Skip to main content

OpenSearch Operations: Backup, Scaling, and Cluster Management

Published: March 5, 2026 Updated: May 8, 2026 Larry Qu 2 min read
Table of Contents

Introduction

Running OpenSearch in production requires careful cluster management, backup strategies, and performance tuning. This guide covers essential operations for maintaining healthy OpenSearch clusters.

Index Management

Index Lifecycle

# Create index with settings
PUT /logs
{
  "settings": {
    "number_of_shards": 5,
    "number_of_replicas": 1,
    "refresh_interval": "1s"
  }
}

# Update index settings
PUT /logs/_settings
{
  "number_of_replicas": 2
}

# Rollover index
POST /logs/_rollover
{
  "conditions": {
    "max_age": "7d",
    "max_size": "50gb"
  }
}

Index Templates

PUT /_index_template/logs-template
{
  "index_patterns": ["logs-*"],
  "template": {
    "settings": {
      "number_of_shards": 3
    },
    "mappings": {
      "properties": {
        "timestamp": { "type": "date" },
        "level": { "type": "keyword" },
        "message": { "type": "text" }
      }
    }
  }
}

Backup and Restore

Snapshot Repository

# Register S3 repository
PUT /_snapshot/my-s3-repo
{
  "type": "s3",
  "settings": {
    "bucket": "my-backup-bucket",
    "region": "us-east-1"
  }
}

# Create snapshot
PUT /_snapshot/my-s3-repo/snapshot-1
{
  "indices": "logs-2026.*",
  "include_global_state": false
}

# Restore snapshot
POST /_snapshot/my-s3-repo/snapshot-1/_restore
{
  "indices": "logs-2026.01",
  "rename_pattern": "logs-2026.01",
  "rename_replacement": "restored-logs"
}

Index Backup

# Reindex to backup
POST /_reindex
{
  "source": { "index": "logs" },
  "dest": { "index": "logs-backup" }
}

Cluster Scaling

Adding Nodes

# opensearch.yml on new node
cluster.name: my-cluster
node.name: node-4
network.host: 0.0.0.0
discovery.seed_hosts: ["10.0.0.1", "10.0.0.2"]

Shard Allocation

# Move shards
POST /_cluster/reroute
{
  "commands": [
    {
      "move": {
        "index": "logs",
        "shard": 0,
        "from_node": "node-1",
        "to_node": "node-2"
      }
    }
  ]
}

# Exclude node from allocation
PUT /_cluster/settings
{
  "transient": {
    "cluster.routing.allocation.exclude._name": "node-1"
  }
}

Performance Tuning

JVM Settings

# jvm.options
-Xms4g
-Xmx4g
-XX:+UseG1GC
-XX:MaxGCPauseMillis=200

Thread Pools

PUT /_cluster/settings
{
  "persistent": {
    "thread_pool.write.queue_size": 1000,
    "thread_pool.search.queue_size": 1000
  }
}

Monitoring

Cluster Health

GET /_cluster/health

GET /_cluster/health/my-index

GET /_cat/shards?v

Node Stats

GET /_nodes/stats

GET /_cat/nodes?v

GET /_cat/indices?v

Security

User Management

# Create user
curl -X PUT "https://localhost:9200/_opendistro/_security/api/internalusers/admin" \
  -H 'Content-Type: application/json' \
  -d '{"password": "admin", "roles": ["admin"]}'

Role-Based Access

PUT /_opendistro/_security/api/roles/custom-role
{
  "cluster_permissions": ["cluster_composite_ops"],
  "index_permissions": [{
    "index_patterns": ["logs-*"],
    "allowed_actions": ["read", "write"]
  }]
}

Conclusion

OpenSearch operations require careful attention to backups, scaling, and monitoring. With proper cluster management practices, your OpenSearch deployment can scale reliably.

Comments

Share this article

Twitter Bluesky Mastodon LinkedIn Facebook Reddit Hacker News WhatsApp Telegram Email

Scan to read on mobile

👍 Was this article helpful?