Skip to main content

Infrastructure prerequisites

The Audit service requires the following components to be set up before it can be started:
  • Docker engine
  • Kafka
  • Elasticsearch

Dependencies

The Audit service is built as a Docker image and runs on top of Kafka and Elasticsearch. Therefore, these services must be set up and running before starting the Audit service.

Configuration

Configuring Kafka

To configure the Kafka server for the Audit service, set the following environment variables:

Connection settings

VariableDescriptionDefault Value
SPRING_KAFKA_BOOTSTRAPSERVERSAddress of the Kafka server(s)localhost:9092
SPRING_KAFKA_SECURITYPROTOCOLProtocol used to communicate with brokersPLAINTEXT

Consumer configuration

VariableDescriptionDefault Value
SPRING_KAFKA_CONSUMER_GROUPIDConsumer group ID for audit logsaudit-gid
SPRING_KAFKA_CONSUMER_PROPERTIES_MAX_PARTITION_FETCH_BYTESMaximum data size per partition${KAFKA_MESSAGE_MAX_BYTES:52428800}
KAFKA_CONSUMER_THREADSNumber of consumer threads1
KAFKA_AUTHEXCEPTIONRETRYINTERVALRetry interval after auth failure (seconds)10

Topic naming configuration

VariableDescriptionDefault Value
DOTReference to primary separator${kafka.topic.naming.separator}
DASHReference to secondary separator${kafka.topic.naming.separator2}
KAFKA_TOPIC_NAMING_SEPARATORPrimary separator for topic names.
KAFKA_TOPIC_NAMING_SEPARATOR2Secondary separator for topic names-
KAFKA_TOPIC_NAMING_PACKAGEBase namespace for topicsai${dot}flowx${dot}
KAFKA_TOPIC_NAMING_ENVIRONMENTEnvironment indicator
KAFKA_TOPIC_NAMING_VERSIONVersion component${dot}v1
KAFKA_TOPIC_NAMING_PREFIXCombined prefix${kafka.topic.naming.package}${kafka.topic.naming.environment}
KAFKA_TOPIC_NAMING_SUFFIXCombined suffix${kafka.topic.naming.version}
KAFKA_TOPIC_AUDIT_INTopic for receiving audit logs${kafka.topic.naming.prefix}core${dot}trigger${dot}save${dot}audit${kafka.topic.naming.suffix}
With default settings, the KAFKA_TOPIC_AUDIT_IN resolves to: ai.flowx.dev.core.trigger.save.audit.v1

Configuring Elasticsearch

Configure Elasticsearch connection for audit data storage:
VariableDescriptionDefault Value
SPRING_ELASTICSEARCH_REST_PROTOCOLConnection protocolhttps
SPRING_ELASTICSEARCH_REST_URISURL(s) of Elasticsearch nodes (no protocol)-
SPRING_ELASTICSEARCH_REST_DISABLESSLDisable SSL verificationfalse
SPRING_ELASTICSEARCH_REST_USERNAMEAuthentication username-
SPRING_ELASTICSEARCH_REST_PASSWORDAuthentication password-
SPRING_ELASTICSEARCH_INDEXSETTINGS_DATASTREAMAudit data stream nameaudit-logs
SPRING_ELASTICSEARCH_INDEXSETTINGS_SHARDSNumber of primary shards2
SPRING_ELASTICSEARCH_INDEXSETTINGS_REPLICASNumber of replica shards2
The Elasticsearch index settings determine how your audit data is distributed and replicated across the cluster. The number of shards affects search performance and indexing, while replicas provide redundancy.

CAS lib configuration

Environment VariableDescriptionDefault Value
FLOWX_SPICEDB_HOSTSpiceDB server hostnamespicedb
FLOWX_SPICEDB_PORTSpiceDB server port50051
FLOWX_SPICEDB_TOKENSpiceDB authentication tokenspicedb-token

Configuring logging

To control the log levels, set the following environment variables:
VariableDescriptionDefault Value
LOGGING_LEVEL_ROOTLog level for root serviceINFO
LOGGING_LEVEL_APPLog level for applicationINFO

Ingress configuration

The Audit Core service uses the standard FlowX.AI ingress pattern. For complete setup instructions including the full ingress template, CORS configuration, and troubleshooting, see the Ingress Configuration Guide. Service-specific values for Audit Core:
  • Ingress name: audit-core-admin
  • Service path: /audit(/|$)(.*)(/|$)(.*)
  • Service name: audit-core
  • Rewrite target: /$2
  • Fx-Workspace-Id: Required

Complete Ingress Configuration

View the centralized ingress guide for the complete configuration template, annotations reference, and best practices.