Elasticsearch Policies

Policy name

Duration

Conditions

Category

Description

Cluster Health Degraded to Red

15 min

elasticsearch.cluster_health.status has a static threshold < 1

CRITICAL

The cluster health status is red which means that one or more primary shard(s) and its replica(s) is missing.

Cluster Health Degraded to Yellow

15 min

elasticsearch.cluster_health.status is between 1 and 1.8

WARNING

The cluster health status is yellow which means that one or more shard replica(s) is missing.

Elevated JVM Heap Usage

15 min

elasticsearch.jvm.mem.heap_used_percent has an upper baseline deviation

WARNING

This policy will generate a warning event when the Elastic Search JVM’s heap usage is above 80%.

Disk space is more than 75% used on data node

netuitive.linux.diskspace.avg_byte_percentused has a static threshold >75

WARNING

The average utilization across your Elastic Search data node storage devices are more than 75%.

Elevated Fetch Time

30 min

netuitive.linux.elasticsearch.indices._all.search.fetch_avg_time_in_millis has an upper baseline deviation

WARNING

This policy generates a warning event if the elasticsearch.indices._all.search.fetch_time_in_millis metric deviates above the baseline for 15 minutes or more.

Elevated Flush Time

30 min

netuitive.linux.elasticsearch.indices._all.flush.avg_time_in_millis has an upper baseline deviation

WARNING

This policy generates a warning event if the elasticsearch.indices._all.flush.total_time_in_millis metric deviates above the baseline for 15 minutes or more.

Elevated Indexing Time

30 min

netuitive.linux.elasticsearch.indices._all.indexing.index_avg_time_in_millis has an upper baseline deviation

WARNING

This policy generates a warning event if the elasticsearch.indices._all.indexing.index_time_in_millis metric deviates above the baseline for 15 minutes or more.

Reject Count Greater Than Zero

5 min

elasticsearch.thread_pool.*.rejected has a static threshold >0

WARNING

“This policy generates a warning if any of the Elastic Search thread pools has a “rejected” count greater than 0.”