I need to search through my email logs to determine who sends emails to personal accounts (e.g. gmail, yahoo, etc).
Right now my search looks like this:
index=exchange_logs recipient_domain="yahoo.com" OR recipient_domain="gmail.com" OR recipient_domain="google.com" OR recipient_domain="hotmail.com" OR recipient_domain="hotmail.co.uk" .....
When I want to add new personal email domains, I need to edit the search and manually add another "OR" line.
I was wondering if I can create a multivalue field that will contain all personal domains and then create a search where `recipient_domain=*any value from the multivalue field*`.
This will make my search look much cleaner.
p.s. I was able to create a multivalue field that looks like this: `"comcast.net aol.com att.net yahoo.com hotmail.com gmail.com"`, but now I don't know how to compare recipient_domain to each value.
↧