Elasticsearch Troubleshooting Cookbook: Common Runtime Errors and Fixes
OS-Level Limits
vm.max_map_count too low
echo 'vm.max_map_count = 524288' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
max user processes too low
sudo tee /etc/security/limits.d/99-elastic.conf <<'EOF'
elastic soft nproc 8192
elastic hard nproc 8192
EOF
file-descriptor ceiling
sudo tee -a /etc/security/limits.conf <<'EOF'
* soft nofile 131072
* hard nofile 131072
elastic soft memlock unlimited
elastic hard memlock unlimited
EOF
bootstrap checks failure
Add to elasticsearch.yml:
bootstrap.memory_lock: true
Search & Index Settings
Scroll/Deep-paging limit
Runtime fix:
curl -XPUT localhost:9200/shop/_settings \
-d '{"index.max_result_window":500000}'
Template fix:
{
"order": 1,
"template": "shop*",
"settings": {
"index.number_of_replicas": 1,
"index.number_of_shards": 2,
"index.max_result_window": 2147483647
}
}
Unassigned Shards
Identify
curl -s localhost:9200/_cat/shards?v | grep UNASSIGNED
Common causes & remedies
| Cause | Command |
|---|---|
| Delayed allocation | curl -XPUT localhost:9200/_all/_settings -d '{"index.unassigned.node_left.delayed_timeout":"30s"}' |
| Insufficient nodes | Add nodes or lower replica count: curl -XPUT localhost:9200/idx/_settings -d '{"index.number_of_replicas":1}' |
| Allocation disabled | curl -XPUT localhost:9200/_cluster/settings -d '{"transient":{"cluster.routing.allocation.enable":"all"}}' |
| Disk watermark | Raise watermark: curl -XPUT localhost:9200/_cluster/settings -d '{"transient":{"cluster.routing.allocation.disk.watermark.low":"90%"}}' |
| Data lost | Force empty primary: curl -XPOST localhost:9200/_cluster/reroute -d '{"commands":[{"allocate_empty_primary":{"index":"orders","shard":0,"node":"node-3","accept_data_loss":true}}]}' |
Read-Only Index
Symptom: cluster_block_exception [read-only index]
Quick unblock:
curl -XPUT localhost:9200/_all/_settings \
-H 'Content-Type: application/json' \
-d '{"index.blocks.read_only_allow_delete":null}'
Root fix: free disk or add storage.
Cluster RED
- Check health:
curl localhost:9200/_cluster/health?pretty - List shards:
curl localhost:9200/_cat/shards - Recover:
- If shards are recoveralbe → add missing nodes.
- If data is gone → reindex from source or snapshot.
- If index is disposable → delete and recreate.
JVM & GC Issues
- Upgrade JDK ≥ 8u202.
- Reduce heap to ≤ 50 % RAM.
- Tune:
# jvm.options
-XX:+UseG1GC
-XX:MaxGCPauseMillis=200
-XX:InitiatingHeapOccupancyPercent=30
Split-Brain Prevention
elasticsearch.yml for 7.x:
cluster.name: prod
node.name: ${HOSTNAME}
node.master: true
node.data: true
discovery.seed_hosts:
- es-01
- es-02
- es-03
cluster.initial_master_nodes:
- es-01
Logstash Pitfalls
Pipeline creation failure
Use forward slashes in paths:
input { file { path => "C:/logs/app/*.log" } }
Field type clash
filter {
mutate { rename => { "host" => "host.name" } }
}
Java Client Missing Method
POM excerpt:
<dependency>
<groupId>org.elasticsearch.client</groupId>
<artifactId>elasticsearch-rest-high-level-client</artifactId>
<version>7.10.1</version>
</dependency>
<dependency>
<groupId>org.elasticsearch</groupId>
<artifactId>elasticsearch</artifactId>
<version>7.10.1</version>
</dependency>
Ensure versions match exactly across all ES artifacts.
