In many organizations, despite knowing what everyone is doing, finding out what’s actually going on can be next or nigh impossible. Operators are delivered notifications about everything that happens, good and bad, and they end up in a fog of detail.
Complex Event Processing (CEP) allows us to tackle this “wood for the trees” problem in two ways. First, it allows the unimportant details to be discarded, leaving only those that are relevant. Second, it allows those details to be tied together into a business oriented view.
It is often the case that under normal operation, things don’t always go to plan. A user’s session may take longer than normal to start or a credit card validation times-out. These once-off errors are not that interesting, particularly, as by the time they register with the support staff, the cause of the error has passed and everything is back to normal. What’s far more interesting is knowing when five users in a 10 minute window are experiencing problems or the credit card validation fails 3 times in a row. CEP’s Event pattern matching solves this problem very nicely. It allows detection of patterns like “X is followed by Y or Z in a 10 minute window”. When the pattern is detected an alert notification can appear on an operators dashboard or be sent by text message to the support staff. Only the events that indicate something of interest is happening get presented to the operators.
Another problem is that the monitoring that does take place does not give any real insight into how the business is performing. Low-level service monitoring can tell us that the web application is up and running or that the credit-card payment gateway is functioning ok but does not tell us how these services are supporting (or not) the business side and, ultimately, the customer. CEP solves this problem by allowing the low-level happenings (a user a logged in, a credit card payment was processed) to be aggregated into a more high-level event (user bought something over the web). This is known as “Event Abstraction” where a set of basic events are represented by a more high-level one. Thus, the actual business value emerges from the deluge of detail but the detail is retained should it be needed.
So CEP allows the bigger picture to emerge from overwhelming amount of detail. That’s the well informed ones! The not-so-well informed ones may be oblivious to what’s happening until they get phone calls from irate customers.
Conrad O’Dea
Chief Architect
