In order to be able to quickly restore from backups as an SRE I want a tested, documented process for restoring elastic search for standing up a new logsearch cluster and importing data into it from our s3 backups.
Acceptance Criteria
[ ] Operations docs are updated with a tested process for restoring data into a newly created logsearch deployment running along side our existing deployment
Background
If our logsearch system is breached we may need to preserve it in it's current state for forensic purposes and would need to spin up a new logsearch deployment concurrently to compare data from known-good-backups to what is in the compromised deployment.
In order to be able to quickly restore from backups as an SRE I want a tested, documented process for restoring elastic search for standing up a new logsearch cluster and importing data into it from our s3 backups.
Acceptance Criteria
Background
If our logsearch system is breached we may need to preserve it in it's current state for forensic purposes and would need to spin up a new logsearch deployment concurrently to compare data from known-good-backups to what is in the compromised deployment.