Hi Robert,

I'd like to understand better what you mean here.

The flow I posted triggers on alert update (tested on london and madrid). So when overall event count changes its value and matches the condition (value greater than 2 in my example), so it actually triggers on the alert record update and it's not scheduled, unless I'm missing something here.

I'm happy to share the flow.

Gp

Try to push the same event through 3 times. If the contents of it don't change you will notice that the last update time on the alert doesn't iterate in my experience although the overall count does increase. This was done so there wouldn't be performance issues from what I understood from product management. The issue though is that alert management rules are run on a scheduled not on create/update so if the alert last update time isn't iterated it won't show up in the query. 

I did something exactly like this where the event count needed to be above 10 to create an incident. Can you show a screenshot of the alert after you push that same event through 3 times because I would be curious to see if the last update time is iterated (it shouldn't be unless the description or something is changing). Thanks.