Alerting on field value change

mohsin106 · November 14, 2025, 6:52pm

Sorry about the confusing, I’m trying to monitor on-change data when the value for a specific field changes from true to false and when it changes from false to true. The ‘empty’ field is what I want to monitor

Sample data looks like this:

{
  "_index": "latest-card-state",
  "_id": "d0zkoUWm0Csk8ESoqS3yeBZHAAAAAAAA",
  "_version": 16,
  "_source": {
    "parent": "SLOT-1",
    "interface_name": "LM-1",
    "description": "C-Band Enhanced 16xQSFP28",
    "type": "LINECARD",
    "hardware_version": "002",
    "oper_status": "INACTIVE",
    "empty": "true",
    "mfg_name": "abcd",
    "part_no": "abc-def-901",
    "cribl_pipe": "server-gnmi",
    "@timestamp": "2025-11-14T17:09:47.059Z",
    "telegraf_agent": "ws-deployment-6cd88cdd4c-tkd4h-telegraf-agent",
    "name": "vendor",
    "serial_no": "123456",
    "device": "dev1lab.mgt.net",
    "timestamp": 1763140187
  },
  "fields": {
    "@timestamp": [
      "2025-11-14T17:09:47.059Z"
    ]
  }
}

Topic		Replies	Views
Alerting based on change of field values Kibana elastic-stack-alerting	3	1002	November 18, 2020
Alert changes in documents Elasticsearch elastic-stack-alerting	1	264	January 1, 2024
Kibana: how to set up alerts on a boolean field Kibana	2	215	January 2, 2023
Event based trigger of watcher Kibana elastic-stack-monitoring	4	932	November 12, 2020
Can I create Alert considering field value of the index? Logs elastic-stack-alerting	3	461	January 6, 2023

Alerting on field value change

Related topics