Planning for event correlation includes understanding, or learning
about, what event correlation is and how it can be applied in your application.
Ensure that you understand the following concepts:
Each application can process a different set of events, as described
in the following examples:
- Insurance business example
- In an insurance business, events that track the flow of work through the
claims process can be generated and correlated to determine whether the business
processes are completing in a timely manner.
- Sales example
- In a different type of business, sales results can be periodically summarized,
reported, and compared to a goal to indicate the status of achieving the sales
goals for a certain time period.
- IT environment example
- In an IT environment, a mission-critical system can generate an event
every minute to indicate that a database server is running normally. Correlation
rules can be written to monitor the receipt of these heartbeat events and
to take certain rule response actions if an expected heartbeat event is not
received.
You should also understand the format of the events
that your application processes. The Active Correlation Technology provides Java™ classes
and methods to access data within the events that are being processed by the
Active Correlation Technology engine. However, a basic understanding of the
underlying event objects is important if you want to use these classes and
methods to access or change the events as they are being processed.
To plan for event correlation, take the following steps:
- Determine the events from your application that you want to correlate.
- Determine the rule patterns for correlating the events.
A
rule pattern represents a specific event correlation situation and can be
used to correlate events that contribute in some way to that situation. Think
about how the events that your application processes relate to the rule patterns
that are defined by the Active Correlation Technology rule language. This
can help you determine the rule patterns that you need to use.
Always
use the most appropriate pattern for your event correlation situation. For
example, if you want a rule to detect a certain sequence of events, do not
write code to include the sequence pattern behavior in the rule response actions
for a filter rule. Rather, use the sequence pattern to create a sequence rule.
- Identify the constructs of each rule pattern that you want to use.
The following information summarizes the primary constructs in the
rule language, although the details of each of these are unique to the rule
pattern. This information is organized in approximately the same way that
it is presented through the rule builder GUI:
- Characteristics
- The definition of the rule characteristics, including the rule name, description,
and pattern. For details, see the following topics:
- Variables
- The definition of rule variables, including the name, type, description,
and initialization expression for each variable. For details, see variable element.
- Event selection
- The definition of the criteria that determines which events are accepted
for processing by the rule. For details, see eventSelector element.
- Grouping key
- The definition of the grouping key, which is the way to direct the rule
to create a separate rule instance (or copy of itself) for each group of events
that share common characteristics. For details, see groupingKey element.
- Pattern specifics
- The specification of the time period during which the stateful rule is
processing to match its pattern and the definition of unique aspects of certain
stateful rule patterns. For details, see timeWindow element.
For
the computation rule, this includes the definition of the computation to apply
to the collected events. For details, see computeFunction element.
For
the threshold rule, this includes the definition of the threshold type and
other information that is specific to the threshold type. For details, see
the following topics:
- Rule responses
- The definition of the actions to take when the rule completes its processing.
For
details, see the following topics:
- Activation interval
- The definition of when a rule is active and inactive. For details, see activationInterval element.
- Life cycle
- The definition of the actions, if any, to take at the following four primary
stages in the life cycle of a rule: load, activation, deactivation, and unload.
Typically, these actions do not need to be defined. For details, see lifeCycleActions element.
- Identify Java methods and associated snippets that
are to be called within rule expressions. Rather than writing extensive Java code
within rule expressions, rule writers should use Java methods to call external modules. These
external modules can be provided by the application that embeds the Active
Correlation Technology or can be created by the rule writer as necessary.
The snippets that are associated with each of the Java methods should also be identified.
For more information, see Best practices for coding expressions.