Forum Discussion
AMA vs MMA which one should we go ahead???
Hello there,
we have an issue with one of the Azure sentinel clients, where the cost has considerably increased due to a particular Event ID generating alot of traffic.
Event ID 4663: At...
thank you for the quick and detailed response. I would specifically like to know the following:
- AMA can co-exist with MMA however, we will receive two heartbeats from one endpoint, one for each agent
- AMA will also collect logs and MMA as well, so rather than reducing logs, we will be having more logs coming in. So do we need to uninstall MMA to ensure the above two concerns are addressed (two heartbeats and duplicate logs)??????
- I have customer who already has MMA installed and I cannot just ask him to uninstall all the MMA agents and install AMA agents from scratch? any easy resolution for this problem?
If you can shed some light on these, it would be great.
Thanks
Fahad
You don't care about Heartbeat. You have 2 agents installed so you receive 2 different "heartbeats". You can separate them from the "Version" column. Customer doesn't needed to uninstall the MMAs. Just go to Log Analytics Workspace --> Agents configuration and disable the Windows event logs log collection. So your collection now will be based only at AMA-DCR.