From 040025b7f5f618f1d6f7aba43e15ff5a7d2ad08c Mon Sep 17 00:00:00 2001
From: bmcder <33434002+bmcder@users.noreply.github.com>
Date: Thu, 19 Apr 2018 08:50:01 +0000
Subject: [PATCH] Create ListCountOfEmailsRecievedByRecipientAddress

A count of emails recieved by recipient email address from an SMTP log
---
 ListCountOfEmailsRecievedByRecipientAddress | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 ListCountOfEmailsRecievedByRecipientAddress

diff --git a/ListCountOfEmailsRecievedByRecipientAddress b/ListCountOfEmailsRecievedByRecipientAddress
new file mode 100644
index 0000000..267b3d9
--- /dev/null
+++ b/ListCountOfEmailsRecievedByRecipientAddress
@@ -0,0 +1,7 @@
+SMTPLogs_CL 
+| parse RawData with Date " " Time " " CIP " " CSUserName " " SSiteName " " SComputerName " " SIP " " SPort " " CSMethod " " CSUriStem " " csuriquery " " * 
+| where csuriquery contains "@"
+| extend recipientaddress = extract(@"<(.*)>",1,csuriquery)
+| project recipientaddress, csuriquery 
+| summarize emailsrecieved=count(csuriquery) by recipientaddress
+| sort by emailsrecieved desc