I am setting up a watch group for a text log to look for two pieces of text. What is the difference between adding a second text key, versus using the second field in the first text key?
A text key is one or two pieces of text in some combination. Each key in the watch group is applied to every line in the log that LogWatcher reads out. So, if you want to look for lines with BOTH pieces of text occurring, use one key with two fields, and make sure you specify ‘Both Key 1 and Key 2′. However, if you want to look for any lines that contain either of two keys, you can define two separate keys with one field each, OR, you can define a single key with two fields, and make sure you specify “Either Key 1 or Key 2’. This second option makes for a cleaner tree.
Related Questions
- I am setting up a watch group for a text log to look for two pieces of text. What is the difference between adding a second text key, versus using the second field in the first text key?
- I am setting up a watch group for an NT event log, and I am ready to define a key. How many of the fields do I need to specify?
- If there isn a Neighbourhood Watch group locally, how can I go about setting one up?
