Planning for event correlation

Planning for event correlation includes understanding, or learning about, what event correlation is and how it can be applied in your application.

Ensure that you understand the following concepts:
Each application can process a different set of events, as described in the following examples:
Insurance business example
In an insurance business, events that track the flow of work through the claims process can be generated and correlated to determine whether the business processes are completing in a timely manner.
Sales example
In a different type of business, sales results can be periodically summarized, reported, and compared to a goal to indicate the status of achieving the sales goals for a certain time period.
IT environment example
In an IT environment, a mission-critical system can generate an event every minute to indicate that a database server is running normally. Correlation rules can be written to monitor the receipt of these heartbeat events and to take certain rule response actions if an expected heartbeat event is not received.

You should also understand the format of the events that your application processes. The Active Correlation Technology provides Java™ classes and methods to access data within the events that are being processed by the Active Correlation Technology engine. However, a basic understanding of the underlying event objects is important if you want to use these classes and methods to access or change the events as they are being processed.

To plan for event correlation, take the following steps:
  1. Determine the events from your application that you want to correlate.
  2. Determine the rule patterns for correlating the events.

    A rule pattern represents a specific event correlation situation and can be used to correlate events that contribute in some way to that situation. Think about how the events that your application processes relate to the rule patterns that are defined by the Active Correlation Technology rule language. This can help you determine the rule patterns that you need to use.

    Always use the most appropriate pattern for your event correlation situation. For example, if you want a rule to detect a certain sequence of events, do not write code to include the sequence pattern behavior in the rule response actions for a filter rule. Rather, use the sequence pattern to create a sequence rule.

  3. Identify the constructs of each rule pattern that you want to use.
    The following information summarizes the primary constructs in the rule language, although the details of each of these are unique to the rule pattern. This information is organized in approximately the same way that it is presented through the rule builder GUI:
    Characteristics
    The definition of the rule characteristics, including the rule name, description, and pattern. For details, see the following topics:
    Variables
    The definition of rule variables, including the name, type, description, and initialization expression for each variable. For details, see variable element.
    Event selection
    The definition of the criteria that determines which events are accepted for processing by the rule. For details, see eventSelector element.
    Grouping key
    The definition of the grouping key, which is the way to direct the rule to create a separate rule instance (or copy of itself) for each group of events that share common characteristics. For details, see groupingKey element.
    Pattern specifics
    The specification of the time period during which the stateful rule is processing to match its pattern and the definition of unique aspects of certain stateful rule patterns. For details, see timeWindow element.

    For the computation rule, this includes the definition of the computation to apply to the collected events. For details, see computeFunction element.

    For the threshold rule, this includes the definition of the threshold type and other information that is specific to the threshold type. For details, see the following topics:

    Rule responses
    The definition of the actions to take when the rule completes its processing.
    For details, see the following topics:
    Activation interval
    The definition of when a rule is active and inactive. For details, see activationInterval element.
    Life cycle
    The definition of the actions, if any, to take at the following four primary stages in the life cycle of a rule: load, activation, deactivation, and unload. Typically, these actions do not need to be defined. For details, see lifeCycleActions element.
  4. Identify Java methods and associated snippets that are to be called within rule expressions. Rather than writing extensive Java code within rule expressions, rule writers should use Java methods to call external modules. These external modules can be provided by the application that embeds the Active Correlation Technology or can be created by the rule writer as necessary. The snippets that are associated with each of the Java methods should also be identified. For more information, see Best practices for coding expressions.
Proceed to Designing the rules to correlate events.