• Back Up and Restore Deployments >
• Restore MongoDB Deployments >
• Query a Backup Snapshot

Query a Backup Snapshot

Cloud Manager provides queryable backups. This functionality allows you to more quickly query specific backup snapsnots. You can use the queryable backups to:

• Restore a subset of data within the MongoDB deployment.
• Compare previous versions of data against the current data.
• Identify the best point in time to restore a system by comparing data from multiple snapshots.

Considerations

Read-Only Instance

Cloud Manager provisions these queryable snapshots as read-only MongoDB instances.

Important

These instances are available for up to 24 hours.

Query Restrictions on the Queryable Snapshots

You cannot perform the following operations on queryable snapshots:

• Map-reduce operations.
• Queries that require disk usage, such as running aggregation with the allowDiskUse option to perform large sort operations.

Cannot Query Snapshots on Encrypted Snapshots

If you encrypted your snapshots, you cannot query those encrypted snapshots.

Connection Methods

Connections to these instances are over TLS/SSL and require x.509 authentication. Cloud Manager provides:

• An executable that creates a tunnel which handles the connection, including the client TLS/SSL and the x.509 authentication.
• x.509 certificates if you want to handle the connection details manually, including the TLS/SSL and the x.509 authentication.

Prerequisites

Queryable backups are available for MongoDB 3.2 or later replica sets or MongoDB 3.2 or later sharded clusters with CSRS.

Query Backup (Use Tunnel to Connect)

Note

The tunnel handles the security (TLS/SSL and x.509 authentication) for connecting to the instance.

1

Go to Backup view and click the Overview tab.

For the deployment whose backup you want to query, click the ellipsis button under Options column and select Query.

You can also click the deployment to view its snapshots and click the Query button under the Actions column.

2

Follow the prompts to query a backup snapshot.

1. Select the snapshot to query and click Next.

2. Start the process to query a snapshot. You will be prompted for 2-factor verification.

3. Select Backup Tunnel as the connection method to the queryable snapshot.

4. Select your Platform and download.

5. Uncompress the downloaded file.

6. Open a terminal or command prompt and go to the uncompressed <tunnel> directory. Run the executable to start the tunnel.

   The default port for the tunnel is 27017. To change the port, use the --local flag, as in the following example:

   copy

   ./<tunnel executable> --local localhost:27020
   

   Note

   If you change the port, you must include the port information when connecting.

   For the full list of options you can pass to the tunnel, run the tunnel exectuable with the -h option:

   copy

   ./<tunnel executable> -h
   

7. Use mongosh or a MongoDB driver to connect to the backup via the tunnel.

   • If connecting locally from the same machine as where the tunnel is running, you do not need to specify a connection string or host information. Otherwise, specify a connection string or host information for the machine where the tunnel is running.
   • If you have changed the port that the tunnel is listening on, you must specify the port information when connecting.

Tip

Once you have finished querying this snapshot, you can terminate the queryable instance:

1. Go to the Restore History and hover over the Status column for the deployment item.
2. Click Cancel.

Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM

If you restore an encrypted snapshot that Cloud Manager encrypted with AES256-GCM, rotate your master key after completing the restore.

Query Backup (Handle TLS Authentication Manually)

Note

The X.509 certificates are valid for 24 hours.

1

Go to Backup view and click the Overview tab.

For the deployment whose backup you want to query, click ellipsis icon under Options column then select Query.

You can also click the deployment to view its snapshots and click the Query button under the Actions column.

2

Follow the prompts to query a backup snapshot.

1. Select the snapshot to query and click Next.

2. Start the process to query a snapshot. If prompted for your password, enter your password to verify.

3. Select Connect Manually as the connection method to the queryable snapshot.

4. Download the X.509 client PEM file.

5. Download the Certificate Authority PEM file.

6. Use mongosh or a MongoDB driver to connect to the queryable backup host. To connect, you must specify the hostname and port, the TLS option, and the X.509 certificates.

   Example

   If using mongosh to connect to the instance:

   copy

   mongosh my-queryable-backup-host.mongodb.com:27217 \
         --tls --tlsCertificateKeyFile <client certificate> \
         --tlsCAFile mms-backup-ca.pem
   

Tip

Once you have finished querying this snapshot, you can terminate the queryable instance:

1. Go to the Restore History and hover over the Status column for the deployment item.
2. Click Cancel.

Rotate Master Key after Restoring Snapshots Encrypted with AES256-GCM

If you restore an encrypted snapshot that Cloud Manager encrypted with AES256-GCM, rotate your master key after completing the restore.

Next Steps

To restore a database or a collection using the queryable backup MongoDB instance, see Restore a Database or Collection from Queryable Backup.

←   Restore a Replica Set from a Snapshot Restore a Single Database or Collection  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.