Syslog Server - Flag/Counter Time Interval - Not working as expected.

Hi I have just upgraded to 9.3.4 syslog server and I am having trouble with setting up new actions with timers counters.

I have approx 20 rules defined and approx 5 of them need a Time Interval Filter.

These filter syslogs from various cisco hardware, one being Fan Faults.

The intial Filter is set to Include = "%FAN" "%ENVIRONMENT" - works a treat

the 2nd filter is a Flag/Counter for Time Interval - currently set to 60 mins

Actions are . 1 = display in ErrorFan,

                     2. Send snmp trap to server 1

                     3. forward syslog to server 2

When the timer is enabled the syslogs only show 1 every 60 mins for all devices. We currently have 8 bits of kits reporting fan rotation errors etc, and with the timer set I am only seeing the same device or two every hour - not all 8.

When i remove the timer the syslogs come through every 30sec-1min intreval from each device.

In the Syslog Help guide it states:

"When a message arrives from the host "central-router.company.com" that
contains the words "link down" in the text, the first filter (Message text) will
be true. The Time interval filter is then processed. The first time the Time
interval filter is processed, the result will be true, and the actions that
follow will be performed. A countdown timer using the specified value is
started. In the above example it is 15 minutes. If another message arrives from
the same host that contains the words "link down", the first filter (Message
text) will again be true. If the countdown timer has not reached zero, the Time
interval filter will return false and the actions following will not be
performed."

I cannot get this to work 'per host' it just stops all messages coming through from ll devices except 1.

So I dont think it is correctly storing 'counter/flag' for each host and is just setting the filter for the first message received from any host.

I would also like to know if 60 mins is the maximum, as this can still be quite annoying for backend systems, and It would be great to see this increase to maybe 3 or 4 hours - or to be able to put a once a day for each host filter on. Is there a way around this? for instance can i put a 2nd time interval timer on (when it works properly) for a further 60mins etc so i would get 120 mins in total?