Hey there @jancodenew 
Watcher here isn't specific to Elastic Security/SIEM, so I've added the stack-alerting and stack-reporting tags for additional visibility. It's worth sorting through a few of those topics as some seem pretty relevant.
Based on
body[{"message":"Reporting generation failed","reason":"Error: Request Timeout after 30000ms"}]"
It's sounding like your report gen is timing out, so that's a good place to start. You can either try increasing the timeout, or debugging around your report generation to see why it might be timing out. Once resolved if you're still having issues, the watcher email action docs are probably the next best source, but please feel free to report back with additional details as someone may be able to provide more details from there. Hope this helps! 