Stark Informatics
Home · Solutions · Real-Time Intelligence

Real-Time Intelligence

The umbrella workload for streaming and event-driven analytics in Fabric. Five items work together: Eventstream ingests, Eventhouse stores, KQL databases analyze, Real-Time Dashboards visualize, and Activator acts.

GAWorkload · Real-Time· 9 min read

What it is

Real-Time Intelligence (RTI) is Fabric's end-to-end story for data in motion. Instead of waiting for nightly batches, RTI lets you ingest events as they happen, query them in seconds, and trigger actions when conditions are met. Underneath, it's the same engine that powers Azure Data Explorer, Azure Monitor, and Sentinel — now packaged for general-purpose use inside Fabric.

The five pieces

  • Eventstream — no-code stream processing. Pull from Event Hubs, Kafka, CDC sources; transform inline; route to multiple destinations.
  • Eventhouse — the workspace that holds one or more KQL databases. Manages shared compute and policies.
  • KQL Database — the actual append-optimized, time-series store. Materialized views, update policies, ML functions.
  • Real-Time Dashboards — sub-second dashboards over KQL data. Parameters, drill-down, auto-refresh.
  • Activator — detect-and-act. Trigger Teams, Power Automate, pipelines, or Operations Agents when conditions are met.

Reference patterns

  • IoT telemetry: sensors → Event Hubs → Eventstream → Eventhouse → Real-Time Dashboard + Activator alerts.
  • Application logs: app → Event Hubs → KQL DB → Real-Time Dashboard + ad hoc KQL queries.
  • Security analytics: SIEM feeds → Eventstream → KQL DB → Activator → SOC ticketing.
  • Operational reporting: same KQL data, surfaced via OneLake availability into a Power BI Direct Lake semantic model.

Accelerator path

  1. Provision the Eventhouse first. One Eventhouse per workload domain. Create a default KQL database for raw ingest.
  2. Wire the Eventstream. Pick your source (Event Hubs, Kafka, CDC, sample data). Map to a destination KQL table.
  3. Define update policies. If you need a refined table downstream of raw, write the transformation as a KQL function and bind via update policy.
  4. Build the Real-Time Dashboard. Time filter, top-N tile, anomaly callout, drill-through. 20 minutes if your KQL is right.
  5. Add Activator rules. One rule per condition; route to Teams for low-severity, Power Automate for action.
  6. Turn on OneLake availability. Now Power BI Direct Lake and downstream Lakehouses can read the same data.

Best practices

  • Pre-aggregate. Materialized views over raw tables are the difference between sub-second and "spinning."
  • Use autoscale on the Eventhouse. The default fixed compute is rarely the right answer.
  • Tag with origin metadata. Source system, environment, region — saves you in incident response.
  • Time-bound dashboard queries. Always filter to the last 24h / 7d by default; users can override.

Common pitfalls

!
Using RTI for slowly-changing reference data. Reference data belongs in a Warehouse or Lakehouse. RTI is for events.
!
Skipping retention policies. KQL data grows fast; default retention is forever. Set a policy aligned with business need.
Eventhouse Eventstream KQL Database Real-Time Dashboards Activator

Building a real-time platform?

Our Real-Time Anomaly Detection accelerator gets you live in days.

See the accelerator