We had to bounce a few Elasticsearch nodes due to a server patch after which we ended up with unassigned shards and a cluster in red status. We ran the reroute API after which the unassigned shards were assigned and the cluster returned to green status.
We now see that there are deleted documents in several indices.
A couple of questions in this regard.
- Is there a way to recover the deleted documents?
- What could have caused the deletion of the documents since no one as far as we're aware ran an explicit delete command?