Track a Message - Microsoft Exchange

Sender / From sender=" " * Recipient / To recipient=" " * Message Subject message_subject=" " * Last 15 minutes

eventtype=msexchange-msgtrack ($sender$ OR $recipient$ OR $subject$) |transaction message_id keepevicted=t maxspan=15m |search $sender$ $recipient$ $subject$ |eval dt=strftime(_time,"%c") |`fix-sender-case` |eval total_bytes=mvindex(total_bytes,-1) |stats values(dt) as "Date/Time",values(sender) as "Sender",values(recipient) as "Recipients",values(message_subject) as "Subject",max(total_bytes) as "Size" by message_id 20truetrue msgtrack_message?autoRun=true&form.message_id=$click.value$&earliest=$earliest$&latest=$latest$