LLMmon

LLMmon — LLM Gateway Monitor for Splunk As organizations adopt Large Language Models (LLMs) across their workflows, they face a critical blind spot: LLM API traffic is invisible. Requests containing sensitive prompts, responses with confidential data, token consumption, and latency are all completely unaudited by default. LLMmon solves this by acting as a transparent security gateway between your applications and any OpenAI-compatible LLM provider (OpenAI, Azure OpenAI, local models, and others). All traffic is proxied through LLMmon, which logs every request and response into Splunk in real time — giving your security and operations teams full visibility. What LLMmon addresses: - No visibility into what prompts are being sent to LLM APIs and what responses are returned - No usage tracking — which models are being used, by whom, and how much - No cost control — token consumption goes unmonitored until the bill arrives Key capabilities: - Proxy and log all LLM API traffic with zero changes to existing client applications - Route requests to different providers based on model name or request headers - Dashboard showing request counts, token usage, response latency, and model breakdown - Full request and response body capture for audit and forensic investigation - Supports streaming responses