Unassigned Shard Red Cluster Spiral

critical

reliabilityUpdated Feb 6, 2026

When primary shards cannot be assigned (elasticsearch.cluster.health == 2), data becomes unavailable and cluster enters red state. This occurs from insufficient nodes, misconfigured shard allocation rules, or node failures during insufficient replica coverage.

Sources

How to Monitor Elasticsearch Cluster Health with the OpenTelemetry ...oneuptime.com

Top 10 Elasticsearch Metrics to Monitor Performancesematext.com

Elasticsearch metrics | Elastic Docswww.elastic.co

Technologies:

ElasticsearchSymptoms of this issue are visible in Elasticsearch metrics and logs

elasticsearch.cluster.health

elasticsearch.cluster.shards

elasticsearch.cluster.data_nodes

How to detect:

Alert immediately when elasticsearch.cluster.health transitions to 2 (red) or elasticsearch.cluster.shards{state='unassigned'} > 0 for primary shards persists beyond 1 minute. Check elasticsearch.cluster.data_nodes count against expected capacity.

Recommended action:

Immediately investigate via _cluster/allocation/explain API to identify why primaries cannot allocate (disk space, shard filtering, index.routing.allocation rules). If data loss occurred, consider restoring from snapshot. To prevent: maintain at least N+1 node redundancy where N is max number of replicas, monitor delayed_unassigned_shards, and set appropriate replica counts based on failure domain requirements.