Users
      Back to home
      1. Help Center
      2. Google Workspace
      3. Users

      How to find messages with Email Log Search?

      Email Log Search

      Use Email Log Search (ELS) to find and review email messages that people in your organization send and receive. You can find all messages within a specific time range, or search for messages by sender, date, or message ID. You can optionally download your ELS results to a Google Sheet or .csv file. 


      ELS helps you:

      • Find missing email messages, and troubleshoot why these messages weren’t delivered as expected.
      • Verify how your organization's email policies and rules affect your email flow and delivery.
      • Check the status of messages after they’re delivered, including information about message labels, message location, whether the message was marked as spam, and if the message was deleted after delivery.

      With ELS, you can search for:

      • Messages to or from specific people in your organization.
      • Messages by email address, IP address, or domain.
      • Messages within a default date range, or within a custom date range that you specify.
      • Messages sent to Google Groups, or to other mailing lists that include your users. 

      For messages older than 30 days: 

      • You can't search using a Google Group email address.
      • You must include both the recipient’s email address and the message ID in your search.
      • ELS provides message post-delivery status only. Message delivery status isn't available for messages older than 30 days.

      Steps to Find messages with Email Log Search:

      1. In the Admin console, go to Menu > Reporting > Email Log Search.
      2. Select a date range from the menu, or specify a range using the calendar 

       

      3. Enter search criteria in any of the following fields: 
      • Sender—All or part of the sender's email address or Return-Path address. The sender's Return-Path address is contained in the message header. To search for an exact match, enter the complete email address and enclose it in quotes, for example, “user@domain.com

       

      Note: When searching for a message sent to a group email address, search by message ID. Searching with the group address as the recipient won't show the delivery to individual group members.

      • Recipient—The recipient's complete or partial email address.
      • Sender IP or Recipient IP—The exact IP address of the sender or recipient. IP addresses that aren't exact don't return any messages in the search.

       

      Note: When you search with Sender IP, the results might show a Google outbound IP address instead of the public outbound IP address for your domain. Gmail sends outgoing messages through Gmail servers, which use Google outbound IP addresses.

      • Subject—An email subject line or part of a subject line. This option is case-insensitive. For the message to be returned, the subject line text must match exactly the text you enter in this field. This search option isn’t available for all accounts. 

      • Message ID—The unique message ID is located in the message header. If you also specify a date and time range, this option overrides the date and time range. Searching by Message ID returns matching messages, even if they're outside a specified date range.
        Visit Trace an email with its full headers for instructions on how to find the message ID for different mail providers. 

        4. Click Search. Search results are returned within a minute or two. Sometimes, it can take up to          an hour.
      • Search results are limited to 1000 messages.
      • For multi-page results, use the arrows at the top or bottom of the message list to change pages.
      • Click a subject or message ID for message details, including delivery path and status. Learn more.
      • If you get too many results, try to narrow your search

      Please check the below-supporting article for your further reference:

      Find messages with Email Log Search - Google Workspace Admin Help