Forum Discussion
KQL query in Content Search
Am trying to perform a content search based on an exact subject phrase in an email that was inadvertenty sent to a lot of users in the org, but keep getting more results than what i actually expected.
The original message was system generated from an intune exchange compliance policy.
e.g here is what i was looking for in my query
Subject: "Action required to access your org's email on your device"
But the results return messages that were forwarded/replied to the original msg.
any idea how i can tweak this query to return an extact subject string match
The colon notation (:) translates to "contains". If you want exact match, you can use a condition with the equal sign (=). At least according to the documentation that is. In reality, doesnt seem to work.
So the workaround is to exclude anything that starts with the subject, which of course is a crapy way to do this but the only one that seems to work. For example, this should work in your case:
subject="Action required to access your org's email on your device" -subject="RE: Action required to access your org's email on your device"
You will have to account for the different variations of this because of languages, also for forwarding, etc...
Thx Vasil
I was able to get it to work with the following query
Subject: "Action required to access your org's email on your device" NOT subject:”FW” NOT subject:”RE”
But those two will only work for English language settings, if you have users using other languages you will have to account for the corresponding abbreviations :)
