Hi,
Currently there is not an easy way to distinguish if the Heartbeat data is coming from Azure Monitor Agent or from Log Analytics agent. When the same computer is using both agents the heartbeat data will be logged by both agents. I have spotted the following differences when data is coming from both agents:
For Linux:
- SourceComputerId is different for each agent data
- Version is different for each agent. For example for AMA it is 1.12.2 currently and for LAA is 1.13.40-0
- values in Solutions will also be different depending on what you use each agent for
- Seems AMA agent currently does not send data for column ComputerPrivateIPs. This could be some bug or missing feature that would be fixed at some point or may be it applies only for my environment.
Based on this we can come up with the following queries.
Heartbeat
| where OSType == "Linux"
| where isnull(ComputerPrivateIPs)
Heartbeat
| where OSType == "Linux"
| where Version !contains "-"
For Windows:
- OSName is logged by AMA only
- AMA version is 1.1.2.0 where LAA is 10.20.18053.0
Based on this we can come up with the following queries.
Heartbeat
| where OSType == "Windows"
| where OSName != ""
Heartbeat
| where OSType == "Windows"
| where Version startswith "1."
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.