Forum Discussion
E-Discovery Search assistance
Hi All, Legal is requesting I compile a PST file with all emails that were sent or received from 4 different external email addresses. I log into Microsoft 365 compliance and create an e-Discovery c...
Are you including unindexed items in the export? Another thing that comes in mind is to ensure multiple OR clauses are combined in (via brackets), as otherwise you end up with quite broader search than expected.
I appreciate the response.
I was using the query builder to put together my search. I removed the keyword search box and left Participants as the only condition. Under participants I used the statement "Equals any of" and entered the addresses I am looking for in the search box. When I convert to KQL editor, the search looks like this: (c:c)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)
Is there a way to better format this in the KQL editor?
I did not include items that werent indexed. I am going to re-run the export with these items included.
I was using the query builder to put together my search. I removed the keyword search box and left Participants as the only condition. Under participants I used the statement "Equals any of" and entered the addresses I am looking for in the search box. When I convert to KQL editor, the search looks like this: (c:c)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)(participants=email address removed for privacy reasons)
Is there a way to better format this in the KQL editor?
I did not include items that werent indexed. I am going to re-run the export with these items included.
