Edge rule in rules engine fails to trigger when device sends telemetry data

nikhil_288 · October 10, 2025, 8:12am

We’ve configured an edge rule in Watson IoT Platform v25 that should trigger when temperature exceeds threshold, but it’s not activating when our edge gateway sends device data. The rule works fine when we test it through the platform UI with sample payloads.

Our edge gateway uses a custom CA certificate for MQTT TLS connections, and devices are publishing telemetry every 30 seconds. The rule is supposed to generate critical alerts for values above 85°C, but we’re seeing temperatures of 92°C in the device registry without any rule triggers.

We’re concerned about the MQTT TLS configuration and whether the event schema from edge devices matches what the rules engine expects. Has anyone encountered issues with custom certificates affecting rule processing at the edge?

poojasolver · November 6, 2025, 2:12pm

Before marking this resolved, document one more critical aspect that often gets missed with edge rules and custom certificates.


// Edge Gateway MQTT Configuration
mqtt.tls.version=TLSv1.2
mqtt.tls.cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
mqtt.eventType=temperature

The issue isn’t just event type matching - it’s the complete event schema validation chain:

1. Custom CA Certificate Handling: Your custom CA must be registered in Watson IoT Platform under Security > Connection Security > CA Certificates. The edge gateway’s client certificate must chain back to this CA. If the CA isn’t properly registered, the platform accepts the TLS connection but marks the device as ‘untrusted’ internally, which causes the rules engine to skip processing events from that source as a security measure.

Verify CA registration:

Navigate to Security > Connection Security
Confirm your CA certificate is listed and status shows ‘Active’
Check the certificate expiration date
Ensure ‘Allow Rules Processing’ is enabled for this CA

2. MQTT TLS Configuration: For edge gateways with custom certificates, the MQTT topic structure must include the correct device type and event type. Your corrected topic should be:


iot-2/type/{deviceType}/id/{deviceId}/evt/temperature/fmt/json

The TLS handshake must complete successfully AND the client certificate must be validated before the rules engine processes any events. Enable debug logging on your edge gateway:


mqtt.debug.level=TRACE
rules.engine.debug=true

This will show you exactly when the rules engine receives events and whether they’re being filtered out due to certificate trust issues.

3. Edge Rule Event Schema Matching: The rules engine validates three layers for edge deployments:

Event type (must match rule condition exactly - case sensitive)
Payload schema (JSON structure must match defined device type schema)
Source authentication (device must be trusted based on certificate validation)

Your rule condition should explicitly reference the event type:

{
  "condition": {
    "eventType": "temperature",
    "expression": "$event.d.temp > 85"
  }
}

The $event.d.temp path assumes your JSON payload structure is:

{"d": {"temp": 92}}

If your device publishes a flat structure like {"temp": 92}, change the expression to $event.temp > 85.

Verification Steps:

Confirm CA certificate is registered and ‘Allow Rules Processing’ is enabled
Verify MQTT topic includes correct event type ‘temperature’
Check payload JSON structure matches rule expression path
Enable debug logging to see rule evaluation attempts
Test with a single device first before deploying to fleet

Common Pitfall: When you tested through the UI, it bypassed the certificate validation layer entirely - that’s why it worked. The UI test injects events directly into the rules engine with a ‘trusted’ flag. Real device events go through the full authentication and validation pipeline.

After making these changes, you should see rule triggers within one message cycle (30 seconds in your case). If critical alerts are still missing after confirming all three areas, check the rules engine logs for schema validation errors - that’s usually the final piece.

ankitops · October 31, 2025, 6:09pm

Good catch on the certificate CN! I verified and it matches. I’ve updated our edge gateway configuration to publish with event type ‘temperature’ instead of ‘temp_reading’. Testing now to see if rules trigger correctly.

kaithinker · October 10, 2025, 10:08am

Check your edge rule event type configuration. When using custom CA certificates, the edge gateway might be publishing events with a different event type identifier than what your rule is listening for. Go to Device Types > Your Device Type > Event Schemas and verify the event ID matches exactly what your rule condition specifies.

sureshtech · October 25, 2025, 12:59am

The UI test uses the rules engine’s internal event format which is different from actual device events. For edge rules specifically, the event schema matching is strict. Your custom CA cert setup is fine - that’s just for transport security. The real issue is the event type mismatch you found.

Also check if your MQTT topic structure includes the event type correctly. Should be: iot-2/type/device_type/id/device_id/evt/temperature/fmt/json

If your gateway is using ‘temp_reading’ in the topic path, that’s what the rule needs to match against.

Topic		Views
SAP IoT rules engine fails to trigger actions from MQTT device events in sapiot-25 SAP IoT question , rules-engine , json , real-time-automation , mqtt-protocol , mqtt , hw-integration , sapiot-25 , event-trigger-f	7	March 5, 2025
Custom alert rules not triggering on application events in Node-RED flows for device onboarding IBM Watson IoT question , json , alerting , custom-events , alert-configuration , event-payload , app-enablement , wiot-25 , node-red	6	October 29, 2025
Rules engine fails to trigger actions on batch MQTT data ingestion from edge devices IBM Watson IoT question , scripting-auto , rules-engine , json , automation-failure , data-ingestion , mqtt , wiot-25 , rule-not-trigger	6	January 8, 2025
Rules engine fails to parse JSON payloads from edge devices after schema update IBM Watson IoT question , connectivity , rules-engine , json , json-schema , mqtt , edge-devices , wiot-ea , parsing-error	3	July 10, 2025
Security policy blocks MQTT message ingestion from new edge devices despite valid X.509 certificates Cisco IoT Cloud Connect question , security , tls , data-ingestion , mqtt , security-pol , device-onboarding , cciot-24 , mqtt-blocked	5	June 21, 2025
Rules engine fails to map incoming device data from custom hardware-event triggers not firing as expected IBM Watson IoT question , rules-engine , json , attribute-mapping , automation-failure , mqtt , hw-integration , wiot-25 , watsoniotplatform	6	October 21, 2025
Rules engine fails to trigger action when evaluating complex multi-attribute conditions on device events Oracle IoT Cloud question , rules-engine , json , rule-not-firing , missed-alerts , event-processing , iiot-support , oiot-22 , rules-designer	5	August 1, 2025
Edge device monitoring alerts not triggering after security policy update for IoT gateway nodes SAP IoT question , monitoring , missed-alerts , edge-security , tls-certificate , sapiot-25 , iot-gateway-edge , alerts-not-triggering , outbound-connections	5	July 13, 2025
Rules engine fails to trigger device alerts when using complex nested conditions IBM Watson IoT question , rest-api , rules-engine , json , missed-alerts , device-mgmt , wiot-25 , rule-eval-fail , nested-conditions	4	April 28, 2025

Edge rule in rules engine fails to trigger when device sends telemetry data

Related topics