ELK 8.11 Basic License – Alert if logs with specific field are missing for 30 mins

Alex_Xavier · February 23, 2026, 3:16pm

Hi,

I’m using ELK Stack 8.11.0 (Basic License) and need to trigger an Email or SMS alert if logs with a specific field (example: state:132) are not received for 30 minutes.

Logs normally arrive every few seconds. If no logs arrive for that field within 30 minutes, I want an alert.

Questions:

Can this be done with Basic license Kibana Alerting?

Should I use Index threshold rule or ES query rule?

How to detect missing logs condition?

How to configure Email or SMS alert (via webhook/SMS gateway)?

Thanks!

pestevao · February 23, 2026, 11:09pm

Take a look at ElastAlert 2 - GitHub - jertel/elastalert2: ElastAlert 2 is a continuation of the original yelp/elastalert project. Pull requests are appreciated!

Topic		Replies	Views
Alert when data is missing? Beats elastic-stack-alerting , filebeat	4	2378	July 20, 2022
Watcher if log occours Kibana elastic-stack-alerting	3	250	September 16, 2021
Log Stoppage alert from critical server - ELK7.12 Elastic Security elastic-stack-alerting	7	1291	July 28, 2021
Trigger an alert on a condition Elasticsearch elastic-stack-alerting	6	2631	March 2, 2020
Log alerting: trigger alert when specific log string has not been logged on specific time Kibana elastic-stack-alerting	1	188	October 5, 2022

ELK 8.11 Basic License – Alert if logs with specific field are missing for 30 mins

Related topics