# Automating ELK Health Check

## Introduction

While I am not a programmer, in cybersecurity, scripting has always been a must skill to upgrade my skillset, and GoLang is gaining popularity specially among cybersecurity professionals for reasons I won't be talking about in this blog post. So, as a start, I tried to answer my needs in troubleshooting an Elasticsearch clusters and automate some of the frequent checks using GoLang since Elastic Stack is my favorite set of tools for threat hunting.

**GitHub project repository:** <https://github.com/H1L021/ELK_Health_Check>

## ELK Health Check

![Running ELK Health Check](/files/-MWLlh7bTHIbM_m283AA)

This is a script that runs multiple basic checks for an Elasticsearch cluster health and saves everything to text files. The script runs the following checks:

1. **Unavailable nodes based on the number of nodes you provide in your cluster.**
2. **Checks indices status (Green, Yellow, Red). Warns you if it detects Yellow indices or Red ones.**
3. **Verifies cluster's health using `_cluster/health` API call.**
4. **Checks allocation status using `_cat/allocation` API call**
5. **Looks and warns you for unassigned shards;**
6. **Creates a folder in current path and saves every output to files for later usage.**

{% hint style="warning" %}
This script only supports cluster nodes using TLS for the moment.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.unh4ck.com/github-projects/automating-elk-health-check.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.