Ship OpenTelemetry logs and metrics from Claude Code and Claude Cowork into a SIEM (Splunk HEC out of the box) for security monitoring, audit retention, and detection engineering.

Claude Code and Cowork already speak OTLP — they just need somewhere to send it. This package is a small Python receiver that:

1. Listens on OTLP/HTTP for /v1/logs and /v1/metrics (protobuf and JSON, gzip-aware, optional bearer-token auth).
2. Normalizes each record into a flat dict that keeps Claude Code's event schema (event.name, tool_name, decision, session.id, user.email, prompt.id, …) intact.
3. Forwards each batch to Splunk's HTTP Event Collector (HEC) — events as claude:event:<event_name> sourcetypes, metrics in Splunk's metric-store form so they're queryable with mstats.

A stdout/NDJSON sink is included so you can pipe events into jq while you build detections, and so the tool is useful without a SIEM hooked up yet.

Both Claude Code and Cowork can ship telemetry directly to any OTLP-compatible backend — including Splunk's OTLP receiver if you run one. This package is the right fit when:

• You want a lightweight receiver next to the developer's machine (or on a Cowork-egress host) rather than running a full OpenTelemetry Collector.
• You want events delivered to Splunk HEC, which speaks JSON, not OTLP.
• You want a stable schema in Splunk (one sourcetype per event kind, metric-store envelopes for metrics) regardless of OTLP schema churn.
• You want a clear audit boundary: a process you own decides what reaches the SIEM.

If you already run an OpenTelemetry Collector with the Splunk exporter, you don't need this — point Claude Code at the Collector.

The shipper inherits whatever Claude Code chooses to emit. Highlights you'll care about for security monitoring:

Events (/v1/logs)

Metrics (/v1/metrics)

claude_code.session.count, claude_code.token.usage (broken down by type, model, agent.name, skill.name, plugin.name), claude_code.cost.usage, claude_code.lines_of_code.count, claude_code.pull_request.count, claude_code.commit.count, claude_code.code_edit_tool.decision, claude_code.active_time.total.

Every event and metric carries the identity attributes Claude Code attaches when the user is signed in: user.email, user.account_uuid, user.account_id, organization.id, plus the installation-scoped user.id and per-session session.id. That's what makes the stream usable as an audit log — actions are attributed to a real developer, not a service account.

pip install claude-otel-siem
# or, from source:
git clone https://github.com/anshugupta/claude-otel-siem
cd claude-otel-siem
pip install -e ".[dev]"

Python 3.10+.

Minimal config — events to stdout (great for first-time testing):

CLAUDE_OTEL_SIEM_SINK=stdout \
  claude-otel-siem

Forward to Splunk HEC:

export CLAUDE_OTEL_SIEM_SINK=splunk
export CLAUDE_OTEL_SIEM_SPLUNK_HEC_URL="https://splunk.example.com:8088"
export CLAUDE_OTEL_SIEM_SPLUNK_HEC_TOKEN="…your HEC token…"
export CLAUDE_OTEL_SIEM_SPLUNK_EVENT_INDEX="claude_events"
export CLAUDE_OTEL_SIEM_SPLUNK_METRICS_INDEX="claude_metrics"   # must be a metrics index
# Optional: require Claude Code to authenticate to the shipper.
export CLAUDE_OTEL_SIEM_AUTH_TOKEN="long-random-secret"

claude-otel-siem

Or via Docker (examples/docker-compose.yml):

SPLUNK_HEC_URL=https://splunk.example.com:8088 \
SPLUNK_HEC_TOKEN=… \
docker compose -f examples/docker-compose.yml up

The standard OTLP env vars (see examples/claude-code.env):

export CLAUDE_CODE_ENABLE_TELEMETRY=1
export OTEL_LOGS_EXPORTER=otlp
export OTEL_METRICS_EXPORTER=otlp
export OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
export OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318

# Required for real audit value -- captures Bash commands, file paths,
# MCP tool names + arguments. Without this you only get tool *names*.
export OTEL_LOG_TOOL_DETAILS=1

# Optional: capture verbatim prompts (privacy-sensitive).
# export OTEL_LOG_USER_PROMPTS=1

# Optional: shipper auth token (mirror CLAUDE_OTEL_SIEM_AUTH_TOKEN).
# export OTEL_EXPORTER_OTLP_HEADERS="Authorization=Bearer long-random-secret"

claude

To enforce these for every user on a machine, drop examples/managed-settings.json at /etc/claude-code/managed-settings.json (or deliver it via MDM / Anthropic server-managed settings). Settings at that path are highest-precedence and can't be overridden by users.

Cowork is configured through the admin UI, not env vars. In the desktop app:

1. Admin settings → Cowork.
2. Set the OTLP collector URL to your receiver, e.g. https://shipper.internal.example.com:4318 (Cowork doesn't talk to localhost — the receiver has to be reachable from the VM).
3. Protocol: choose http/protobuf (or http/json). Cowork does not support gRPC.
4. Headers: if you set CLAUDE_OTEL_SIEM_AUTH_TOKEN, add Authorization=Bearer <token> here.
5. Save, then start a fresh Cowork session — existing sessions don't reload the config.
6. If network egress restrictions are enabled (Admin settings → Capabilities → Network egress), allowlist the shipper's domain.

Prereqs: Team or Enterprise plan, Claude desktop app ≥ 1.1.4173.

Some queries that fall out naturally from the schema:

# Tool calls rejected by policy / hook
index=claude_events sourcetype="claude:event:tool_decision"
  decision=reject source IN (hook, user_reject, user_abort)
| stats count by user.email, tool_name, source

# Permission-mode escalations into bypass
index=claude_events sourcetype="claude:event:permission_mode_changed"
  to_mode=bypassPermissions
| table _time user.email session.id from_mode to_mode trigger

# Bash commands run (requires OTEL_LOG_TOOL_DETAILS=1)
index=claude_events sourcetype="claude:event:tool_result" tool_name=Bash
| spath input=attributes.tool_parameters
| table _time user.email full_command bash_command session.id

# Third-party MCP server connections
index=claude_events sourcetype="claude:event:mcp_server_connection"
  status=connected transport_type IN (sse, http)
| stats count by user.email, server_name

# Token spend per user per day
| mstats sum(claude_code.token.usage) WHERE index=claude_metrics
  BY user.email, type span=1d

• Why HTTP only, not gRPC. Cowork's admin UI only offers http/json and http/protobuf, and gRPC for Claude Code alone wasn't worth the grpcio/grpcio-tools dependency footprint. Run an OpenTelemetry Collector in front if you have a gRPC-only client.
• Failure mode. Sinks retry transient HTTP errors internally (408/429/5xx, transport errors) with exponential backoff. Persistent failures bubble up and the receiver returns 5xx — Claude Code's OTLP SDK then retries on its end. The shipper does not queue to disk. If you need durability across shipper restarts, put a real OpenTelemetry Collector with a file-storage extension in front and use this package as its exporter.
• No content filtering. When OTEL_LOG_TOOL_DETAILS=1 is set on the Claude Code side, tool_result events include tool_parameters and tool_input payloads — file paths, URLs, Bash commands, MCP arguments. These can contain sensitive values. Filter or redact in Splunk (props/ transforms) or via an OTel Collector processor stage between Claude Code and the shipper.

pip install -e ".[dev]"
pytest -q

Apache License 2.0. See LICENSE.

Copyright 2026 anshug