This alert triggers when the es-rotate hasn’t completed successfully.
es-rotate is part of es-tools.
Its job is to rotate the Elasticsearch alias for the current day’s logs, and to delete old indexes.
If it doesn’t run, it’s fine to rerun manually on the affected host, using:
sudo -u nobody /usr/local/bin/es-rotate-passive-check
If there is a problem you can find out more information by checking the Elasticsearch cluster health.