Hello,

I'd like to know if there's any possibility to process the user input before executing a search but without harming the performance. At the moment I have this two text inputs:

{% textinput id="originatorKey" value="$originatorKey$"|token_safe %}

{% textinput id="recipientKey" value="$recipientKey$"|token_safe %}

Now imagine the user inputs me@example.com as the originator and leaves the recipient empty. I want to search for every email sent from me@example.com.

The first idea that I had to make this work was with something like this:

{% searchmanager id="search1" search='index=testindex | eval orig="$originatorKey$" | eval recipient="$recipientKey$" | search ... ' %}

Perhaps using a where clause as well as len to determine if the origin or the recipient should be included or not. But I don't want to follow this path. By using search='index=testindex' the whole index is fetched and this takes a long long time.

Then I thought about this one:

search='index=testindex origin="$originatorKey$" OR recipient="$recipientKey$" | where ((len("$originatorKey$") > 0 AND origin="$originatorKey$") OR len("$originatorKey$")==0) AND ((len("$recipientKey$") > 0 AND recipient="$recipientKey$") OR len("$recipientKey$")==0)'

But it would be better if I could determine beforehand if I need to search for the origin and the recipient or just one of them.

Is this possible?

Thanks