_DataId Health Monitoring

Tortoise · April 17, 2026, 8:43am

Index based threshold can be used but it will not serve your need...If i understand you usecase...

Index => ABC
In this index we continuously receive data
there is one field _dataId > this will have various values example > windows/mac/os/android

Now the rule should run and tell that in last 15 minutes we have not received data for windows/mac if the count of these records are 0 ?

actually if the source is fixed (windows/mac/os/android) in that case we will have to go for Watcher as shared here :

because in rule it will alert that last 15 minutes there is no data but for which source there is no data that output will not be possible.

Thanks!!

Topic		Replies	Views
Log Stoppage alert from critical server - ELK7.12 Elastic Security elastic-stack-alerting	7	1303	July 28, 2021
Get Alert per Log of All Indexes - Watcher Elasticsearch elastic-stack-alerting	1	409	January 8, 2020
How to create alert when some component stopped to send data Elasticsearch	4	913	September 21, 2017
Alert on no data per source? Elasticsearch	12	629	March 28, 2025
Data source Not Sending Data Logstash	4	329	April 21, 2021