← KQL Queries

Identify outbound email senders with the highest single-hour sending volume over the last 60 days

EmailOutboundEmailVolumeAnalysisSenderProfilingAnomalyDetectionoutbound_senders_report_per_hour.kqlSe på GitHub
KQL
EmailEvents
| where TimeGenerated > ago(60d)
| where EmailDirection == "Outbound"
| summarize EmailCount = count() by SenderFromAddress, Hour = bin(TimeGenerated, 1h)
| summarize TopHourlyCount = max(EmailCount) by SenderFromAddress
| sort by TopHourlyCount desc