[Exchange Server] message tracking field relatedrecipientaddress incorrect mapping

[rugenl]

Field is mapped as IP but contains email address, so it's not searchable. Probably should be keyword.

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[JoeySec]

I am having this issue as well.

microsoft.exchange.relatedrecipientaddress contains an email address but is mapped as an IP.

Mapping location: https://github.com/elastic/integrations/blob/90580c4ece193dff0489804d87273fc8fa68d0b6/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml#L18

Microsoft's documentation (https://learn.microsoft.com/en-us/exchange/mail-flow/transport-logs/message-tracking?view=exchserver-2019#fields-in-the-message-tracking-log-files) describes the related-recipient-address field as: "This field is used with EXPAND, REDIRECT, and RESOLVE events to display other recipient email addresses that are associated with the message."