0
0
ElasticsearchDebug / FixIntermediate · 4 min read

How to Fix Cluster Red Status in Elasticsearch Quickly

A red cluster status in Elasticsearch means one or more primary shards are missing or unassigned. To fix it, check shard allocation, disk space, and node health, then reroute or recover shards using Elasticsearch APIs like _cluster/reroute or by restarting nodes.
🔍

Why This Happens

A red cluster status means Elasticsearch cannot allocate one or more primary shards. This usually happens if nodes are down, shards are corrupted, or there is not enough disk space. When primary shards are missing, the cluster cannot serve data properly.

json
GET /_cluster/health

Response:
{
  "status": "red",
  "number_of_nodes": 2,
  "unassigned_shards": 3
}
Output
{ "status": "red", "number_of_nodes": 2, "unassigned_shards": 3 }
🔧

The Fix

First, check which shards are unassigned using GET /_cat/shards?v. Then, ensure all nodes are running and have enough disk space. You can try to reroute shards manually or restart nodes to trigger shard recovery. If shards are corrupted, restore from a snapshot.

json
POST /_cluster/reroute
{
  "commands": [
    {
      "allocate_stale_primary": {
        "index": "my_index",
        "shard": 0,
        "node": "node-1",
        "accept_data_loss": true
      }
    }
  ]
}
Output
{ "acknowledged": true }
🛡️

Prevention

To avoid cluster red status in the future, monitor node health and disk space regularly. Use shard allocation awareness to distribute shards evenly. Set up automated alerts for unassigned shards and perform regular snapshots for quick recovery.

⚠️

Related Errors

Similar errors include yellow cluster status, which means replicas are unassigned but primary shards are fine, and master_not_discovered_exception, which happens if the cluster cannot elect a master node. Fixes usually involve node restarts and configuration checks.

Key Takeaways

Red status means primary shards are missing or unassigned.
Check node health, disk space, and shard allocation to fix red status.
Use _cluster/reroute API to manually allocate shards if needed.
Regular monitoring and snapshots help prevent cluster red status.
Related errors like yellow status indicate replica issues, not primary shard loss.

Related by keyword

Elasticsearch Green, Yellow, Red Status ExplainedCluster ManagementHow to Check Cluster Health in Elasticsearch QuicklyCluster ManagementHow to Check Cluster Stats in Elasticsearch QuicklyCluster ManagementHow to Add a Node to an Elasticsearch Cluster EasilyCluster ManagementHow to Monitor Elasticsearch Cluster: Key Commands and TipsCluster Management

Up next

How to Use API Key in Elasticsearch for Secure AccessHow to Use Role Based Access Control in ElasticsearchElasticsearch vs Algolia: Key Differences and When to Use EachElasticsearch vs MongoDB: Key Differences and When to Use Each

More in Common Errors

How to Fix Circuit Breaker Exception in ElasticsearchHow to Fix Index Read Only Error in Elasticsearch QuicklyHow to Fix Mapping Conflict in ElasticsearchHow to Fix Out of Memory Errors in Elasticsearch