We’re experiencing a critical issue where device events transmitted via MQTT are not triggering configured actions in our SAP IoT rules engine. Our industrial sensors publish telemetry data to topic factory/sensors/+/telemetry but the rules engine shows no activity logs.
The MQTT broker confirms successful message delivery with proper topic structure:
Topic: factory/sensors/temp_01/telemetry
Payload: {"deviceId":"temp_01","temp":85.3,"timestamp":1715684580}
We’ve verified the rule condition matches our data schema and device permissions appear correct in the device registry. The same rule worked perfectly in our test environment last month. We’re running SAP IoT 2.5 with default MQTT settings. Has anyone encountered similar MQTT topic mapping issues or rules engine schema mismatches after recent updates?
Based on your symptoms, here’s the comprehensive solution addressing all three problem areas:
1. MQTT Topic Mapping Fix:
Your gateway needs explicit topic subscription configuration. In SAP IoT Cockpit, navigate to Gateway Management → Select your gateway → Protocol Configuration → MQTT Settings. Add subscription:
factory/sensors/+/telemetry
Ensure the topic filter uses MQTT standard wildcards. The gateway won’t auto-subscribe to patterns - you must configure them explicitly.
2. Rules Engine Schema Validation:
Verify your rule’s data source matches the thing property path exactly. Edit your rule and check:
- Data Source:
${thingId}.properties.temp (not just temp)
- Condition operator matches data type (numeric comparison for temperature)
- Rule status is “Active” not “Draft”
Test the rule manually using the “Simulate Event” feature in Rules Engine with your exact JSON payload structure.
3. Device Event Permissions:
This is likely your main blocker. The gateway service user needs proper authorization:
In SAP BTP Cockpit:
- Go to Security → Role Collections
- Find your gateway service user’s role collection
- Ensure these role templates are assigned:
IoT_Gateway_User (for basic gateway operations)IoT_Thing_Model_User (for accessing thing definitions)IoT_Device_Management_User (for device registry access)
In IoT Service Cockpit:
- Navigate to Device Management → Devices → Select device
- Under “Authorizations” tab, verify the gateway is listed as authorized consumer
- If missing, click “Add Authorization” and select your gateway instance
Additional Verification Steps:
- Check gateway logs for authentication errors: `cf logs --recent
- Test MQTT connectivity directly using mosquitto_pub with same credentials
- Enable debug logging for rules engine: Set
com.sap.iot.rules to DEBUG level
- Verify thing instance exists for deviceId in your payload
After applying these changes, restart your gateway application. Events should flow within 2-3 minutes. Monitor the rules engine execution log - you should see trigger attempts even if conditions don’t match. If you still see empty logs after gateway restart, the issue is definitely in the authorization layer. Check the gateway service binding credentials match what’s configured in your MQTT client.
The combination of missing gateway topic subscription and insufficient OAuth scopes typically causes this “silent failure” pattern where MQTT broker accepts messages but nothing reaches the rules engine.
Priya that was helpful context. I’ve been reviewing all three areas - MQTT topics, rules schema, and permissions. Still troubleshooting but getting closer to the root cause.
Klaus, you’re onto something! I found the gateway shows “Connected” status but when I checked the detailed logs, there are authentication warnings. The gateway service account might have lost permissions. I’ll investigate the device event permissions and report back.
We had this exact issue after upgrading to 2.5. The problem was certificate-based authentication for MQTT devices. The gateway requires specific OAuth scopes for ingesting device events. Check your gateway service user has iot.gateway.ingest and iot.device.events.write scopes assigned. Also verify your MQTT client authentication method matches what’s configured in the device connectivity settings - username/password vs certificate authentication can cause silent failures.
Thanks Sarah. I checked the thing model and property names match exactly. The device shows as “Active” in the registry and is associated with thing type IndustrialSensor. What’s strange is the MQTT messages arrive at the broker but the rules engine event log remains completely empty - not even failed trigger attempts are logged.
Check your thing model mapping first. The rules engine requires exact property names from your thing type definition. If your MQTT payload uses temp but your thing model expects temperature, events won’t match. Also verify the device is properly onboarded and associated with the correct thing type in the device registry.
This sounds like a topic subscription mismatch in your gateway configuration. SAP IoT gateways need explicit topic subscriptions configured in the device protocol settings. The wildcard + in your topic might not be properly subscribed. Navigate to your gateway configuration and verify the MQTT topic subscriptions include your exact pattern. Also check if your gateway instance is running and connected - a disconnected gateway would show successful broker delivery but no rules engine activity.