Sequence pattern

A sequence rule is defined by the sequence pattern. It detects whether a certain sequence of events arrives within a time interval. The sequence can be ordered or random. A sequence rule is a stateful rule.

Overview

The sequence pattern checks for a sequence of events over a period of time, and it detects whether the sequence is complete or incomplete. An incomplete sequence is one that includes one or more of the events in the specified sequence but not all of them.

The time period is indicated by a mandatory time window, as defined by the <timeWindow> element in the rule language. Each event in the sequence is defined by a separate <eventSelector> element within the rule. The sequence of events can be detected in either of the following orders:
  • In the order in which the <eventSelector> elements are coded for the rule. In this case, when the rule detects the event that is defined by the first <eventSelector> element, the detection of the sequence is started. The rule now awaits the event that is defined by the second <eventSelector> element.
  • In random order. In this case, when the rule detects any one of the events that are defined by the <eventSelector> elements, the detection of the sequence is started. The rule now awaits another one of the events that are defined by the <eventSelector> elements.
The sequence pattern is different from other rule patterns in the following primary ways:
  • It has multiple <eventSelector> elements for defining which events are accepted by the rule. It requires a minimum of two <eventSelector> elements.
  • When an event meets the criteria that is defined by one of the <eventSelector> elements, that <eventSelector> element is excluded from further event processing within that rule instance.
  • The alias attribute on the <eventSelector> element is valid only within a sequence rule, and it uniquely names an event that is selected by a certain event selector in the sequence rule. In an expression within a filtering predicate or action, you can use the act_eventList variable to access an event in a sequence rule by its alias name.

Conditions under which the rule response runs

With the sequence pattern, the rule response runs at the following times:
  • When the full sequence of events is detected within the time window, as defined by the <onDetection> element.
  • When one or more events arrive but the complete sequence does not arrive within the time window, as defined by the <onTimeOut> element.

    The sequence pattern can be useful for detecting that a given sequence is incomplete. For example, if a "system down" event occurs without a subsequent "system up" event, the rule writer can code an <onTimeOut> action to handle this type of missing event.

Example usage of this rule pattern

Scenario that illustrates detection of complete sequence:
Assume that in an IT environment, an administrator wants to know whether the value of the DB2® heap size is affecting the WebSphere® Application Server, and if so, to correct this problem. Therefore, if the following events occur in the following order during a specified time period, the administrator wants to increase the value of the DB2 heap size and restart the database manager:
  1. A WebSphere Application Server resource allocation exception. Assume this is an event of type WASResourceAllocationException.
  2. The DB2 error message that states: "Not enough heap to process statement". Assume this is an event of type DB2NotEnoughHeap.
For this scenario, two <eventSelector> elements are defined in a sequence rule, and the events must arrive in the order in which the <eventSelector> elements are coded (rather than in random order). The first <eventSelector> element is checking for the event WASResourceAllocationException, and the second <eventSelector> element is checking for the event DB2NotEnoughHeap. Assume that the following events are presented to the system within the specified time window:
  1. WASResourceAllocationException
  2. DB2BackupStarted
  3. WASResourceAllocationException
  4. WASResourceAllocationException
  5. DB2NotEnoughHeap
The rule behavior is as follows:
  1. The first event, WASResourceAllocationException, is accepted. Because the criteria for the first <eventSelector> element has been met, the first <eventSelector> element is now excluded from further event processing within this rule.
  2. The second event, DB2BackupStarted, is ignored.
  3. The third event, WASResourceAllocationException, is ignored.
  4. The fourth event, WASResourceAllocationException, is ignored.
  5. The fifth event, DB2NotEnoughHeap, is accepted, and it completes the sequence. The <onDetection> rule response action runs. This action is defined to increase the value of the DB2 heap size and restart the database manager. The rule returns to its initial state.

    The first <eventSelector> element is now included in future event processing by this rule.

Scenario that illustrates detection of incomplete sequence:
Assume that a business organization wants to have all customer orders ready for delivery within 1 hour of the order request and wants to know when this does not occur.
For this scenario, two <eventSelector> elements are defined in a sequence rule, and the events must arrive in the order in which the <eventSelector> elements are coded (rather than in random order). The first <eventSelector> element is checking for the event Netsales with operationType=Order, and the second <eventSelector> element is checking for the event Netsales with operationType=Delivery. Assume that the following events are presented to the system within the specified time window of 1 hour:
  1. A Netsales event with operationType=Order
  2. A Netsales event with operationType=Order
The rule behavior is as follows:
  1. The first event is accepted. Because the criteria for the first <eventSelector> element has been met, the first <eventSelector> element is now excluded from further event processing within this rule.
  2. The second event is ignored.
  3. Because a Netsales event with operationType=Delivery is not received within the specified time window, the <onTimeOut> rule response action runs. This action is defined to notify a business executive that a customer order is not ready for delivery within 1 hour of the order request. The rule returns to its initial state.

    The first <eventSelector> element is now included in future event processing by this rule.

Related concepts
Accessing event-related information
Related reference
Sequence rule summary