How do I fix a 401 Unauthorized error from abliteration.ai?

Check that your API key is set and sent as a Bearer token.

How do I fix a 404 Not Found error from abliteration.ai?

Make sure the base URL ends with /v1 and you call /chat/completions.

How do I fix a 400 Bad Request error from abliteration.ai?

Verify the model id and that messages are an array of { role, content } objects.

How do I fix a 429 Rate limit error from abliteration.ai?

Back off and retry. Use the Retry-After header for pacing.

Export Policy Gateway audit logs to Splunk HEC

Quick start

Example request

{
  "destination": "splunk_hec",
  "endpoint": "https://hec.example.com:8088/services/collector",
  "token": "$SPLUNK_HEC_TOKEN",
  "index": "ai_audit",
  "sourcetype": "policy_gateway_audit"
}

Service notes

Pricing model: Usage-based pricing (~$5 per 1M tokens) billed on total tokens (input + output). See the API pricing page for current plans.
Data retention: No prompt/output retention by default. Operational telemetry (token counts, timestamps, error codes) is retained for billing and reliability.
Compatibility: OpenAI-style /v1/chat/completions request and response format with a base URL switch.
Latency: Depends on model size, prompt length, and load. Streaming reduces time-to-first-token.
Throughput: Team plans include priority throughput. Actual throughput varies with demand.
Rate limits: Limits vary by plan and load. Handle 429s with backoff and respect any Retry-After header.

What gets exported

Policy Gateway audit logs include consistent decision metadata for compliance reviews.

policy_id, decision, effective_decision, reason_code
policy_user, project_id, policy_target for audit trails
rollout_mode, enforced for rollout tracking
triggered_categories, allowlist_hits, denylist_hits
model, created_at, and optional data classification tags

Export configuration

Use a Splunk HEC token and endpoint for the export destination.

Create a Splunk HEC token scoped to your audit log index.
Set the endpoint to https://<hec-host>:8088/services/collector.
Tag events with source, sourcetype, and index for search and routing.
Send each audit log as the event payload.

Sample HEC payload

Splunk HEC accepts an envelope with the audit log stored under event.

Sample HEC payload

{
  "time": 1737061331,
  "host": "policy-gateway",
  "source": "policy-gateway",
  "sourcetype": "policy_gateway_audit",
  "index": "ai_audit",
  "event": {
    "policy_id": "support-guardrails",
    "decision": "rewrite",
    "effective_decision": "rewrite",
    "reason_code": "REWRITE",
    "policy_user": "user-12345",
    "project_id": "support-bot",
    "policy_target": "support-bot",
    "rollout_mode": "enforced",
    "enforced": true,
    "triggered_categories": ["self-harm/intent"],
    "allowlist_hits": ["refund policy"],
    "denylist_hits": [],
    "model": "abliterated-model",
    "created_at": "2026-01-16T18:22:11Z"
  }
}

Verification checklist

Search for sourcetype=policy_gateway_audit in your Splunk index.
Filter by policy_id or project_id to confirm routing.
Confirm rollout metadata (rollout_mode, enforced) appears as expected.

Common errors & fixes

401 Unauthorized: Check that your API key is set and sent as a Bearer token.
404 Not Found: Make sure the base URL ends with /v1 and you call /chat/completions.
400 Bad Request: Verify the model id and that messages are an array of { role, content } objects.
429 Rate limit: Back off and retry. Use the Retry-After header for pacing.

Quick start

Service notes

What gets exported

Export configuration

Sample HEC payload

Verification checklist

Common errors & fixes

Related links