You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

python-openobserve

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

python-openobserve

0.3.0
pipPyPI
Maintainers
1

python-openobserve

Actions Status - Main PyPI Downloads Documentation build status OpenSSF Scorecard

A python connector to interact with OpenObserve (https://github.com/openobserve/openobserve) be it sending data, searching, or exporting/importing settings.

The idea is to have a similar python connector to the "Elasticsearch" package, which allows a 1:1 replacement of the "Elasticsearch" package with the "OpenObserve" package.

OpenObserve is way more lightweight than Elasticsearch, and it is open source, like everything should be.

install

pip install python-openobserve

usage

see example.ipynb for a full example

from python_openobserve.openobserve import OpenObserve

OO = OpenObserve(user = "root@example.com", password = "Complexpass#123")

from datetime import datetime
from random import random
from pprint import pprint
document = {
    "@timestamp" : datetime.utcnow(),
    "component" : "testagent",
    "action" : "buy",
    "amount" : random() * 100,
    "portfolio" : {
        "USD" : random() * 100.0,
        "BTC" : 0.1 + random() * 0.1
    }
}
pprint(document)

# insert document
OO.index("dd", document)

#search
# example sql parsing helper
sql = 'SELECT * FROM "dd"'
results = OO.search(sql, days=1)
print(f"got {len(results)} results")
pprint(results)

OO = OpenObserve(host="https://o2.example.com", user="root@example.com", password="Complexpass#123")
sql = 'SELECT log_file_name,count(*) FROM "default" GROUP BY log_file_name'
start_timeperiod = datetime.now() - timedelta(days=7)
end_timeperiod = datetime.now()
df_search_results = oo_conn.search2df(
    sql,
    start_time=start_timeperiod,
    end_time=end_timeperiod,
    verbosity=5,
)

# Export settings in split json, csv, or xlsx
OO.config_export(f"{tmpdir}/", verbosity=0, split=True)
OO.config_export(f"{tmpdir}/", verbosity=0, outformat="csv")
OO.config_export(f"{tmpdir}/", verbosity=0, outformat="xlsx")

Troubleshooting

If you have issues, try:

  • increase verbosity
  • reproduce issue with curl directly
  • check known issues

Known issues

There are notable gaps and inconsistence in openobserve API at Q2 2025. Check against documentation and swagger. Report API issues upstream.

  • folder_id in alerts creation is ignored
  • API field names are variable (id, alert_id)
  • API returns are inconsistent (use folderId at alert creation but get folder name at alert listing)

Keywords

openobserve
elasticsearch
logging
unstructured data

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Security News

Active Supply Chain Attack: npm Phishing Campaign Leads to Prettier Tooling Packages Compromise

Popular npm packages like eslint-config-prettier were compromised after a phishing attack stole a maintainer’s token, spreading malicious updates.

By Sarah Gooding  -  Jul 19, 2025
npm Phishing Email Targets Developers with Typosquatted Domain

Security News

/

Research

npm Phishing Email Targets Developers with Typosquatted Domain

A phishing attack targeted developers using a typosquatted npm domain (npnjs.com) to steal credentials via fake login pages - watch out for similar scams.

By Sarah Gooding  -  Jul 18, 2025