Runbook

Elasticsearch Cluster Red Incident on Kubernetes.

Back to Runbooks

Overview

The Elasticsearch Cluster Red incident occurs when the Elasticsearch cluster is experiencing issues and is in a critical state. This can cause interruptions to the functionality of various systems that rely on Elasticsearch. Immediate attention is required to resolve the issue and restore the Elasticsearch cluster to a healthy state.

Parameters

Debug

Get the name of the Elasticsearch cluster

Describe the Elasticsearch cluster to get more details

Check the Elasticsearch cluster health

Check the Elasticsearch cluster status

Check the Elasticsearch cluster logs

Check the Elasticsearch cluster configuration for any errors

Check the Elasticsearch cluster nodes

Network issues: Elasticsearch cluster red status can also be caused by network issues. This can occur when there are network connectivity issues between the nodes in the cluster or when the network is not properly configured.

Repair

Restart Elasticsearch nodes: If the issue is minor and isolated to a few nodes, restarting the nodes can help resolve the issue. However, if the issue is more severe, restarting the entire cluster may be necessary.

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.