Elasticsearch/OpenSearch ExternalSink for audit-framework — index audit events for search & dashboards.
Project description
audit-framework-elasticsearch
An Elasticsearch / OpenSearch sink for
audit-framework: indexes each audit event as a document
so you can search, filter, and dashboard your audit log (Kibana / OpenSearch
Dashboards) with no custom UI.
One adapter serves both Elasticsearch and OpenSearch — they share the same document-indexing and cluster-health REST API.
Install
pip install audit-framework-elasticsearch # bring your own transport
pip install audit-framework-elasticsearch[httpx] # + the convenience httpx transport
Use
from audit_framework_elasticsearch.sink import ElasticsearchSink, httpx_transport
from audit_framework.core.middlewares.sink_fanout import SinkFanOutMiddleware
import httpx
client = httpx.AsyncClient(timeout=10.0) # pooled, app-lifetime
sink = ElasticsearchSink(
"https://es.internal:9200",
index="audit", # → daily index audit-2026.06.26
api_key="...", # Authorization: ApiKey ...
transport=httpx_transport(client),
)
pipeline.use(SinkFanOutMiddleware([sink]))
OpenSearch is identical — point base_url at your cluster and (optionally) pass
name="opensearch". Via the registry, both names resolve to the same class:
registry.discover_entrypoints()
SinkClass = registry.get("external_sink", "opensearch") # or "elasticsearch"
No hard HTTP dependency
The sink talks to the cluster through an injected async transport
(method, url, json_body, headers) -> HttpResult, so it's fully unit-testable
without a network and you control the HTTP client / pooling. httpx_transport()
is provided for convenience (the httpx extra); supply a shared
httpx.AsyncClient in production.
Behaviour
emit→POST {base}/{index}[-YYYY.MM.DD]/_docwithevent.to_dict(); a non-2xx response raisesElasticsearchSinkErrorsoSinkFanOutMiddlewarerecords the failure (without aborting other sinks).health_check→GET {base}/_cluster/health, True when reachable and notred.- Daily indices (
daily=True, the default) map cleanly onto ILM/ISM retention policies — aligning with per-policyretention_days.
Development
pip install -e ".[dev]"
pytest # 13 stdlib-only tests (fake transport; no httpx/network needed)
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file audit_framework_elasticsearch-0.1.0.tar.gz.
File metadata
- Download URL: audit_framework_elasticsearch-0.1.0.tar.gz
- Upload date:
- Size: 7.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9fe9879a3ebb45909c56974a5f9d0e2b150c426a860b0fd93b3e2ac3d6119c25
|
|
| MD5 |
d8832c8486f49cd40c9c1d8a1fc97f08
|
|
| BLAKE2b-256 |
31c8b69266c39e1bc890a8802531f69ce9387990eeae92a225fe053646d1644b
|
Provenance
The following attestation bundles were made for audit_framework_elasticsearch-0.1.0.tar.gz:
Publisher:
release.yml on vanmarkic/audit-logger
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
audit_framework_elasticsearch-0.1.0.tar.gz -
Subject digest:
9fe9879a3ebb45909c56974a5f9d0e2b150c426a860b0fd93b3e2ac3d6119c25 - Sigstore transparency entry: 1997455353
- Sigstore integration time:
-
Permalink:
vanmarkic/audit-logger@a6dbec1581be847a73b80ad2abb37351bf1c6a6c -
Branch / Tag:
refs/tags/audit-framework-elasticsearch-v0.1.0 - Owner: https://github.com/vanmarkic
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@a6dbec1581be847a73b80ad2abb37351bf1c6a6c -
Trigger Event:
push
-
Statement type:
File details
Details for the file audit_framework_elasticsearch-0.1.0-py3-none-any.whl.
File metadata
- Download URL: audit_framework_elasticsearch-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f011aab39e7679b09df68d2ace633a539fde0deff7986f9d91636921e3176cb0
|
|
| MD5 |
091c13d773ec4500da2ac00368305b93
|
|
| BLAKE2b-256 |
15f241d0fca73e804268479b63b7b2c891057a3fc8b37bb719b9cde314057af5
|
Provenance
The following attestation bundles were made for audit_framework_elasticsearch-0.1.0-py3-none-any.whl:
Publisher:
release.yml on vanmarkic/audit-logger
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
audit_framework_elasticsearch-0.1.0-py3-none-any.whl -
Subject digest:
f011aab39e7679b09df68d2ace633a539fde0deff7986f9d91636921e3176cb0 - Sigstore transparency entry: 1997455432
- Sigstore integration time:
-
Permalink:
vanmarkic/audit-logger@a6dbec1581be847a73b80ad2abb37351bf1c6a6c -
Branch / Tag:
refs/tags/audit-framework-elasticsearch-v0.1.0 - Owner: https://github.com/vanmarkic
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@a6dbec1581be847a73b80ad2abb37351bf1c6a6c -
Trigger Event:
push
-
Statement type: