Using Searchable Snapshots in Elasticsearch

Pulse - Elasticsearch Operations Done Right

On this page

Steps to Implement Searchable Snapshots Best Practices and Additional Information Frequently Asked Questions

Searchable snapshots are beneficial when you need to:

  1. Reduce storage costs for infrequently accessed data
  2. Maintain searchability of historical data without keeping it on expensive storage
  3. Implement a tiered storage strategy for your Elasticsearch cluster
  4. Improve cluster recovery times after a failure

Steps to Implement Searchable Snapshots

  1. Enable the feature: Ensure that your Elasticsearch license supports searchable snapshots (available in Platinum and above).

  2. Configure a snapshot repository:

    PUT /_snapshot/my_repository
{
  "type": "fs",
  "settings": {
    "location": "/path/to/snapshot/repository"
  }
}

  3. Create a snapshot:

    PUT /_snapshot/my_repository/my_snapshot

  4. Mount the snapshot as a searchable snapshot:

    POST /_snapshot/my_repository/my_snapshot/_mount
{
  "index": "my_index",
  "renamed_index": "mounted_index",
  "index_settings": {
    "index.number_of_replicas": 0
  }
}

  5. Configure ILM policy (optional): Set up an Index Lifecycle Management policy to automatically move indices to searchable snapshots based on age or size.

  6. Search the mounted index: Use the mounted index in your search queries as you would with any other index.

Best Practices and Additional Information

  • Use searchable snapshots for cold or frozen tiers in a data tiering strategy
  • Combine with data streams for efficient time-series data management
  • Monitor performance and adjust settings as needed
  • Regularly test recovery scenarios to ensure data availability

Frequently Asked Questions

Q: What are the storage requirements for searchable snapshots?
A: Searchable snapshots require a shared file system or object store that is accessible to all nodes in the cluster. The storage should be reliable and have sufficient capacity to store your snapshot data.

Q: Can I write to an index that's mounted as a searchable snapshot?
A: No, indices mounted as searchable snapshots are read-only. If you need to modify the data, you should restore the snapshot to a regular index first.

Q: How do searchable snapshots affect search performance?
A: Search performance on searchable snapshots may be slower compared to regular indices, especially for full-text search. They are best suited for infrequently accessed data where storage cost savings outweigh performance considerations.

Q: Can I use searchable snapshots with all index types?
A: Most index types are compatible with searchable snapshots. However, some features like cross-cluster replication are not supported with searchable snapshots.

Q: How do I migrate from regular indices to searchable snapshots?
A: To migrate, first create a snapshot of your existing index, then mount it as a searchable snapshot. Update your applications to point to the new mounted index name. Finally, delete the original index if it's no longer needed.

Pulse - Elasticsearch Operations Done Right

Stop googling errors and staring at dashboards.

Free Trial

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.

We use cookies to provide an optimized user experience and understand our traffic. To learn more, read our use of cookies; otherwise, please choose 'Accept Cookies' to continue using our website.