Elasticsearch Split Brain — Cluster Partition — Incident Report

On January 21, 2026, a transient network partition isolated AZ-a from AZ-b/c for ~90 seconds. Elasticsearch 7.17 cluster master voting split: two nodes separately elected themselves as master for overlapping windows. Inconsistent cluster metadata produced duplicate indexing targets and search skew. Recovery required full cluster restart with forced allocation awareness + restoring correct quorum settings (later migrated to voting-only nodes and Elasticsearch 8 discovery APIs). MTTR 3 hours.

Primary: Insufficient quorum constraint for master elections during partition — configuration allowed two sides to form independent majorities incorrectly due to asymmetric node loss pattern + stale zen2 config.

Contributing: Mixed dedicated master topology migration incomplete; JVM heap pressure delayed leader responses exacerbating election churn.

P1, MTTR 3h, financial analytics dashboards stale / contradictory.

1. Why inconsistent search? → Divergent shard routing maps.
2. Why divergent? → Two masters accepted conflicting updates.
3. Why two masters? → Partition split electorate incorrectly.
4. Why incorrect electorate? → minimum_master_nodes / voting config wrong for topology.
5. ROOT CAUSE: Cluster upgrade checklist did not validate quorum math after adding coordinator-only nodes.

• Dedicated master nodes + voting-only configuration peer-reviewed
• Automatic zen discovery smoke test in staging under simulated partition
• Snapshot SLAs + restore drill quarterly

[2026-01-21T03:19:12,441][WARN ][o.e.c.c.Coordinator ] master not discovered yet: have discovered possible quorum [...]

ClusterBlockException[blocked by: [SERVICE_UNAVAILABLE/2/no master]];

Distributed consensus incidents are long MTTR — invest in partition simulation tests.