Hello,

I want to monitor windows Log files for specific entries and trigger an alert if after 5 Minutes the problem still persists.

The message which the Windows eventlog is monitored for:
Network connectivity problems for [CAM1]

And this message is the OK event.
Device connectivity problem resolved: Connection established for [CAM1]

The collection of the data in the item works fine.

I want the trigger only to fire, if the ok message is not in the eventlog after 5 Minutes.

This is the item key:
eventlog[Application,({$ERROR}|{$INFORMATION}).*?(CAM1),"Er ror|Information",,,,]

and this the corresponding trigger
min(logseverity(/D432M954/eventlog[Application,({$ERROR}|{$INFORMATION}).*?(CAM1),"Er ror|Information",,,,],#1),{$TIME})=4

The Macro {$TIME} is set to 5m on the host.
The Macro {$ERROR} is set to "Network connectivity problems"
The Macro {$INFORMATION} is set to "Device connectivity problem resolved"

The problem is. The trigger is fired immediately if a Network connectivity problem appears.
What is wrong with my triggers?

Thank you
Best regards
Manuel