Share via

Resolving Duplicate Data Issues on Azure VM

Anveshreddy Nimmala 3,550 Reputation points Microsoft External Staff
2024-10-03T09:10:46.2233333+00:00

What could cause my Azure VM to accumulate duplicate data, and what steps can I take to fix it?

PS - Based on common issues that we have seen from customers and other sources, we are posting these questions to help the Azure community.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,561 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anveshreddy Nimmala 3,550 Reputation points Microsoft External Staff
    2024-10-03T09:11:42.9333333+00:00

    If your Azure VM is accumulating duplicate data when the Azure Monitor Agent (AMA) is installed, the issue could be related to the configuration of the agent or how it interacts with your VM and the Azure environment. Here are some potential causes :

    • Creating multiple DCRs with the same data source and associating them to the same agent. Ensure that you're filtering data in the DCRs such that each collects unique data.
    • Creating a DCR that collects security logs and enabling Sentinel for the same agents. In this case, you may collect the same events in the Event table and the SecurityEvent table.
    • Using both the Azure Monitor agent and the legacy Log Analytics agent on the same machine. Limit duplicate events to only the time when you transition from one agent to the other.
    • Using the Azure Monitor agent and the Azure Diagnostics extension on the same machine. This can cause duplicate data collection.
    • The same VM might be mapped to multiple Log Analytics workspaces, resulting in data being sent to multiple locations and causing duplicates.

    After performing these actions, check your VM to confirm that the data accumulation problem has been resolved.

    Resources:

    **Please do not forget to "Accept the answer" and "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.**If your Azure VM is accumulating duplicate data when the Azure Monitor Agent (AMA) is installed, the issue could be related to the configuration of the agent or how it interacts with your VM and the Azure environment. Here are some potential causes :

    • Creating multiple DCRs with the same data source and associating them to the same agent. Ensure that you're filtering data in the DCRs such that each collects unique data.
    • Creating a DCR that collects security logs and enabling Sentinel for the same agents. In this case, you may collect the same events in the Event table and the SecurityEvent table.
    • Using both the Azure Monitor agent and the legacy Log Analytics agent on the same machine. Limit duplicate events to only the time when you transition from one agent to the other.
    • Using the Azure Monitor agent and the Azure Diagnostics extension on the same machine. This can cause duplicate data collection.
    • The same VM might be mapped to multiple Log Analytics workspaces, resulting in data being sent to multiple locations and causing duplicates.

    After performing these actions, check your VM to confirm that the data accumulation problem has been resolved.

    Resources:

    Please do not forget to "Accept the answer" and "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.