Skip to main content

Elasticsearch/OpenSearch ExternalSink for audit-framework — index audit events for search & dashboards.

Project description

audit-framework-elasticsearch

An Elasticsearch / OpenSearch sink for audit-framework: indexes each audit event as a document so you can search, filter, and dashboard your audit log (Kibana / OpenSearch Dashboards) with no custom UI.

One adapter serves both Elasticsearch and OpenSearch — they share the same document-indexing and cluster-health REST API.

Install

pip install audit-framework-elasticsearch          # bring your own transport
pip install audit-framework-elasticsearch[httpx]   # + the convenience httpx transport

Use

from audit_framework_elasticsearch.sink import ElasticsearchSink, httpx_transport
from audit_framework.core.middlewares.sink_fanout import SinkFanOutMiddleware
import httpx

client = httpx.AsyncClient(timeout=10.0)            # pooled, app-lifetime
sink = ElasticsearchSink(
    "https://es.internal:9200",
    index="audit",                                  # → daily index audit-2026.06.26
    api_key="...",                                  # Authorization: ApiKey ...
    transport=httpx_transport(client),
)
pipeline.use(SinkFanOutMiddleware([sink]))

OpenSearch is identical — point base_url at your cluster and (optionally) pass name="opensearch". Via the registry, both names resolve to the same class:

registry.discover_entrypoints()
SinkClass = registry.get("external_sink", "opensearch")   # or "elasticsearch"

No hard HTTP dependency

The sink talks to the cluster through an injected async transport (method, url, json_body, headers) -> HttpResult, so it's fully unit-testable without a network and you control the HTTP client / pooling. httpx_transport() is provided for convenience (the httpx extra); supply a shared httpx.AsyncClient in production.

Behaviour

  • emitPOST {base}/{index}[-YYYY.MM.DD]/_doc with event.to_dict(); a non-2xx response raises ElasticsearchSinkError so SinkFanOutMiddleware records the failure (without aborting other sinks).
  • health_checkGET {base}/_cluster/health, True when reachable and not red.
  • Daily indices (daily=True, the default) map cleanly onto ILM/ISM retention policies — aligning with per-policy retention_days.

Development

pip install -e ".[dev]"
pytest        # 13 stdlib-only tests (fake transport; no httpx/network needed)

License

MIT

For AI agents & coding assistants

This package ships its agent guide — AGENTS.mdinside the wheel (installed at <site-packages>/audit_framework_elasticsearch/AGENTS.md). Read it offline, with no docs site and no network, even from an airgapped Nexus PyPI mirror:

python -m audit_framework_elasticsearch
python -c "import audit_framework_elasticsearch; print(audit_framework_elasticsearch.overview())"

AGENTS.md is the single source of truth: mental model, one runnable quickstart, and the exact public API. audit_framework_elasticsearch.overview() returns it, and tests/guide_test.py compiles its examples so the guide can't drift from the code.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

audit_framework_elasticsearch-0.1.1.tar.gz (10.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

audit_framework_elasticsearch-0.1.1-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file audit_framework_elasticsearch-0.1.1.tar.gz.

File metadata

File hashes

Hashes for audit_framework_elasticsearch-0.1.1.tar.gz
Algorithm Hash digest
SHA256 cf4bae68841dc2ae2c3ca5cfac54e9960991b01a627e111774c094593e17dc33
MD5 acc09ef5b6f5afeaaf62b5042267d60c
BLAKE2b-256 b6c08ec223e01bc02fba8748e17143d024f75a71a040651f7eca80e5bc57b8cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for audit_framework_elasticsearch-0.1.1.tar.gz:

Publisher: release.yml on vanmarkic/audit-logger

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file audit_framework_elasticsearch-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for audit_framework_elasticsearch-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 13efba57af61af5e30927aee1884b64d228c9a85984bc41449aeeaf1594c0c0f
MD5 e6ecb63bd3e0dd4dea92953f0d185f32
BLAKE2b-256 58f6528cd0dd7bba1b3113204a02475c012e4611832c2b4cfaaa61f7138620a1

See more details on using hashes here.

Provenance

The following attestation bundles were made for audit_framework_elasticsearch-0.1.1-py3-none-any.whl:

Publisher: release.yml on vanmarkic/audit-logger

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page