Backing up and restoring indexes

Steps to back up and restore.

Backing up and restoring Audit Store indexes is essential for maintaining the reliability of Protegrity AI Team Edition. The Audit Store holds critical operational and audit data used for monitoring, troubleshooting, and compliance. Regular backups protect this data from loss due to failures, upgrades, or misconfiguration, while restore capabilities enable quick recovery and minimal downtime. A well-defined backup and restore strategy helps ensure data durability and platform stability.

Note: Use a dedicated backup bucket per cluster to prevent data corruption. Only snapshots backed up using the daily-insight-snapshots policy are restored during disaster management. Do not delete this policy.

Understanding the snapshot policy

Policies are defined for backing up Audit Store indexes regularly. This ensures that data is available for restoring the indexes and logs in case of data corruption or data deletion. This policy is different from the Index Statement Management (ISM) for rolling over indexes and deleting indexes for maintenance and ensuring the system works fast and smooth. For more information about ISM, refer to Index State Management (ISM). Indexes deleted by ISM can be recreated using the backup created. The state of the indexes are tracked and backed up when the policy is run. Any updated made to the index during the snapshot creation are not backed up during the current run. They will be backed up when the policy is run again as per the schedule set.

The following criteria is specified for creating backups:

  • Policy settings
    • Policy name: daily-insight-snapshots
    • Indices: *, -*-restored, -*_restored, -restored_*
    • Repository: insight-snapshots
    • Include cluster state: true
    • Ignore unavailable indices: true
    • Allow partial snapshots: false
  • Snapshot schedule
    • Frequency: Daily
    • Cron schedule: 3:00 am UTC (UTC)
  • Snapshot retention period
    • Maximum age of snapshots: 60d
    • Minimum of snapshots retained: 1
    • Maximum of snapshots retained: undefined
    • Frequency: Daily
    • Cron schedule: 4:00 am UTC (UTC)
  • Notification
    • Notify on snapshot activities: creation, deletion, failure

Managing the backup policy

The default policy provides a Recovery Point Objective (RPO) of 24 hours. Update the snapshot schedule to modify the backup policy based on the required RPO and Recovery Time Objective (RTO).

View and update the policy using the following steps.

  1. Log in to the Insight Dashboard.
  2. Select the main menu.
  3. Navigatie to Management > Snapshot Management > Snapshot policies.
  4. Click the daily-insight-snapshots policy.
  5. Click Edit.
  6. Update the required parameters, such as, the snapshot schedule.
  7. Select the retention period and number of snapshots to be retained.
  8. Select the deletion frequency for the snapshot. This is the scheduled task run for deleting snapshots that no longer need to be retained.
  9. Select the required Notifications check boxes for receiving notifications.
  10. Click Update.

The new backup policy settings are used for creating the restore points.

For disaster management, to restore the system and the indexes, refer to restoring. A snapshot needs to be available before it can be restored.


Last modified : April 06, 2026