แก้ไข

แชร์ผ่าน


Export IoT data to Azure Data Explorer

This article describes how to configure data export to send data to the Azure Data Explorer.

Use this feature to continuously export filtered and enriched IoT data from your IoT Central application. Data export pushes changes in near real time to other parts of your cloud solution for warm-path insights, analytics, and storage.

For example, you can:

  • Continuously export telemetry, property changes, device connectivity, device lifecycle, device template lifecycle, and audit log data in JSON format in near real time.
  • Filter the data streams to export data that matches custom conditions.
  • Enrich the data streams with custom values and property values from the device.
  • Transform the data streams to modify their shape and content.

Tip

When you turn on data export, you get only the data from that moment onward. To retain more historical data, turn on data export early. To manually export data from times when data export was turned off, see How to use the IoT Central REST API to query devices.

Note

In some circumstances it could take up to 60 seconds for the messages to be exported. This time is measured from when IoT Central receives the message from the underlying IoT hub to when the message is delivered to the destination endpoint.

Prerequisites

To use data export features, you must have the Data export permission.

Set up an Azure Data Explorer export destination

You can use an Azure Data Explorer cluster or an Azure Synapse Data Explorer pool. To learn more, see What is the difference between Azure Synapse Data Explorer and Azure Data Explorer?.

IoT Central exports data in near real time to a database table in the Azure Data Explorer cluster. The data is in the message body and is in JSON format encoded as UTF-8. You can add a Transform in IoT Central to export data that matches the table schema.

To query the exported data in the Azure Data Explorer portal, navigate to the database and select Query.

The following video walks you through exporting data to Azure Data Explorer:

Connection options

Azure Data Explorer destinations let you configure the connection with a service principal or a managed identity.

Managed identities are more secure because:

  • You don't store the credentials for your resource in a connection string in your IoT Central application.
  • The credentials are automatically tied to the lifetime of your IoT Central application.
  • Managed identities automatically rotate their security keys regularly.

IoT Central currently uses system-assigned managed identities.

When you configure a managed identity, the configuration includes a scope and a role:

  • The scope defines where you can use the managed identity. For example, you can use an Azure resource group as the scope. In this case, both the IoT Central application and the destination must be in the same resource group.
  • The role defines what permissions the IoT Central application is granted in the destination service. For example, for an IoT Central application to send data to an event hub, the managed identity needs the Azure Event Hubs Data Sender role assignment.

The following video provides more information about system assigned managed identities:

Caution

To export to blob storage, don't use the Storage Account Contributor as shown in the video. Use the Storage Blob Data Contributor role instead.

Create an Azure Data Explorer destination

This article shows how to create a managed identity using the Azure CLI. You can also use the Azure portal to create a managed identity.

If you don't have an existing Azure Data Explorer database to export to, follow these steps. You have two choices to create an Azure Data Explorer database:

  • Create a new Azure Data Explorer cluster and database. To learn more, see the Azure Data Explorer quickstart. Make a note of the cluster URI and the name of the database you create, you need these values in the following steps.
  • Create a new Azure Synapse Data Explorer pool and database. To learn more, see the Azure Data Explorer quickstart. Make a note of the pool URI and the name of the database you create, you need these values in the following steps.

To configure the managed identity that enables your IoT Central application to securely export data to your Azure resource:

  1. Create a managed identity for your IoT Central application to use to connect to your database. Use the Azure Cloud Shell to run the following command:

    az iot central app identity assign --name {your IoT Central app name} \
        --resource-group {resource group name} \
        --system-assigned
    

    Make a note of the principalId and tenantId output by the command. You use these values in the following step.

  2. Configure the database permissions to allow connections from your IoT Central application. Use the Azure Cloud Shell to run the following command:

    az kusto database-principal-assignment create --cluster-name {name of your cluster} \
        --database-name {name of your database}    \
        --resource-group {resource group name} \
        --principal-assignment-name {name of your IoT Central application} \
        --principal-id {principal id from the previous step} \
        --principal-type App --role Admin \
        --tenant-id {tenant id from the previous step}
    

    Tip

    If you're using Azure Synapse, see az synapse kusto database-principal-assignment.

  3. Create a table in your database with a suitable schema for the data you're exporting. The following example query creates a table called smartvitalspatch. To learn more, see Transform data inside your IoT Central application for export:

    .create table smartvitalspatch (
      EnqueuedTime:datetime,
      Message:string,
      Application:string,
      Device:string,
      Simulated:boolean,
      Template:string,
      Module:string,
      Component:string,
      Capability:string,
      Value:dynamic
    )
    
  4. (Optional) To speed up ingesting data into your Azure Data Explorer database:

    1. Navigate to the Configurations page for your Azure Data Explorer cluster. Then enable the Streaming ingestion option.

    2. Run the following query to alter the table policy to enable streaming ingestion:

      .alter table smartvitalspatch policy streamingingestion enable
      

To create the Azure Data Explorer destination in IoT Central on the Data export page:

  1. Select + New destination.

  2. Select Azure Data Explorer as the destination type.

  3. Enter your Azure Data Explorer cluster or pool URL, database name, and table name. Select System-assigned managed identity as the authorization type.

