index=mail sourcetype="symantec:mail:syslog" sender "ML-DELIVERY" | stats values(sender) as sender by msg_id | eventstats dc(sender) as multi_sender by msg_id | where multi_sender > 50

We are have SMG in our company and it has been integrated successfully into Splunk as well. I am trying now to find out who are the top 50 email senders. Is the above search correct? If not, kindly let me know what has to be changed.

Regards
Pradeep