Have you set the event generation mode to multiple on the trigger ?

set to multiple in the trigger from event generation mode and then check.

Thanks for the suggestions - Unfortunately no this didn't work. I think tjhe problem stems from how the trigger logeventid() works, "Event ID of the last log entry matching regular expression T" So whats happening here is I'm collecting the entire Security event log, every ~15m and then I only trigger on whatever the last log happens to be in that list and ignores the rest of it.


Another problem I'm having is if by chance I actually do manage to trigger on the event I wanted, again going with example of an account creation of 4720 - Once it polls/checks again, because that logid won't be at the top of the list the second time it will conclude that the problem has resolved and close out.

I'm not sure if theres a great solution for this simply because of how logeventid() works. I may have to use a different trigger function.