← KQL Queries

Identify outbound email senders with the highest single-day sending volume over the last 60 days

EmailOutboundEmailVolumeAnalysisSenderProfilingAnomalyDetectionoutbound_senders_report_per_day.kqlSe på GitHub
KQL
EmailEvents
| where TimeGenerated > ago(60d)
| where EmailDirection == "Outbound"
| summarize EmailCount = count() by SenderFromAddress, Day = bin(TimeGenerated, 1d)
| summarize TopDailyCount = max(EmailCount) by SenderFromAddress
| sort by TopDailyCount desc