From 3954ecc595d7a06543d1f950d2860b6db2fc13ba Mon Sep 17 00:00:00 2001
From: Sean Whalen <whalenster@gmail.com>
Date: Tue, 21 Aug 2018 16:00:46 -0400
Subject: [PATCH] 3.8.0 - Fix saving to Elasticsearch when the to header is
 mising from forensic sample

---
 parsedmarc/elastic.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/parsedmarc/elastic.py b/parsedmarc/elastic.py
index 31d812d..a943436 100644
--- a/parsedmarc/elastic.py
+++ b/parsedmarc/elastic.py
@@ -296,12 +296,14 @@ def save_forensic_report_to_elasticsearch(forensic_report):
     arrival_date = parsedmarc.human_timestamp_to_datetime(arrival_date_human)
 
     search = forensic_index.search()
-    to_query = {"match": {"sample.headers.to": headers["to"]}}
     from_query = {"match": {"sample.headers.from": headers["from"]}}
     subject_query = {"match": {"sample.headers.subject": headers["subject"]}}
     arrival_date_query = {"match": {"sample.headers.arrival_date": arrival_date
-                                    }}
-    q = Q(to_query) & Q(from_query) & Q(subject_query) & Q(arrival_date_query)
+                                }}
+    q = Q(from_query) & Q(subject_query) & Q(arrival_date_query)
+    if "to" in headers:
+        to_query = {"match": {"sample.headers.to": headers["to"]}}
+        q & Q(to_query)
     search.query = q
     existing = search.execute()