Events and alerts not firing

Hi there,
I’m totally new here, so please bear with me.
I’m using Graylog 3.1.2 running on CentOS 8
I created an event as follows, and it does not fire, although I see the messages in the stream, and when I create the event I also see the message in the preview.

Beneath the summary of the event:

Event Summary

Details

Title: Telenet modem disconnected
Description: Port down or line protocol down on switch1 in computer room 1 - Telenet modem
Priority: Normal

Filter & Aggregation

Type Filter
Search Query: source:“172.16.11.4:” AND message:“Interface GigabitEthernet1/0/26, changed state to down”
Streams: Cisco Switches

Search within: 2 minutes
Execute search every: 1 minutes

Fields

No Fields configured for Events based on this Definition.

Notifications

Settings

Grace Period is set to 5 seconds
Notifications will include 1 messages

E-mail notification

Email Notification

how much messages you ingest overall in the system? Does you ingest minimal 1 message per minute?

Sorry for the late reply, Jan, I was out of the country for a few days. For the moment there are only a few switches sending their log to the system. This is a very small amount of messages, definitely less than 1 message per minute. I’ll add more messages from our mail relays. Do I have to include these messages in the same stream?

I’ve added some linux servers to send there log to the graylog system. It seems to be working like a charm now. There are plenty of log messages coming in now, and the alerts are generated as expected. Thanks!