Hi @DG001 , this typically indicates that there is a syntax error in the query that is being used to search for EmailEvents in Advanced Hunting. Do you have the exact query used?
To resolve this issue, you can try the following steps:
- Check the query syntax: Make sure that the query being used to search for EmailEvents is correct and follows the correct syntax. You can refer to the Microsoft documentation for Advanced Hunting query syntax to ensure that the query is correct.
- Check the query for incomplete fragments: The error message indicates that there is an incomplete fragment in the query. Check the query to see if there are any incomplete fragments, such as missing parentheses or quotation marks. Make sure that all fragments in the query are complete and properly formatted.
- Check the permissions: Ensure that the user has the necessary permissions to search for EmailEvents in Advanced Hunting. The user must have the necessary permissions to access the EmailEvents table in order to search for EmailEvents.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James