We are tring to use eventlog to check eventlog "Application" and "System" and report problems (Error level). We have configured item like this:

eventlog[Application,,Error,,,100,all]

Agent is configured with this parameters:

ServerActive=zabbix01,proxy01
BufferSend=90
BufferSize=1000
RefreshActiveChecks=3600

Trigger associated with item is:

{windows-basicschecks:eventlog[Application,,Error,,,100,all].logseverity(0)}

=4 &

{windows-basicschecks:eventlog[Application,,Error,,,100,all].nodata(180)}

=0

And an action (with multiple error report) that send a mail when trigger fireup ...

When we apply template (windows-basicschecks) with eventlog item, zabbix sent many many notification about problems from the first row entry in eventlog (in my case from 2010!!!) ...

Multiple error report setted is a must.

Agent must have a "First Time Reading" option or an option in the item for reading only the last (for example) 100 rows or last day and not all log since it was created ...

For us this is a bug ... can you confirm?