Create snapshots of elasticsearch indexes

index_snapshot.py

#!/usr/bin/python3
"""
This script simply creats a snapshot of the configured index pattern 
I use it with cron to create daily backups: 
$ ln -s /usr/local/bin/index_snapshot.py /etc/cron.daily/

"""

import elasticsearch
import time
import traceback

#----
# Edit these variables to match your setup.
backup_repo = "thehive_backups"
backup_location = "/opt/backup" #must be in path.repo in your elasticsearch.yml
index_pattern = "thehive*"
snapshot_prefix = "snapshots" 

elastic_user = "username"
elastic_password = "password"
elastic_host = "127.0.0.1"

#-----
repo_body = '''{
  "type": "fs",
  "settings": {
    "location": "'''+backup_location+'''"
  }
}
'''

snap_body = '''{
   "indices": "'''+index_pattern+'''",
   "ignore_unavailable": true,
   "include_global_state": false
 }
 '''


es = elasticsearch.Elasticsearch(elastic_host ,http_auth=(elastic_user,elastic_password))
snapc = elasticsearch.client.SnapshotClient(es)
try:
    snapc.get_repository(backup_repo)
except elasticsearch.exceptions.NotFoundError:
    print("Repository {} does not exist, attempt to create it now.".format(backup_repo))
    snapc.create_repository(backup_repo,repo_body)

ts = str(int(time.time()))
snap_name = snapshot_prefix+"_"+ts
try:
    snapc.create(backup_repo,snap_name,wait_for_completion=True,body=snap_body)
    print("Finished creating snapshot "+snap_name)
except Exception:
    print("error creating snapshot "+snap_name)
    traceback.print_exc()