Hi
A graylog system work with 3 components.
You should backup each one.
Generally - backup each config file.
Mongodb - contains the graylog settings., you can backup with mongodump
Elasticsearch - contains the logs - you can check elastic snapshots or elasticdump
Graylog - You need the config file only.
I use this script
#!/bin/bash
HOST=`hostname`
/usr/bin/rm -f /backup/graylog_components_config.$HOST.tar.4
/usr/bin/mv -f /backup/graylog_components_config.$HOST.tar.3 /backup/graylog_components_config.$HOST.tar.4
/usr/bin/mv -f /backup/graylog_components_config.$HOST.tar.2 /backup/graylog_components_config.$HOST.tar.3
/usr/bin/mv -f /backup/graylog_components_config.$HOST.tar.1 /backup/graylog_components_config.$HOST.tar.2
/usr/bin/mv -f /backup/graylog_components_config.$HOST.tar /backup/graylog_components_config.$HOST.tar.1
/usr/bin/tar cvf /backup/graylog_components_config.$HOST.tar /etc/mongodb-keyfile /etc/mongod.conf /etc/elasticsearch/elasticsearch.yml /etc/graylog/server/server.conf /etc/graylog/server/node-id
/usr/bin/rm -fr /backup/$HOST.mongodump.4
/usr/bin/mv -f /backup/$HOST.mongodump.3 /backup/$HOST.mongodump.4
/usr/bin/mv -f /backup/$HOST.mongodump.2 /backup/$HOST.mongodump.3
/usr/bin/mv -f /backup/$HOST.mongodump.1 /backup/$HOST.mongodump.2
/usr/bin/mv -f /backup/$HOST.mongodump /backup/$HOST.mongodump.1
/usr/bin/mongodump --host $HOST:27017 -u USER -p PASS -d DATABASE -o /backup/$HOST.mongodump
And a script to make snapshot based on the official solution
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html