Runbook

Unintentional deletion or corruption of data in Elasticsearch indices

Overview

This incident type refers to the unintentional deletion or corruption of data in Elasticsearch indices resulting in data loss. Elasticsearch is a distributed search and analytics engine that allows users to store, search, and analyze large volumes of data. If data is lost or corrupted in Elasticsearch indices, it can result in missing or inaccurate information, which can impact business operations and decision-making. This incident requires immediate attention to recover the lost or corrupted data and prevent it from happening again in the future.

Parameters

Debug

Check the status of Elasticsearch nodes

Check the status of Elasticsearch indices

Check the disk usage of Elasticsearch indices

Check the replication status of Elasticsearch shards

Check the Elasticsearch cluster health

Check the Elasticsearch recovery status

Repair

Use Elasticsearch snapshot and restore: If Elasticsearch snapshot and restore functionality is configured, use it to restore the lost or corrupted data.

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.