Ok i find my mistake, now im wondering if it possible at all to make monitoring on Log file for string and when trigger appear to go in OK status after of period of time ?!?!?

https://support.zabbix.com/browse/ZBX-11444 "Recovery expression - OK events are generated if the problem expression evaluates to FALSE and the recovery expression evaluates to TRUE";

Hi all,
It is quite old post, but the same question for me, how to resolve such triggers?

I've achieved it for Windows log monitoring:
1. Set up your log item with regexp, so it only obtain strings with errors you want to be warned about.
2. Use nodata() function for your trigger.

Example of my Windows log trigger:
In my case when bad thing happens, it starts spamming the Event log with event 10541 all the time (like 30 time per minute). So the item collects these errors. And nodata()=0 means, there's some data, so new errors are present. This expression also works for recovery - if there's no new item obtainings (no new events with ID 10541) during 1 minute, trigger is closing itself.