Cosmos DB IoT Telemetry Threshold Alerting
Polling new telemetry documents in Cosmos DB, the flow evaluates readings against a configurable threshold, opens a Dataverse incident on breach, notifies the on-call team in Teams, and suppresses duplicate alerts within a window. Turns Cosmos-stored telemetry into actionable alerting.
Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.
Overview
This flow turns IoT telemetry stored in Azure Cosmos DB into actionable, de-duplicated alerts. On a 15-minute schedule it queries the telemetry container for readings above a configurable threshold within a lookback window, and for each breach it opens a Dataverse incident and notifies the on-call Microsoft Teams channel - while suppressing duplicate alerts for the same device inside a configurable window.
Why it matters: telemetry sitting in Cosmos notifies no one. Server-side threshold filtering plus a Dataverse-backed suppression check turns it into timely alerts without alert fatigue.
Ships Off (demo).
Use Case
A device fleet writes telemetry documents (deviceId, metric, value, unit) to a Cosmos DB SQL-API container. Operations needs to be alerted when a reading crosses a threshold, with an auditable incident record and without being spammed by repeat alerts while an incident is already open.
Flow Architecture
Poll Telemetry Every 15 Minutes
RecurrenceScheduled poll of the telemetry container.
Initialize Trace & Config
Initialize variableMints a correlation id; binds the Cosmos account/database/container and Teams ids; parses the threshold, lookback and suppression windows; computes the Unix-epoch cutoff for the _ts filter.
Compose & Run Telemetry Query
Cosmos - QueryDocuments_V5Builds and runs a server-side SQL query returning only documents above the threshold within the lookback window.
For Each Breaching Reading
Apply to eachFor each breach: computes the suppression cutoff, lists recent open incidents for the device, and only when none exist creates a Dataverse incident and posts an on-call Teams alert; otherwise records a suppressed duplicate.
Environment Variables
| Schema name | Type | Default | Description |
|---|---|---|---|
| flowlibs_CosmosAccountName | String | flowlibs-cosmos | Cosmos DB (SQL/Core API) account name. |
| flowlibs_CosmosDatabaseId | String | ReferenceDb | Cosmos database ID. |
| flowlibs_CosmosTelemetryContainerId | String | Telemetry | Telemetry container (docs: deviceId, metric, value, unit). |
| flowlibs_AlertThreshold | String | 75 | Numeric reading threshold; readings above open an alert. |
| flowlibs_TelemetryLookbackMinutes | String | 15 | How far back (min) the Cosmos _ts query scans. |
| flowlibs_SuppressionWindowMinutes | String | 60 | Minutes within which duplicate alerts per device are suppressed. |
| flowlibs_TeamsGroupId | String | <your-team-id> | Teams team (group) id for the on-call channel. |
| flowlibs_TeamsChannelId | String | <your-channel-id> | Teams channel id for the on-call channel. |
Connectors & Connections
| Connector | API name | Actions used |
|---|---|---|
| Azure Cosmos DB | shared_documentdb | QueryDocuments_V5 |
| Microsoft Dataverse | shared_commondataserviceforapps | ListRecords CreateRecord |
| Microsoft Teams | shared_teams | PostMessageToConversation |
Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.
Customization Guide
Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.
- Per-device thresholds
- Store a threshold field on each document and filter c.value > c.threshold, or look thresholds up from a Dataverse config table.
- Severity tiers
- Map magnitude (% over threshold) to Low/Medium/High instead of always High.
- Auto-resolve
- Add a companion flow that closes incidents when subsequent readings normalize.
- Escalation
- If an incident stays Open past an SLA, escalate via Approvals or a paging connector.
- Volume
- For very high telemetry rates prefer Azure Stream Analytics; use this flow for moderate rates or as the notification layer.
Key Expressions
The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.
EXPR.01Epoch cutoff (lookback)
Unix-epoch-seconds cutoff for the _ts filter.
EXPR.02Cosmos SQL query
Server-side threshold + time-window filter.
EXPR.03Not-suppressed condition
True when no recent open incident exists for the device.
EXPR.04Suppression cutoff (ISO)
Lower bound for the de-dup incident lookup.
Comments
Sign in to join the conversation.
Sign inNo comments yet. Be the first to share your experience with this flow.