you do the restore using the below request:

POST /_snapshot/cs-automated/2022-01-20t08-59-43.3794103d-234a-uhyas-jhabsdfjhejsj/_restore

It might take some time, depending on how much you are restoring.