Can anyone help me understand why one of these works and the other doesn't? The difference is the comparison operator in the Event data. The one that works is "=" and the one that doesn't is "!=" I don't understand why one would work if the other doesn't unless the one that works only appears to work for some reason. Anyway, here are the two xml queries. If anyone can help me understand, thank you in advance!
Works:
<QueryList><Query Id="0" Path="Security"><Select Path="Security"> *[System[(EventID='5136')]] and *[EventData[Data[@Name='OperationType'] and (Data='%%14675')]]</Select></Query></QueryList>
--------------------------------------------------
Doesn't Work:
<QueryList><Query Id="0" Path="Security"><Select Path="Security"> *[System[(EventID='5136')]] and *[EventData[Data[@Name='OperationType'] and (Data!='%%14675')]]</Select></Query></QueryList>