Alerting based on change of field values

Kibana version : 7.9

Elasticsearch version : 7.9

APM Server version : 7.9

APM Agent language and version : java 1.8

Fresh install or upgraded from other version? fresh install

Is there anything special in your setup? For example, are you using the Logstash or Kafka outputs? Are you using a load balancer in front of the APM Servers? Have you changed index pattern, generated custom templates, changed agent configuration etc. :-no

I have new scenario where I have to trigger an email when the value of a field changes.
For example I have the service statuses as OK, WARN and CRITICAL.
I have to trigger an email when the service status changes from WARN to CRITICAL .I tried to create alerts based on values of service statuses.

I I set up Alerting and I added a condition if the value is CRITICAL in the last 5 minutes send an alert. The trigger happened every minute. I keep getting the alert every minute. My use case is only if the value changes to a new value then send the alert .. How can that work . Currently it keeps sending the alert as it continuously matches the conditions. Only if the value changes an alert needs to be sent

hi @anjana1,

I believe this is an outstanding enhancement request for the Kibana alerting-framework, but cannot find the issue. Can you create an ER here: https://github.com/elastic/kibana/issues/new/choose

@thomasneirynck Could you please let me know if this scenario is/or will be covered in the upcoming releases. Because this seems to be very common use case and does not understand why it is not in place yet.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.