When it comes to performing backups in Graylog, there is not only one solution. You need to consider what type of backup will suit your needs.

Your Graylog Server setup and settings are easy to backup with a MongoDB dump and a filesystem backup of all configuration files.

The data within your Elasticsearch Cluster can take the advantage of the Snapshot and Restore function that is offered by Elasticsearch.

Disaster Recovery

In order to restore Graylog after a total System crash you would need the Graylog server.conf file - to be exact you would need the key you used for the password_secret in the configuration. The second important part is MongoDB. This database contains all configurations. Possible options how-to backup MongoDB can be found in MongoDB documentation.

If you need to restore log data, you can do this using the archiving feature of Graylog Operations or any other Elasticsearch backup and restore option. Merely copying the data directories of your Elasticsearch nodes might not work. You might not be able to restore from that.

You should implement the ability to make a data dump and restore that for databases like Elasticsearch and MongoDB - if you want to be able to restore the current state.