Thank you for your reply.
I can confirm that i have not set the value to false, all advanced settings are default.
I will take a look at the event filter.
If i understand, the event filtered can always be used to trigger alert, but there are not indexed in ES, that right ?