    Tip

    The cluster URL for a standalone Azure Data Explorer looks like https://<ClusterName>.<AzureRegion>.kusto.windows.net. The cluster URL for an Azure Synapse Data Explorer pool looks like https://<DataExplorerPoolName>.<SynapseWorkspaceName>.kusto.azuresynapse.net.

    Screenshot of Azure Data Explorer export destination that uses a managed identity.

If you don't see data arriving in your destination service, see Troubleshoot issues with data exports from your Azure IoT Central application.

Set up a data export

Now that you have a destination to export your data to, set up data export in your IoT Central application:

  1. Sign in to your IoT Central application.

  2. In the left pane, select Data export.

    Tip

    If you don't see Data export in the left pane, then you don't have permissions to configure data export in your app. Talk to an administrator to set up data export.

  3. Select + New export.

  4. Enter a display name for your new export, and make sure the data export is Enabled.

  5. Choose the type of data to export. The following table lists the supported data export types:

    Data type Description Data format
    Telemetry Export telemetry messages from devices in near-real time. Each exported message contains the full contents of the original device message, normalized. Telemetry message format
    Property changes Export changes to device and cloud properties in near-real time. For read-only device properties, changes to the reported values are exported. For read-write properties, both reported and desired values are exported. Property change message format
    Device connectivity Export device connected and disconnected events. Device connectivity message format
    Device lifecycle Export device registered, deleted, provisioned, enabled, disabled, displayNameChanged, and deviceTemplateChanged events. Device lifecycle changes message format
    Device template lifecycle Export published device template changes including created, updated, and deleted. Device template lifecycle changes message format
    Audit logs Logs of user-initiated updates to entities in the application. To learn more, see Use audit logs to track activity in your IoT Central application Audit log message format
  6. Optionally, add filters to reduce the amount of data exported. There are different types of filter available for each data export type:

    Type of data Available filters
    Telemetry
    • Filter by device name, device ID, device template, and if the device is simulated
    • Filter stream to only contain telemetry that meets the filter conditions
    • Filter stream to only contain telemetry from devices with properties matching the filter conditions
    • Filter stream to only contain telemetry that has message properties meeting the filter condition. Message properties (also known as application properties) are sent in a bag of key-value pairs on each telemetry message. To create a message property filter, enter the message property key you're looking for, and specify a condition. Only telemetry messages with properties that match the specified filter condition are exported. Learn more about application properties from IoT Hub docs
    Property changes
    • Filter by device name, device ID, device template, and if the device is simulated
    • Filter stream to only contain property changes that meet the filter conditions
    Device connectivity
    • Filter by device name, device ID, device template, organizations, and if the device is simulated
    • Filter stream to only contain changes from devices with properties matching the filter conditions
    Device lifecycle
    • Filter by device name, device ID, device template, and if the device is provisioned, enabled, or simulated
    • Filter stream to only contain changes from devices with properties matching the filter conditions
    Device template lifecycle
    • Filter by device template
    Audit logs N/A
  7. Optionally, enrich exported messages with extra key-value pair metadata. The following enrichments are available for the telemetry, property changes, device connectivity, and device lifecycle data export types:

    • Custom string: Adds a custom static string to each message. Enter any key, and enter any string value.
    • Property, which adds to each message:
      • Device metadata such as device name, device template name, enabled, organizations, provisioned, and simulated.
      • The current device reported property or cloud property value to each message. If the exported message is from a device that doesn't have the specified property, the exported message doesn't get the enrichment.

Configure the export destination:

  1. Select + Destination to add a destination that you've already created or select Create a new one.

  2. To transform your data before it's exported, select + Transform. To learn more, see Transform data inside your IoT Central application for export.

  3. Select + Destination to add up to five destinations to a single export.

  4. When you've finished setting up your export, select Save. After a few minutes, your data appears in your destinations.

Monitor your export

In IoT Central, the Data export page lets you check the status of your exports. You can also use Azure Monitor to see how much data you're exporting and any export errors. You can access export and device health metrics in charts in the Azure portal by using, the REST API, queries in PowerShell, or the Azure CLI. Currently, you can monitor the following data export metrics in Azure Monitor:

  • Number of messages incoming to export before filters are applied.
  • Number of messages that pass through filters.
  • Number of messages successfully exported to destinations.
  • Number of errors found.

