I must apologize as I have found partial examples of what I am looking for, but I'm not well-versed enough to merge them together to get what I need. I have a search:
index="msexchange" sourcetype="MSExchange:2010:MessageTracking" sender="*reply*" (sender_domain="domain1" OR sender_domain="domain2" OR sender_domain="domain3")
And I need to take that data and overlay it on a line graph (based on # of events over the span of a month) with its inverse. In other words, I need to compare it to the following search:
index="msexchange" sourcetype="MSExchange:2010:MessageTracking" sender!="*reply*" (sender_domain!="domain1" AND sender_domain!="domain2" AND sender_domain!="domain3")
(not even really sure if I inverted that correctly)
Thanks in advance. Any help is very much appreciated.
... View more