Splunk

AWS Bedrock Claude excessive use of tokens

Last updated 2 days ago on 2026-07-17

About

Detects identities generating anomalously large model responses relative to their own historical baseline. For each identity, computes the average, maximum, and standard deviation of output token counts across all invocations, then flags any identity whose single largest response exceeds two standard deviations above their own mean. A statistically significant output spike from a single identity may indicate bulk data extraction, successful prompt injection producing verbose output, or a runaway agentic loop hitting context limits.
Platform
Splunk
Tags
Data Source: SplunkDomain: ApplicationRule Type: QueryOS: Any
Severity
medium
Risk Score
47
References
https://aws.amazon.com/blogs/apn/unlocking-the-power-of-splunk-with-amazon-bedrock-an-agentic-ai-approach-to-build-customized-splunk-assistants-using-bedrock-agents/(external, opens in a new tab or window)https://help.splunk.com/en/splunk-observability-cloud/observability-for-ai/splunk-ai-infrastructure-monitoring/set-up-ai-infrastructure-monitoring/amazon-bedrock(external, opens in a new tab or window)https://research.splunk.com/stories/aws_bedrock_security/(external, opens in a new tab or window)https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html(external, opens in a new tab or window)
False Positives
This detection may produce false positives for identities with low invocation history, legitimate large document summarization tasks, or automated pipeline sessions with naturally variable output token counts.
Source
View on GitHub(external, opens in a new tab or window)

Definition

Rule Language
SPL
Rule Type
query
text code block:
`aws_bedrock_claude` | spath output="out_tokens" path="output.outputBodyJson.usage.output_tokens" | eval user = replace('identity.arn', ".*/", "") | stats count AS invocations, avg(out_tokens) AS avg_out, max(out_tokens) AS max_out, stdev(out_tokens) AS stdev_out BY user, identity.arn | eval stdev_out = coalesce(stdev_out, 0) | eval threshold = avg_out + (2 * stdev_out) | where max_out > threshold | table user, identity.arn, invocations, avg_out, max_out, stdev_out, threshold | sort -max_out | `aws_bedrock_claude_excessive_use_of_tokens_filter`

View this rule on Splunk

This rule was sourced from the official Splunk public repository. View the original rule on GitHub(external, opens in a new tab or window).