Updated on 2025-01-23 GMT+08:00

Intelligent Risk Detection for Elasticsearch Clusters

CSS provides intelligent O&M to help detect potential risks for clusters, along with risk handling suggestions.


Intelligent O&M for clusters supports the following functions:

  • Creating a Scan Task: Start a scan task to trigger an intelligent health check and diagnosis on the current cluster.
  • Checking the Risk Items of a Cluster: After a scan task is completed, check the risks identified by the task, confirm and handle these risks in a timely manner based on risk handling suggestions.
  • Deleting a Scan Task: Delete scan tasks that you no longer need. After a scan task is deleted, the system deletes all diagnoses generated by it.

The check items of intelligent O&M are as follows:

  • Check the current health status of a cluster. Red: Some primary shards are not allocated. Yellow: Some secondary shards are not allocated. Green: All shards have been allocated.
  • Check the number of nodes in a cluster and the number of AZs to evaluate the high availability status of a distributed Elasticsearch cluster.
  • Check whether index replicas are enabled. An index with no replicas may become unavailable in the case of a node failure. If local disks are used, this may even lead to data loss.
  • Check for Kibana index conflicts in a cluster.
  • Check disk usage. If the disk usage of a node is too high, new index shards may fail to be allocated to the node and the cluster performance may be affected.
  • Check whether the storage usage of a cluster's data nodes or cold data nodes is balanced. Unbalanced storage distribution may result in unbalanced cluster loads and increase read/write latency.
  • Monitor node disconnection and unavailability in a cluster for 5 consecutive minutes each time.
  • Check for nodes with too many shards. An excessively large number of shards will consume excessive node resources, increasing read/write latency and slowing down metadata update.
  • Check the sizes of all shards. A large shard may impact performance, occupy too much node memory, and slow down shard restoration during cluster scaling or fault recovery.
  • Check for any new version that is now available.
  • Check for snapshot creation failures or the absence of any snapshot creation records in the last seven days.


To send alarm notifications via SMN after a scan task is completed, you need to create a topic on the SMN console in advance. For details, see Creating a Topic. Additionally, you must get SMN service authorization. For details, see Authorizing Users to Use SMN.

Creating a Scan Task

  1. Log in to the CSS management console.
  2. On the cluster management page, click the name of the cluster for which you want to perform intelligent O&M. The cluster information page is displayed.
  3. In the navigation pane, click Intelligent O&M.
  4. On the Intelligent O&M page, click Scan in the upper left corner.
  5. In the Start Scan dialog box, set the task information, and click OK.
    Table 1 Configuring a scan task




    Name of a scan task.


    Brief description of a scan task.

    SMN Topic

    This parameter becomes available when Send SMN notification upon task completion is selected.

    Notification Level

    If you select Send SMN notification upon task completion, you need to set the risk level.

    If the scan result contains risks at this level or higher, SMN will send notifications that list all the risk items in the result.

  6. When the status of the scan task changes to Completed, you can check the cluster's risk items.

Checking the Risk Items of a Cluster

When a scan task is completed, you can check the scan result.

  1. Log in to the CSS management console.
  2. On the cluster management page, click a cluster name to go to the cluster information page.
  3. In the navigation pane, choose Intelligent O&M.
  4. In the scan task list, select a completed scan task. Click on the left of the task name to check its creation time, summary, ID, and the risk items found by it.

    Click on the left of a risk item to view its details, including the check item, risk description, and risk handling suggestion.

    You need to handle cluster risks in a timely manner based on the suggestions provided by the system.

    Figure 1 Risk items
  5. Select a scan task, and click Export Risk in the Operation column to download the scan result.

Deleting a Scan Task

You can delete scan tasks that are no longer needed. After a scan task is deleted, the system deletes all diagnoses generated by it.

  1. Log in to the CSS management console.
  2. On the cluster management page, click a cluster name to go to the cluster information page.
  3. In the navigation pane, choose Intelligent O&M.
  4. Locate the scan task you want to delete, and click Delete in the Operation column.
  5. Enter DELETE in the dialog box and click OK to delete the task.