When your IoT system detects a motor about to fail, you need to act in seconds—not hours. When you’re generating a monthly energy consumption report for billing, waiting an hour for a batch job is perfectly fine. The choice between stream processing and batch processing isn’t academic: it determines your system’s ability to respond in real time, shapes your infrastructure cost, and defines the operational complexity your team must manage. This article unpacks both approaches, explains the Lambda and Kappa architectures that combine them, and gives you a practical framework for choosing the right processing strategy for your IoT use cases.
What Is Stream Processing?
Stream processing handles data in motion—each event is processed as soon as it arrives, or within a short window (microseconds to seconds). In IoT, this means that when a temperature sensor publishes a reading to your MQTT broker, a stream processor immediately applies rules, enrichment, and transformations to that reading before routing it to storage or triggering an action.
The core operations in stream processing are:
- Filtering: Drop readings that are within normal bounds; forward only anomalies
- Windowed aggregation: Compute a 5-minute average temperature across all sensors in Zone A
- Join: Enrich a device reading with the device’s metadata (location, owner, firmware version) from a lookup table
- Stateful computation: Track whether a device’s reading has been above threshold for more than 30 consecutive seconds
- Complex Event Processing (CEP): Detect patterns across multiple event streams (e.g., vibration spike followed by temperature rise within 10 seconds = alert)
Stream processing enables real-time alerting, control loop feedback, and live dashboards. Its cost is complexity: stateful stream processors must handle failure recovery, late-arriving events, and state management carefully.
What Is Batch Processing?
Batch processing handles data at rest—a bounded dataset is loaded, processed, and written in a finite job. Traditional ETL pipelines and MapReduce are batch systems. In IoT, batch processing is appropriate for:
- Historical analytics: “What was the average power consumption for each building last month?”
- ML model training: Training a predictive maintenance model on 6 months of sensor history
- Billing and reporting: Generating invoices based on total usage
- Data migration and backfill: Re-processing historical data after fixing a bug in enrichment logic
- Anomaly detection at scale: Running a more sophisticated (but slower) ML model across a day’s worth of data
Batch is simpler to implement—you’re processing a fixed dataset, failure recovery is straightforward (re-run the job), and SQL-based tools like Apache Spark, BigQuery, or DuckDB make it accessible to data analysts, not just engineers.
The key limitation: latency. Batch jobs run on a schedule (hourly, daily), so the freshest actionable insight you can get is the start of the last batch window. For monitoring and control use cases, that’s too slow.
Apache Kafka: The Foundation for Both
Apache Kafka deserves special attention because it functions as the backbone for both stream and batch processing in modern IoT architectures. Kafka is a distributed log—producers write records to topics, and consumers read from those topics at their own pace, with each consumer tracking its own offset.
This architecture has profound implications:
- Multiple consumers can read the same topic independently: a real-time alerting consumer, a stream processor building aggregates, and a batch writer pushing to cold storage all read from the same Kafka topic without interference
- Durability and replay: Kafka retains messages for a configurable retention period. If your stream processor crashes and recovers, it resumes from its last committed offset—no data lost
- Decoupling: Your IoT ingestion layer (MQTT broker → Kafka) is decoupled from your processing layer. You can swap out processors without touching device firmware or the ingestion path
For IoT specifically, the devices.{region}.telemetry topic pattern (partitioned by device ID hash for ordered per-device processing) is a widely adopted convention. Kafka Connect bridges Kafka to external systems—MQTT Kafka Connector for ingesting from MQTT brokers, JDBC sink connectors for writing to relational databases, S3 sink connector for cold storage archival.
Lambda Architecture: Combining Stream and Batch
The Lambda architecture (coined by Nathan Marz, not the AWS service) is the most widely deployed pattern for IoT data systems that need both real-time and historical capabilities. It has three layers:
-
Speed layer (stream processing): Processes incoming data in real time, maintains a real-time view with low latency but potentially approximate results. Built on Kafka Streams, Apache Flink, or Spark Streaming.
