Thanks Curtisi.
I had created a similar rule.
ServiceWarning.EventInfo=*Error* & ServiceWarning.ToolAlias=*Windows system* which worked for me and did generate an email notification as well.
Problem was I could not get the agent name to appear in the email. I want LEM to look for errors in event logs coming from each server and notify when 10+ for that server with the server name in the email subject so that we know which server to look into.
I have used $Agent & $DetectionIP in the email template, but it does not return any data in the email.
Our current event log system does this, but uses custom software and Lotus Notes as the database manager. We are looking to retire Lotus Notes and so testing LEM.
Email current system generates
After applying filters and based on data as of 2018/05/18 00:05:04 local time, the server SRVXXX01
has: 12 Errors over the last 24 hours in the System Event Log
Please check the Pyrotek Event Log Audit database or the Event Viewer on the
specified server for the individual errors and possible solutions.