In Elasticsearch, restore refers to the snapshot restore mechanism, which returns indices or clusters to a previous, saved state. You can restore the entire cluster from the snapshot or restore an individual index or selected indices.


To restore the whole snapshot:

POST /_snapshot/my_backup/snapshot-01-11-2019/_restore

To restore an individual index:

POST /_snapshot/my_backup/snapshot-01-11-2019/_restore
  "indices": "my_index"


  • If you are using a security tool like Searchguard, the snapshot restore capability must be enabled in elasticsearch.yml. Otherwise, it will throw a security exception.

Common issues

  • If an index or indices already exist with the same names as those you are going to restore, they need to either be closed or deleted before you can restore from a snapshot. Otherwise, the restore operation will fail due to an error that the index already exists.

