How do I prevent red status?

Use at least 1 replica shard per index, run a minimum of 3 nodes, monitor disk usage with alerts at 80%, and set up Index Lifecycle Management (ILM) to automatically delete or archive old indices.

Can I force assign unassigned shards?

Yes, using the cluster reroute API: POST _cluster/reroute with allocate_stale_primary. This is a last resort — the shard data may be stale or missing. Only use this if the node holding the shard will not return.

Elasticsearch Cluster Red Status — Unassigned Shards and Data Loss Risk

Criticalsystem

Overview

Fix Elasticsearch cluster red health status caused by unassigned primary shards, node failures, or insufficient disk space preventing data availability.

Key Details

Elasticsearch cluster health: green (all shards assigned), yellow (replicas unassigned), red (primary shards unassigned)
Red status means some data is unavailable because primary shards are not assigned to any node
This typically happens when nodes leave the cluster and their primary shards have no replicas
Unassigned shards can be caused by disk space, node failures, or allocation rules
Red status affects only the indices with unassigned primary shards — other indices may still work

Common Causes

Node crashed or was removed from the cluster and it held the only copy of some primary shards
Disk usage exceeded the flood_stage watermark (95% by default), blocking shard allocation
Shard allocation rules preventing shards from being placed on available nodes
Corrupted index preventing shard recovery on node restart

Steps

1Check cluster health: curl -XGET 'localhost:9200/_cluster/health?pretty'
2Find unassigned shards: curl -XGET 'localhost:9200/_cat/shards?v&h=index,shard,prirep,state,unassigned.reason'
3Check allocation explanation: curl -XGET 'localhost:9200/_cluster/allocation/explain?pretty'
4Free disk space if above watermark: delete old indices or increase disk capacity on nodes
5Restart failed nodes and allow shard recovery to complete before taking further action

Related Items

linux-grafana-no-data-dashboard

More in System

windows-C000021A-status-system-process-terminatedWindows Error 0xC000021A — STATUS SYSTEM PROCESS TERMINATED

Critical

windows-C0000225-boot-configuration-errorWindows Error 0xC0000225 — Boot Configuration Error

Critical

windows-C000000F-boot-selection-failedWindows Error 0xC000000F — Boot Selection Failed

Critical

windows-80004005-unspecified-errorWindows Error 0x80004005 — Unspecified Error

Warning

windows-80070570-file-or-directory-corruptedWindows Error 0x80070570 — File or Directory Corrupted

Error

windows-system-0xc0000185Windows Error 0xC0000185 — Boot Device Inaccessible

Critical

Frequently Asked Questions

Red means some data is unavailable. If those are critical indices, yes, it is urgent. If they are old logs you can recreate, it is less urgent. The priority is to get primary shards assigned — check unassigned.reason for the fix.

Elasticsearch Cluster Red Status — Unassigned Shards and Data Loss Risk

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in System

Frequently Asked Questions