From 2b1a947b50849a715ab2740c86c4d88eb9e60b48 Mon Sep 17 00:00:00 2001
From: bmcder <33434002+bmcder@users.noreply.github.com>
Date: Thu, 19 Apr 2018 08:47:37 +0000
Subject: [PATCH] Create ListCountOfEmailsRecievedByRecipientDomain

Parsing an SMTP log to list the count of emails recieved by Recipient Domain
---
 Log Analytics/ListCountOfEmailsRecievedByRecipientDomain | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 Log Analytics/ListCountOfEmailsRecievedByRecipientDomain

diff --git a/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain b/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain
new file mode 100644
index 0000000..1327ed9
--- /dev/null
+++ b/Log Analytics/ListCountOfEmailsRecievedByRecipientDomain	
@@ -0,0 +1,7 @@
+SMTPLogs_CL 
+| parse RawData with Date " " Time " " CIP " " CSUserName " " SSiteName " " SComputerName " " SIP " " SPort " " CSMethod " " CSUriStem " " csuriquery " " *
+| where csuriquery contains "TO:<"
+| extend recipientdomains = extract("@(.*)>",1,csuriquery)
+| project recipientdomains, csuriquery 
+| summarize emailsrecieved=count(csuriquery) by recipientdomains
+| sort by emailsrecieved desc