We are using Elasticsearch v7.10 and want to add a snapshot policy to our cluster. We want to be able to restore specific indexes even after few years.
On the one hand it is recommended to take frequent snapshots (~every 30 minuets - Set up snapshot policy) but on the other hand it is not a best practice to accumulate thousands of snapshots, because it requires more memory on the master node and can destabilize it. It is recommended to include retention rules in the SLM policy (Snapshot retention limits).
I need to be able to restore at least 1 snapshot from each month in the last 7 years - is it possible? how does my SLM policy/ies and retention rules should look like?
firstly, update Elasticsearch, and keep as up to date as you can. 8.X is now current and 7.X is only patched at the 7.16 level. but you're on 7.10, which was released in (late) 2020
second, you might want more than one slm policy. so something that you can use to take shorter snapshots that are discarded more frequently, versus monthly ones that you use for long term retention requirements
you can then look at making yearly snapshot repositories for the monthly snapshots, that means you can easily drop repos you don't need