Companies today hope to gain a competitive edge based on their ability to respond quickly to threats and opportunities. That edge can come from highly responsive, near-real-time systems based on complex event processing (CEP) techniques used for financial applications on Wall Street. Now these CEP techniques are being used more widely in enterprise applications on Main Street.
--Fraud analysts are alerted when the same credit-card number is used in several cities almost simultaneously.
--Power-line fault histories and locations can be quickly compared against real-time weather feeds to alert utility maintenance teams about likely trouble.
--A healthcare provider can rapidly check a type of test regimen against a patient's insurance coverage.
PATH TO INNOVATION
CEP seems to be a way to greater corporate innovation. For many companies, the move to event processing means a shift in perspective on software architecture.
Complex events have unique characteristics, and people involved in the field still argue about the definition of various terms that describe CEP. "Event-driven architecture"
is sometimes used to express the way in which CEP problems are handled.
While the inner workings of various CEP engines differ in composition, their structure may not particularly concern application development managers, who will instead tend to focus more on how a CEP engine is programmed. "If you talk to users of CEP, they may well be interested primarily in what they can do with the user interface to the engine," says David Luckham
, emeritus professor of electrical engineering at Stanford University and author of Event Processing for Business: Organizing the Real-Time Enterprise
(John Wiley & Sons, 2011).
To ease programming, CEP vendors support SQL-like, visual and related programming techniques. These fit well with existing programming skill sets. Sometimes CEP products are distinguished based on whether they support query-based CEP or rule-based CEP. But tooling is where the development team meets CEP head on.
ISLANDS IN THE EVENT STREAMS
The varied composition of the "databases" underlying different CEP engines is in part due to their varied lineages. Some hail from the world of rules engines, some from business activity monitoring
(BAM) and some from other backgrounds.
Event-driven systems may show kinship to relational databases or middleware messaging systems, or to hybrids that merge both schools. Sometimes, but not always, underlying databases are described as "streaming databases" or "event streams.” Vendors with CEP-related products include Espertech, IBM, Informatica, Microsoft, Oracle, Progress Software, RedHat, StreamBase, Sybase, Tibco and Vitria, among others.
In most CEP engines, data records are processed before they are stored. That makes it different than, say, data warehousing. CEP differs from the conventional RDBM in that a small amount of data may be matched against a large number of queries, rather than a small number of queries being run against a large amount of data.
Events—simple or complex—can be analyzed as they "stream" through operating systems. There’s a special emphasis on handling time-series data and establishing time windows that show event data. Within these windows, new data are compared with known event patterns.
Complex events are collections of several simple observable events that are of interest. To cite a common example, you might want to see whether the same credit card was used simultaneously in two locations, a situation that could indicate fraud.