I have a task to find abandoned mailboxes in my Exchange servers, means mailboxes with no activities for last 90 days. For that I made a query in LogParser:
SELECT
TO_TIMESTAMP(EXTRACT_PREFIX(TO_STRING([#Fields: date-time]),0,'.'),'yyyy-MM-ddThh:mm:ss') AS DATE,
recipient-address as Receiver,
sender-address as Sender
FROM '[LOGFILEPATH]'
WHERE (sender-address='[email protected]' OR recipient-address='[email protected]') AND Date > TO_TIMESTAMP('2017-01-22 22:18:00', 'yyyy-MM-dd hh:mm:ss')
GROUP BY Receiver, Date, Sender
But how to pass multiple addresses there? I mean If I need to check, i.e. 50 addresses, how should I pass email addresses to the Log Parser query?
Thank you!
Unfortunately, LogParser's query parameters must be specified via the command-line, and that's not handy for multi-valued parameters with many values.
You could use a two-step approach instead: generate the .sql file first populating an IN clause with a comma-separated list of addresses, and then run the .sql file.
Your example would become something like this:
... WHERE sender-address IN ('[email protected]', '[email protected]', ...) OR recipient-address IN ('[email protected]', '[email protected]', ...) ...