I have a log:
date time USER User_IP Device_ID
02.09.2018 18:01:34 user1 ip1 2C5DFVG78930R7JOAHP19S8USO
02.09.2018 18:02:34 user2 ip2 androidc78697991
02.09.2018 18:03:33 user3 ip3 QUBSCJ6AM94NPCNSPIL3H4N4HC
02.09.2018 18:04:33 user4 ip4 ITqHKJMNOqwM5q5AB1QCF1C9MOJMO8
02.09.2018 18:05:32 user5 ip5 4B88FFF650C950CE
02.09.2018 18:06:32 user6 ip6 9GB9021P5wsw2927D0A3CJ55KKD89S
02.09.2018 18:07:31 user7 ip7 SEC1EE05FBA56984
02.09.2018 18:08:30 user8 ip8 QUBSCJ6AMqsw94NPCNSPIL3H4N4HC
02.09.2018 18:09:30 user1 ip1 SV863D5OL539F94wFUI7E41O8JS

How do I get a notification about changing the value of the field Device_ID?

Such a search does not give the relevant values:

| bucket time span=10m 
| stats values(time) values(User_IP) values(Device_ID) dc(Device_ID) AS countDevice_ID by USER
| search countDevice_ID>1