I recently created a rule to automatically create a ServiceNow ticket any time a particular log message is seen. This was created using Log Analyzer which automatically created a corresponding alert. It simply looks for the text 'LINK_DEAD' in any syslog message and is supposed to then trigger an alert and ticket creation. I am not seeing the alert ever trigger despite seeing the log messages come through. I included some screenshots of the basic configuration. If anyone has experience with something like this, I would appreciate any sort of feedback!
Log Analyzer Rule
Alert generated from log analyzer rule
Example of event in log which should have triggered the alert.