I have a problem or misunderstanding when filtering by explicit recipient email address for Microsoft Exchange Server 2007/2010 Log Format (comma separated).
We generate daily recipient addresses reports, filtered by smtp-out connector id.
Let's say there is a recipient address "mail.address@example.com" with 24 mails sent. I now want to see the sender addresses which sent to this email address. These 24 mails perfectly matches the Exchange Logfiles (checked manually).
When I generate a report, filtered by the explicit email address "mail.address@example.com" now there are 50 different recipient addresses and 87 mails - I expected only 1 recipient address due to filtering.
Results from command line and web GUI are the same.
Command line used: Sawmill.exe -p mail_exchangeserver1 -a grf -rn single_page_summary -ghtd C:\outputdir -f "((date_time within '01/Jan/2013 __:__:__') and (connector_id matches 'SMTP-Out') and (recipient_address matches 'mail.address@example.com'))"
1. "RE: Filtering by email recipient address"
In response to message #0
LAST EDITED ON May-10-13 AT 01:44 PM (PDT)
You used the "matches" operator for recipient_address which is meant to match a wildcard expression. To filter on an exact value, try using the "within" operator in the filter expression.
Sawmill.exe -p mail_exchangeserver1 -a grf -rn single_page_summary -ghtd C:\outputdir -f "((date_time within '01/Jan/2013 __:__:__') and (connector_id matches 'SMTP-Out') and (recipient_address within 'mail.address@example.com'))"
This should return only statistics for that address. However, I would expect that "matches" would still have filtered properly on a single address. Does "within" return proper results?
Printer-friendly copy