-
Batch layer (batch processing): Reprocesses the complete historical dataset periodically to produce accurate, complete results. Built on Apache Spark or BigQuery.
-
Serving layer: Merges the real-time view from the speed layer with the batch view from the batch layer to answer queries. Built on Apache Druid, Cassandra, or a read-optimized data store.
The Lambda architecture’s strength is resilience: if your stream processor produces wrong results (a bug, a late-arriving event), the batch layer will eventually correct them. Its weakness is code duplication: you maintain two separate processing pipelines (speed + batch) for the same business logic.
In practice, many IoT teams implement a simplified Lambda architecture:
- Stream processor (Kafka Streams or AWS Lambda) for alerting and real-time dashboards
- Nightly Spark job or BigQuery scheduled query for aggregations used in reports
- InfluxDB continuous queries as a lightweight “batch layer” for downsampled time-series
Kappa Architecture: Stream-Only Simplification
The Kappa architecture (proposed by Jay Kreps) eliminates the batch layer entirely. It argues that if you can replay your stream (which Kafka enables), you don’t need a separate batch system—just re-stream historical data through your stream processor when you need to recompute.
For IoT, Kappa is attractive when:
- Your processing logic is genuinely real-time (not just latency-tolerant batch)
- Your Kafka retention covers the historical window you need
- You want to maintain only one processing codebase
The trade-off: if your stream processor needs to join against 12 months of history, replaying 12 months through a stream processor may take days and consume significant resources. Batch systems like Spark are more efficient for large historical datasets.
Many modern IoT architectures lean Kappa-adjacent: Apache Flink can handle both streaming and batch modes with the same API, making the boundary between paradigms less rigid.
Choosing the Right Approach: A Decision Framework
| Requirement | Recommended Approach |
|---|---|
| Alerting within seconds | Stream (Kafka Streams, Flink) |
| Live dashboards (<30s latency) | Stream |
| Hourly/daily reports | Batch (Spark, BigQuery) |
| ML model training | Batch |
| Backfill after bug fix | Batch reprocess via Kafka replay |
| Combined real-time + historical | Lambda architecture |
| Simple team, unified codebase | Kappa (Flink unified API) |
In practice, most mature IoT platforms use both: a stream processing layer for real-time alerting and live metrics, and a batch/scheduled query layer for reports, ML training, and billing. The key is to keep these layers loosely coupled through Kafka—don’t let your stream processor write directly to your analytical database in a way that makes batch reprocessing impossible.
Practical Technology Stack Recommendation
For a production IoT platform at medium scale (10,000–100,000 devices):
- Ingestion: MQTT broker (EMQX) → Kafka cluster (3 nodes minimum)
- Stream processing: Kafka Streams (simple transformations and alerting) or Apache Flink (complex CEP, windowed joins)
- Hot storage: InfluxDB 3.0 or TimescaleDB for time-series telemetry
- Cold storage: Apache Parquet on S3, queried by DuckDB or Athena
- Batch analytics: Apache Spark on EMR or BigQuery for scheduled analytical jobs
- Serving: Grafana for dashboards (reads from InfluxDB + querying cold Parquet via Athena)
This stack is cloud-agnostic, horizontally scalable, and avoids per-message cloud platform fees at scale.
For the storage layer details, see our Managing IoT Data at Scale article. For understanding the connectivity protocols that feed these pipelines, visit our IoT Connectivity Integration services page.
Conclusion
Stream processing is the right tool when your IoT application needs to act in real time—alerting, live dashboards, control loops. Batch processing is the right tool when you need historical analytics, ML training, or complex reporting. The Lambda architecture combines both with data integrity as the priority; the Kappa architecture simplifies with stream-only processing where Kafka replay covers historical needs. Apache Kafka is the connective tissue that makes both patterns work at scale. The most common mistake in IoT data architecture is choosing one approach dogmatically—real-world systems almost always need both, and designing for that flexibility from the start pays dividends as your platform matures.
IoT & AIoT Weekly
Get the best IoT development content delivered weekly. No noise, just signal.