What do Elasticsearch cluster colors mean?

Green: all shards assigned. Yellow: all primary shards assigned but some replicas are not. Red: at least one primary shard is unassigned — data loss risk.

How do I prevent cluster red status?

Maintain adequate disk space (below watermark thresholds), run 3+ data nodes for fault tolerance, monitor shard allocation, and set up alerts on cluster health.

Fix Elasticsearch Cluster Red Status — Restore Index Health

Direct answer

Elasticsearch cluster red status means one or more primary shards are unassigned, indicating potential data loss. Use GET _cat/shards to identify unassigned shards, then check _cluster/allocation/explain for the reason — typically disk space, node failure, or configuration issues.

Structured breakdown

Cause

A red cluster means at least one primary shard is unassigned. Check unassigned shards with _cat/shards, identify the cause with _cluster/allocation/explain, and resolve disk space, node, or configuration issues.

Fix

Run GET _cat/shards?v&h=index,shard,prirep,state,unassigned.reason to find unassigned shards
Check disk space on all nodes clear space if watermark threshold is exceeded
Use POST _cluster/reroute with allocate_stale_primary for recoverable shards

Outcome

All primary shards are assigned, cluster status returns to green, and shard allocation is stable.

Common causes

Node failure causing primary shard loss
Disk space full watermark threshold exceeded
Corrupt index or shard data
Insufficient nodes for replication requirements
JVM heap pressure or garbage collection issues

Fix steps

1
Run GET _cat/shards?v&h=index,shard,prirep,state,unassigned.reason to find unassigned shards
2
Check disk space on all nodes clear space if watermark threshold is exceeded
3
Use POST _cluster/reroute with allocate_stale_primary for recoverable shards
4
Add nodes to the cluster if replication factor exceeds available node count
5
Monitor JVM heap and increase if consistently above 75% utilization

Analyze this issue

Paste the issue description, logs, or symptoms into the fix tool to inspect this problem with your own runtime details.

kintify fix

Need more context?

If the standard steps do not resolve the issue, open the fix tool and include the current logs, configuration, and deployment changes.

Open Fix Tool

Frequently asked questions

These examples show the commands, logs, and configuration patterns most often used to verify this issue.

Command examples

GET _cat/shards?v&h=index,shard,prirep,state,unassigned.reason
GET _cluster/allocation/explain
GET _cat/nodes?v&h=name,disk.used_percent,heap.percent

Log snippet

cluster health status: RED
number_of_nodes: 3
unassigned_shards: 5
initializing_shards: 0
relocating_shards: 0

Config snippet

# elasticsearch.yml
cluster.routing.allocation.disk.watermark.low: 85%
cluster.routing.allocation.disk.watermark.high: 90%
cluster.routing.allocation.disk.watermark.flood_stage: 95%