Geneos - What are FKM clear key's behaviours?

The FKM clear key's primary role is to remove the trigger made by the FKM keys. That is when a matching "clearKey" is detected alongside the partnering FKM keys.

Say we have the word "error" as the fail key and the word "clear" as the clear key.  

Scenario 1: Fail key was keyed in the log file and then the sampling ran, and just a few seconds later the clear key was inputted in the log file and then the second sampling ran. 

In this scenario, the fail key will be detected first.  Hence, if you have rule in place, alerts will be fired, not unless you have a certain delay embedded in the rule.  But on the next sampling, as the clear key will already be detected by then, the existing alert will be cleared.

Scenario 2:  Fail key entered on the first line and then the clear key entered on another line, but were both detected within the same sampling period. 

In this scenario, no alerts will be fired as both fail and clear key were detected within the same sampling run.  Previous alerts will also be cleared.

Scenario 3: Fail key and clear key are on the same line of the monitored log file. 

Similar to scenario 2, no alerts will be fired as both were detected under the same sampling run.  Previous alerts will also be cleared.

If you wish to verify the above scenarios, I'd suggest you add the FKM2 debug setting on the Netprobe as it would give out specific details in the netprobe log file.