Hi Eiran, You can always ask 'User Mailing List' type questions at StackOverflow.
For your query, yes , the scenario you described can be implemented with WSO2 CEP (Siddhi). You can look at our documentation in [1]. >From what I understood of your query, I think what you are describing would be a typical usecase for WSO2 CEP. - Creating a new event based on a set of multiple events maybe done with counting patterns [2]. - For do it for a period of T1, you can use time windows [3] in Siddhi. - The 'At least X events' scenario is also supported in Siddhi sequences and patterns. - Aggregate functions/ Unique events are also supported in Siddhi. - Keeping the new event open for T2 time is also possible by sending the new event to a new stream and applying a window of time T2 for that. - Getting an update of that T2 window on T3 time intervals might not be possible in CEP 2.1.0. However, this exact feature is implemented with CEP 3.0.0 which is the next release. The alpha pack for CEP 3.0.0 will be available within the next two weeks. (The functionality is already their in the codebase with Output Rate Limiting feature). Basically, I think all your requirements can be done from WSO2 CEP out of the box. Additionally, Siddhi allows you to write custom extensions for aggregators, windows, transformers, conditions, expressions [4] which allows more flexibility in implementing a specific usecase. If the "collect" aggregate function requires some custom behaviour, you can write an output processor extension to implement this functionality. HTH, Lasantha [1] http://docs.wso2.org/wiki/display/CEP210/Complex+Event+Processor+Documentation [2] http://docs.wso2.org/wiki/display/CEP210/Patterns [3] http://docs.wso2.org/wiki/display/CEP210/Windows [4] http://docs.wso2.org/wiki/display/CEP210/Writing+Extentions+to+Siddhi On 11 August 2013 13:56, Elran Dvir <[email protected]> wrote: > Hi all,**** > > ** ** > > I sent this question to the users’ mailing list, but I think there was a > problem with the subscription, so I am trying it also here.**** > > I am checking different types of CEP engines to embed inside our java > application. **** > > I am new to WSO2 CEP and I’m trying to understand whether the following > use case is supported – any help on the following will be greatly > appreciated:**** > > ** ** > > I would like to create a new event based on *multiple* events (all of the > same type meeting a set of conditions) occurring *over a given period of > time T1*.**** > > For each combination of values for fieldA and fieldB, a new group of event > candidates should be opened (fieldA and fieldB are *group by* fields. > Each combination of values of these fields, should be treated separately). > **** > > The event should be created when *at least X events* occurred over the > period. Count the events based on *unique* values of fieldC and fieldD > (for a given combination of fieldA and fieldB, if you notice an event with > already existing values of the combination of fieldC and fieldD, it should > not be counted).**** > > If all conditions described above are met, create the desired new event. *The > new event will stay open for duration of T2, and update will be sent for it > every T3.* > > * * > > Aside from the above, I need an *aggregation function (besides count) of > “collect”* : in the new event the value of fieldE will be the collection > of (preferably distinct) values of fieldE in originating events*. * > > * * > > Example:**** > > Port scan event – the basic event is connection. For each combination of > source_ip and destination_ip (group by fields), detect a port scan event if > over a minute (T1) there more than 20 (X) events with different ports > (unique field).**** > > The event will stay open for 10 minutes (T2) and an update will be sent > every 1 minute (T3). Every update will contain the count of events, > source_ip, destination_ip and collection of services.**** > > * * > > Thanks a lot.**** > > ** ** > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Lasantha Fernando* Software Engineer - Data Technologies Team WSO2 Inc. http://wso2.com email: [email protected] mobile: (+94) 71 5247551
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
