Trying to make syslog filter

Hello guys, I am trying to make a custom filter that receives message with subtype="anomaly", I have the following message:

date=2022-10-20 time=17:37:22 devname="XXXXXXX" devid="XXXXXXX" logid="0000000013" type="traffic" subtype="anomaly" level="notice" etc...

and I have the following filter:

message[subtype="anomaly"]

However, it is not filtering these types of messages. What I am doing wrong in the syntax?

Thanks for your help! Regards, Cézar

filter prtg syslog