Elasticsearch Cluster

30% OFF - 9th Anniversary discount on Entity Framework Extensions until December 15 with code: ZZZANNIVERSARY9


Cluster Health provides a lot of information about the cluster, such as the number of shards that are allocated ("active") as well as how many are unassigned and relocating. In addition, it provides the current number of nodes and data nodes in the cluster, which can allow you to poll for missing nodes (e.g., if you expect it to be 15, but it only shows 14, then you are missing a node).

For someone that knows about Elasticsearch, "assigned" and "unassigned" shards can help them to track down issues.

The most common field checked from Cluster Health is the status, which can be in one of three states:

  • red
  • yellow
  • green

The colors each mean one -- and only one -- very simple thing:

  1. Red indicates that you are missing at least one primary shard.
    • A missing primary shard means that an index cannot be used to write (index) new data in most cases.
      • Technically, you can still index to any primary shards that are available in that index, but practically it means that you cannot because you do not generally control what shard receives any given document.
      • Searching is still possible against a red cluster, but it means that you will get partial results if any index you search is missing shards.
    • In normal circumstances, it just means that the primary shard is being allocated (initializing_shards).
    • If a node just left the cluster (e.g., because the machine running it lost power), then it makes sense that you will be missing some primary shards temporarily.
      • Any replica shard for that primary shard will be promoted to be the primary shard in this scenario.
  2. Yellow indicates that all primary shards are active, but at least one replica shard is missing.
    • A missing replica only impacts indexing if consistency settings require it to impact indexing.
      • By default, there is only one replica for any primary and indexing can happen with a single missing replica.
    • In normal circumstances, it just means that the replica shard is being allocated (initializing_shards).
    • A one node cluster with replicas enabled will always be yellow at best. It can be red if a primary shard is not yet assigned.
      • If you only have a single node, then it makes sense to disable replicas because you are not expecting any. Then it can be green.
  3. Green indicates that all shards are active.
    • The only shard activity allowed for a green cluster is relocating_shards.
    • New indices, and therefore new shards, will cause the cluster to go from red to yellow to green, as each shard is allocated (primary first, making it yellow, then replicas if possible, making it green).
      • In Elasticsearch 5.x and later, new indices will not make your cluster red unless it takes them too long to allocate.

Got any Elasticsearch Question?