Introduction Elasticsearch cluster health in red or yellow status means data is at risk or search performance is degraded. Red status means primary shards are unassigned (data loss), yellow means replica shards are unassigned (reduced redundancy).
Symptoms - `GET _cluster/health` returns status: "red" or "yellow" - Unassigned_shards count > 0 - Search queries return partial results - Indexing rate drops significantly - Kibana dashboards show missing data
Common Causes - Node went down and shards became unassigned - Disk watermark exceeded (disk space full) - Shard allocation disabled - Too many shards for cluster capacity - Network split between nodes
Step-by-Step Fix 1. **Check cluster health**: ```bash curl -s 'localhost:9200/_cluster/health?pretty' ```
- 1.Find unassigned shards and reasons:
- 2.```bash
- 3.curl -s 'localhost:9200/_cluster/allocation/explain?pretty'
- 4.
` - 5.Check disk watermarks:
- 6.```bash
- 7.curl -s 'localhost:9200/_cat/allocation?v'
- 8.# If disk usage > 90%, shards won't allocate
- 9.curl -s 'localhost:9200/_cluster/settings?pretty' | grep watermark
- 10.
` - 11.Free disk space or adjust watermarks:
- 12.```bash
- 13.curl -X PUT 'localhost:9200/_cluster/settings' -H 'Content-Type: application/json' -d '{
- 14."transient": {
- 15."cluster.routing.allocation.disk.watermark.low": "90%",
- 16."cluster.routing.allocation.disk.watermark.high": "95%"
- 17.}
- 18.}'
- 19.
`