Compliance
Export Policy Gateway audit logs to Splunk HEC
Stream Policy Gateway audit logs to Splunk HEC so security teams can search AI decisions inside their SIEM.
Updated 2026-01-16
Stream Policy Gateway audit logs to Splunk HEC so security teams can search AI decisions alongside other SIEM data.
Exports are available on enterprise plans; contact help@abliteration.ai to enable a log export sink.
{
"destination": "splunk_hec",
"endpoint": "https://hec.example.com:8088/services/collector",
"token": "$SPLUNK_HEC_TOKEN",
"index": "ai_audit",
"sourcetype": "policy_gateway_audit"
}What gets exported
Policy Gateway audit logs include consistent decision metadata for compliance reviews.
Export configuration
Use a Splunk HEC token and endpoint for the export destination.
Sample HEC payload
Splunk HEC accepts an envelope with the audit log stored under event.
{
"time": 1737061331,
"host": "policy-gateway",
"source": "policy-gateway",
"sourcetype": "policy_gateway_audit",
"index": "ai_audit",
"event": {
"policy_id": "support-guardrails",
"decision": "rewrite",
"effective_decision": "rewrite",
"reason_code": "REWRITE",
"policy_user": "user-12345",
"project_id": "support-bot",
"policy_target": "support-bot",
"rollout_mode": "enforced",
"enforced": true,
"triggered_categories": ["self-harm/intent"],
"allowlist_hits": ["refund policy"],
"denylist_hits": [],
"model": "abliterated-model",
"created_at": "2026-01-16T18:22:11Z"
}
}