# Hybrid - Anvilogic on Splunk & Azure Architecture

Below is the generic architecture digram for how Anvilogic works on top of a hybrid data environment like Snowflake & Splunk

{% hint style="info" %}

* This supports **Azure** on Data Explorer, Log Analytics, Fabric, and Sentinel.
* This supports **Splunk** on Splunk Cloud, Splunk Enterprise on-premise, and Splunk Enterprise Security (ES)
  {% endhint %}

**Diagram:**

<figure><img src="/files/oe3cLfYAVxB0ODDJlhld" alt=""><figcaption><p>Anvilogic on Azure (Data Explorer, Log Analytics, Fabric, Sentinel) &#x26; Splunk (Cloud or On-Premise) Hybrid</p></figcaption></figure>

**PDF Download:**

{% file src="/files/Qx8Ey4YUVSccNzedNoIK" %}

**Hybrid FAQ**

<details>

<summary>What is the EOI routing pipeline?</summary>

With a multi platform SIEM, you need to select a primary location to store all of your Alerts, this in the Anvilogic platform is called your “Events of Interest (EOI)”.

You will select which logging platform you want to contain your consolidated EOIs from all detection inputs and the EOI routing pipeline will ensure all alerts (regardless where they original from) get routed to land in the correct destination for correlation opportunities across your data repositories.

**In this example Splunk was selected to be the primary EOI data repo**, which means all Snowflake alerts get routed to the Splunk index. If Snowflake was selected, then all Splunk alerts would get routed to the Snowflake alert table.

Anvilogic will also store a copy of all alerts generated in the platform Alert Lake, which is used for AI-Insights (ex. Tuning, Health, and Hunting escalations).

</details>

### Frequently Asked Questions (FAQs)

* [Splunk FAQ](/get-started/reference-architectures/anvilogic-on-splunk-architecture.md#frequently-asked-questions-faqs)
* [Azure FAQ](/get-started/reference-architectures/anvilogic-on-azure.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://public-docs.anvilogic.com/get-started/reference-architectures/hybrid-anvilogic-on-splunk-and-azure-architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.