[
https://issues.apache.org/jira/browse/FLINK-8548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16349946#comment-16349946
]
ASF GitHub Bot commented on FLINK-8548:
---
GitHub user StephanEwen opened a pull request:
https://github.com/apache/flink/pull/5401
[FLINK-8548] [examples] Add state machine example
Example: Running a state machine for pattern detection
==
This example illustrates a minimal roll-your-own event pattern detection
scenario,
using a simple state machine that is evaluated over the stream.
While this example is much simpler and more manual than what the CEP
library supports,
it illustrates the use of event processing and state management for a medium
complex scenario.
**Scenario Description**
Events in streams are expected to occur in certain patterns. Any deviation
from
these patterns indicates an anomaly that the streaming system should
recognize and that
should trigger an alert.
You can, for example, think of events as being generated by network devices
and services,
such as firewalls login-, and registration with an authentication service,
etc. A deviation
from expected the expected pattern might indicate an intrusion detection.
The event patterns are tracked per interacting party (here simplified per
source IP address)
and are validated by a state machine. The state machine's states define
what possible
events may occur next, and what new states these events will result in.
The following diagram depicts the state machine used in this example.
```
+> W > Y -+
|^ |
INITIAL-+| |
|| +--> (Z) > TERM
+> X --+ |
||
+-+
```
**Example Program**
The main class of this example program is
`org.apache.flink.streaming.examples.statemachine.StateMachineExample`.
The core logic is in the `flatMap` function, which runs the state machines
per IP address.
The streaming data flow is as shown below, where the source stream may come
from either
an embedded data generator, or from a from a Kafka topic:
```
[ stream partition 1] --> source --> partition -+---> flatMap(state
machine) --> sink
\/
/\
[ stream partition 2] --> source --> partition -+---> flatMap(state
machine) --> sink
```
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/StephanEwen/incubator-flink
state_machine_example
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/5401.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #5401
commit db5cc94e493584765797e57075c2b1e402017058
Author: Stephan Ewen
Date: 2018-02-01T18:51:59Z
[FLINK-8548] [examples] Add state machine example
This adds an example of using a state machine for pattern validation.
The example illustrates the use of state and the kafka connector.
> Add Streaming State Machine Example
> ---
>
> Key: FLINK-8548
> URL: https://issues.apache.org/jira/browse/FLINK-8548
> Project: Flink
> Issue Type: Sub-task
> Components: Examples
>Reporter: Stephan Ewen
>Assignee: Stephan Ewen
>Priority: Major
> Fix For: 1.5.0
>
>
> Add the example from
> https://github.com/StephanEwen/flink-demos/tree/master/streaming-state-machine
> to the Flink examples.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
