Hi All,
I have a dashboard that accepts user input for a username to search emails.
Im trying to display Recipients address that contain the username as a partial match.
EG- the value of SenderAddress will match on RecipientAddress:
SenderAddress=John.doe
will match:
RecipientAddress=doefamily@gmail.com
RecipientAddress=j.doe@gmail.com
RecipientAddress=family@doe.net
I tried via regex to extract the first and lastname fields to use for matching, using eval and match but i cant get it to work.
index=azure sourcetype=ms:o365:reporting:messagetrace SenderAddress=john.doe@mycompany.com
| rex field=SenderAddress "(?[^\.]+).(?.*?)\@"
| eval results=if(like(RecipientAddress,user_wild2),"Yes","No")
| table results user_wild user_wild2 RecipientAddress
I have also tried
index=azure sourcetype=ms:o365:reporting:messagetrace SenderAddress=john.doe@mycompany.com
| rex field=SenderAddress "(?[^\.]+).(?.*?)\@"
| eval results2=if(like("%".(RecipientAddress)."%","%".(user_wild2)."%"),"Yes","No")
| table results user_wild user_wild2 RecipientAddress
The regex works but it wont match, for example the table results are:
**results** **user_wild** **user_wild2** **RecipientAddress**
No John Doe doek@gmail.com
Thank you in advance
↧