To learn more, see Monitor application health.

Data formats

The following sections describe the formats of the exported data:

Telemetry format

Each exported message contains a normalized form of the full message the device sent in the message body. The message is in JSON format and encoded as UTF-8. Information in each message includes:

  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - telemetry.
  • deviceId: The ID of the device that sent the telemetry message.
  • schema: The name and version of the payload schema.
  • templateId: The ID of the device template assigned to the device.
  • enqueuedTime: The time at which IoT Central received this message.
  • enrichments: Any enrichments set up on the export.
  • module: The IoT Edge module that sent this message. This field only appears if the message came from an IoT Edge module.
  • component: The component that sent this message. This field only appears if the capabilities sent in the message were modeled as a component in the device template
  • messageProperties: Other properties that the device sent with the message. These properties are sometimes referred to as application properties. Learn more from IoT Hub docs.

Message properties

Telemetry messages have properties for metadata as well as the telemetry payload. The previous snippet shows examples of system messages such as deviceId and enqueuedTime. To learn more about the system message properties, see System Properties of device-to-cloud IoT Hub messages.

You can add properties to telemetry messages if you need to add custom metadata to your telemetry messages. For example, you need to add a timestamp when the device creates the message.

The following code snippet shows how to add the iothub-creation-time-utc property to the message when you create it on the device:

Important

The format of this timestamp must be UTC with no timezone information. For example, 2021-04-21T11:30:16Z is valid, 2021-04-21T11:30:16-07:00 is invalid.

async function sendTelemetry(deviceClient, index) {
  console.log('Sending telemetry message %d...', index);
  const msg = new Message(
    JSON.stringify(
      deviceTemperatureSensor.updateSensor().getCurrentTemperatureObject()
    )
  );
  msg.properties.add("iothub-creation-time-utc", new Date().toISOString());
  msg.contentType = 'application/json';
  msg.contentEncoding = 'utf-8';
  await deviceClient.sendEvent(msg);
}

Property changes format

Each message or record represents changes to device and cloud properties. Information in the exported message includes:

  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - properties.
  • messageType: Either cloudPropertyChange, devicePropertyDesiredChange, or devicePropertyReportedChange.
  • deviceId: The ID of the device that sent the telemetry message.
  • schema: The name and version of the payload schema.
  • enqueuedTime: The time at which IoT Central detected this change.
  • templateId: The ID of the device template assigned to the device.
  • properties: An array of properties that changed, including the names of the properties and values that changed. The component and module information is included if the property is modeled within a component or an IoT Edge module.
  • enrichments: Any enrichments set up on the export.

Device connectivity changes format

Each message or record represents a connectivity event from a single device. Information in the exported message includes:

  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - deviceConnectivity.
  • messageType: Either connected or disconnected.
  • deviceId: The ID of the device that was changed.
  • schema: The name and version of the payload schema.
  • templateId: The ID of the device template assigned to the device.
  • enqueuedTime: The time at which this change occurred in IoT Central.
  • enrichments: Any enrichments set up on the export.

Device lifecycle changes format

Each message or record represents one change to a single device. Information in the exported message includes:

  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - deviceLifecycle.
  • messageType: The type of change that occurred. One of: registered, deleted, provisioned, enabled, disabled, displayNameChanged, and deviceTemplateChanged.
  • deviceId: The ID of the device that was changed.
  • schema: The name and version of the payload schema.
  • templateId: The ID of the device template assigned to the device.
  • enqueuedTime: The time at which this change occurred in IoT Central.
  • enrichments: Any enrichments set up on the export.

Device template lifecycle changes format

Each message or record represents one change to a single published device template. Information in the exported message includes:

  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - deviceTemplateLifecycle.
  • messageType: Either created, updated, or deleted.
  • schema: The name and version of the payload schema.
  • templateId: The ID of the device template assigned to the device.
  • enqueuedTime: The time at which this change occurred in IoT Central.
  • enrichments: Any enrichments set up on the export.

Audit log format

Each audit log message represents a user-initiated change to an auditable entity inside the IoT Central application. Information in the exported message includes:

  • actor: Information about the user who modified the entity.
  • applicationId: The ID of the IoT Central application.
  • messageSource: The source for the message - audit.
  • messageType: The type of change that occurred. One of: updated, created, deleted.
  • updated: Only present if messageType is updated. Provides more detail about the update.
  • resource: Details of the modified entity.
  • schema: The name and version of the payload schema.
  • deviceId: The ID of the device that was changed.
  • enqueuedTime: The time at which this change occurred in IoT Central.
  • enrichments: Any enrichments set up on the export.

Next steps

Now that you know how to export to Azure Data Explorer, a suggested next step is to learn Export to Webhook.