10 tips on how to prevent business value risk
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.
The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Posted by Floyd Marinescu on Jul 28, 2006
Today, event based system are often confused with message based system such as JMS and alike backends or Enterprise Service Bus (ESB). Messaging system are event based but usually do not correlate events or process event streams at all. They simply process unitary events - and it becomes quickly complex if you need to correlate messages... [Esper] is not to be confused with classical rules engines...The internals of Esper are made up of fairly complex algorithms primarily relying on state machines and delta networks in which only changes to data are communicated across object boundaries when required.On the best uses and mis-uses for Esper, Alexandre replied:
Esper is best suited for realtime event driven applications. Typical application areas are business process management and automation, finance, network and application monitoring and sensor network applications. Esper take much of the complexity out of developing applications that detect patterns among events, filter events, aggregate time or length windows of events, join event streams, trigger based on absence of events etc.According to Alexandre, Esper is the only open source Event Stream Processing solution; but the initial version lacks high availability features in commercial ESP engines such as StreamBase or Coral8. Esper can run standalone, the 1.0 release assumes events to be POJOs. The Esper team is currently working on providing native XML format support.
Esper is not designed for storing and retrieval of fairly static data - that is better left to conventional databases. In-memory databases may be better suited to CEP applications than traditional relational databases as they generally have good query performance. Yet they are not optimized to provide immediate, real-time query results required for CEP and event stream analysis.
Monitor your Production Java App - includes JMX! Low Overhead - Free download
18 agile and lean practices for effective software development governance
Using Drools? See what you're missing! Get the Power of Drools with the Assurance of Red Hat
Improve Java Garbage Collection, Runtime Execution, and JVM visibility with Zing
This sounds pretty interesting and I can see an event processing query language amd framework like this being useful in a variety of use cases beyond financial or high volume. Imagine using it to consume thousands of RSS feeds and scan for patterns and do useful things with that info, or perhaps scanning incoming web requests in memory and detecting denial of service attacks or simply upsurges in requests/minute and being able to respond to that in smart ways.
Very cool!
Yummy!
And real-time risk management.
Regards,
Horia
I will have to download Esper and take a look, but ILOG Rules (C++) and JRules have been used for realtime event processing (both in telco and finance) for a number of years. For example you can write IRL code such as that included below (for event correlation and filtering). The RetePlus algorithm in JRules is an optimized pattern-matching mechanism that supports temporal reasoning. It is also possible to use the JRules tools to built domain-specific languages for business users that generate the code included below. JRules can reason on unmodified POJOs as well as XML data.
This rule detects that two alarms with the same Communications probable cause have occurred
on two pieces of equipment which are connected together, and synthesizes a new alarm on the
connecting link. In this rule the handling of partial order is illustrated. The
id > alarm1.id test is here to break the symmetry between e1 and e2, and thus avoid the
rule being fired twice.
when {
alarm1 : event Alarm(e1 : equipment;
perceivedSeverity != Cleared;
probableCause == Communications);
alarm2 : event Alarm(e2 : equipment;
perceivedSeverity != Cleared;
probableCause == Communications;
e2 != e1;
id > alarm1.id;
this before[-10, 10] alarm1);
link : EquipmentLink(isConnectedTo(e1);
isConnectedTo(e2));
}
then
{
insert event Alarm(link, link.newCorrelatedAlarmId(), Equipment, Major);
}
Or this rule, which does event filtering:
This rule suppresses an alarm and its clearing alarm if the clearing alarm occurs within
two seconds after the initial alarm.
when {
alarm1 : event Alarm(perceivedSeverity != Alarm.Cleared);
alarm2 : event Alarm(equipment == alarm1.equipment;
id == alarm1.id;
perceivedSeverity == Alarm.Cleared;
this after[0, 2] alarm1);
}
then
{
retract alarm1;
retract alarm2;
}
Thanks for the link to Esper!
Sincerely,
Daniel Selman
(ILOG)
Hi Daniel
Thanks for your comment. I believe ILOG JRules and more generally Drools or Jess or any Rete based production rule engine can indeed be used to address part of what CEP coins. Especially triggering by correlating events, possibly including a temporal relationship between events as your sample shows.
I think ISphere folks have written about "delta dataflow" algorithms beeing a generalization of Rete ones.
That said I believe the ESP side - Event Stream Processing - is a different beast, where what matters is the "S" for Stream. In this side of the Esper engine we provide several language facilities to build expressions using time not for temporal relationship (happened before etc) but for sliding window.
As an example, this makes it very valuable for computing things like volume weigthed average (VWAP) of ticks - which would be (I believe, correct me if I am wrong) awfull using something Rete based like JRules. In Esper I'd wrote it as follow:
select * from StockTickEvent(symbol='BEA').win:time(3000).stat:weighted_avg('price', 'volume')
I believe beeing able to combine both CEP and ESP is a key value add of Esper. You can read more about how the two play together in our tutorials.
Alex
I've been thinking on CEP and ESP, both are definitely possible in Rete - they will be a strong part of the work I'll do early next year. I have splashed some initial thoughts on ESP on the Drools wiki.
wiki.jboss.org/wiki/Wiki.jsp?page=EventStreamAn...
As Drools allows for querries we can easily provde ECA type syntax. Maybe we should be looking to join the projects together and build ESP/ECA on the drools platform?
Not to sound stupid, but I am literally drooling at the prospect of drools integration and Esper in general. This is the sort of stuff that is being pushed quite heavily right now, and having a first class OS alternative would be more than fantastic.
Can any one help me with a sample "Suppress rule" in iLog JRules.
Please
Regards
Gaurav
gauravshrinivas at yahoo dot com
Daniel
Please help with a code to suppress Alarms in iLog JRules.
my mail id is given.
Friends,
Thanks as I was able to finish it well.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.
InfoQ spoke to the authors of Software Systems Architecture on a couple of new topics, the System Context viewpoint and Agile, which have been added to the second edition.
Alex Papadimoulis discusses ugly code, where it comes from, how to avoid it, and how to get rid of it.
John Davies examines Visa’s architecture and shows how enterprises have architected complex integrations incorporating Hadoop, memcached, Ruby on Rails, and others to deliver innovative solutions.
Sean Comerford unveils ESPN.com’s architecture, what components are used and why, and the current changes the website goes through.
Are there repeated patterns of failure on Enterprise Agile Enablement efforts? Sanjiv and Arlen discuss Seven Deadly Sins to avoid when adopting Agile in an enterprise.
Erik Dörnenburg answers: What is Enterprise and Evolutionary Architecture?, discussing 4 issues: Turning strategy into execution, Ensuring conformance, Where do the architects sit? Buying or building?
Sean Cribbs explains what Map-Reduce and Riak are, why and how to use Map-Reduce with Riak, and how to convert SQL queries into their Map-Reduce equivalents.
9 comments
Watch Thread Reply