All persistent data are stored in ElasticSearch database. The backup and restore procedures are the ones that are detailed in ElasticSearch documentation.
Note: you may have to adapt you indices in the examples below. To find the right indice, use the following command :
curl 'localhost:9200/_cat/indices?v'
First you must define a location in local filesystem (where ElasticSearch instance runs) where the backup will be
written. Be careful if you run ElasticSearch in Docker, the directory must be mapped in host filesystem using --volume
parameter (cf. Docker documentation).
Create a ElasticSearch snapshot point with the following command :
$ curl -XPUT 'http://localhost:9200/_snapshot/the_hive_backup' -d '{
"type": "fs",
"settings": {
"location": "/absolute/path/to/backup/directory",
"compress": true
}
}'
Start the backup by executing the following command :
$ curl -XPUT 'http://localhost:9200/_snapshot/the_hive_backup/snapshot_1' -d '{
"indices": "the_hive_10"
}'
You can backup the last index of TheHive (you can list indices in you ElasticSearch cluster with
curl -s http://localhost:9200/_cat/indices | cut -d ' ' -f3 ) or all indices with _all value.
Restore will do the reverse actions : it reads backup in your snapshot directory and load indices in ElasticSearch cluster. This operation is done with this command :
$ curl -XPOST http://localhost:9200/_snapshot/the_hive_backup/snapshot_1/_restore
{
"indices": "the_hive_10"
}