You require Python language in the target box to execute the restore script. Ensure that the restore script brings up a single node cluster and you will also need to import or install new nodes later. In case all nodes are inactive and you need to restore the data that from a snapshot, mount the shard directory to /var/elasticsearch/snapshot and run the command "sh /opt/novell/nam/scripts/ELKRestore.sh".
NOTE:If you are using RHEL, ensure you install python3 using yum install python3 command.
After restoring the snapshot successfully, run the following command to create template for Elasticsearch:
curl -XPUT "http://{elastic_ip}:9200/_template/dashboard" -H 'Content-Type: application/json' -d'{ "template" : "dashboard-*", "settings" : {"number_of_shards" : 1 }, "mappings": {"properties": {"@timestamp": {"type": "date"},"createDate": {"type": "date"},"@version": {"type": "keyword"},"appdata": { "type":"nested","include_in_parent":true,"properties": { "accessType": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "appName": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "eventTime": { "type": "text", "norms": false, "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }}},"browserName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"healthClusterID": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"contractName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"countryCode": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"healthClusterName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"healthDeviceID": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"deviceName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"healthDeviceName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"health": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"eventType": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"riskLevel": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"eventID": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"failedCount": {"type": "long"},"geoIP": {"dynamic": "true","properties": { "ip": { "type": "ip" }, "latitude": { "type": "half_float" }, "location": { "type": "geo_point" }, "longitude": { "type": "half_float" }}},"loginCount": {"type": "long"}, "usersCount": {"type": "long"}, "sessionscount": {"type": "long"}, "agRequest": {"type": "long"},"cacheUtil": {"type": "long"},"sessionID": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"sourceIP": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"timestamp": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}},"userName": {"type": "text","norms": false,"fields": { "keyword": { "type": "keyword", "ignore_above": 256 }}} } },"aliases" : {"historic" : {},"realtime":{"filter" : {"range" : { "createDate": { "gt" : "now-7d" }}} }}}'
NOTE:The elastic_ip can be either the IP of the node in case you are in dashboard cluster or 127.0.0.1, in case you are not using a cluster configuration.