(Originally Published by Tim Bass, TIBCO Software Inc., May 9, 2007)
In What is Complex Event Processing? (Part 4), we discussed event refinement, also referred to as object refinement or track and trace. Today, in part 5 of What is Complex Event Processing, we discuss the heart of CEP, situation refinement.
Situation refinement is the functional component of event processing that describes refining multiple event objects in order to identify business situations and scenarios in real-time. Situation refinement analyzes multiple event objects and aggregated groups of events against existing detection templates, patterns, algorithms and historical data to provide an estimate of the current situation and to suggest, identify and predict future opportunities and threats.
Examples of situation refinement are:
– debugging a distributed computing application to determine cause-and-effect relationships between heterogeneous event sources;
– calculation a VWAP on a tracked equity or basket of equities and correlating these event objects with high confidence news reports in real-time ;
– correlating tracked user sessions in an on-line e-commerce application with credit card activities and geolocation information of the same user in real-time;
– associating containers and packages (with RFID, for example) with weather and traffic information to predict delays in shipments in real-time;
– correlating multiple log files selected network devices or applications and searching for a specific patterns or anomalous behavior in real-time;
– analyzing the projected tracks of multiple aircraft, vessels or trains in motion looking for potential collisions before they happen,
– correlating patient information in multiple hospitals looking for trends in viral epidemics and predicting future outbreak areas.
– correlating locations, crews, schedules, cargo, stations and other constraints in a transportation network to optimizing network resources; or,
– correlating the customer information of multiple retail banking channels with real-time customer interaction personnel to enhance the user experience and maximize marketing effectiveness.
It is interesting to note that situations are often referred to as complex events. The terminology (glossary) working group of the Event Processing Technical Society (EPTS) uses the following definitions:
Complex event: an event that is an abstraction or aggregation of other events called its members.
Composite event: Composite event types are aggregated event types that are created by combining other primitive or composite event types using a specific set of event constructors such as disjunction, conjunction, sequence, etc. Note: This definition is from the Active Database terminology
Derived event (also synthesized event): an event that is generated as a result of applying an algorithmic function or process to one or more other events.
Relationships between events: Events are related by time, causality, aggregation, abstraction and other relationships. Time and causality impose partial orderings upon events.
This leads us to the current working EPTS definition of complex event processing:
Complex-event processing (CEP): Computing that performs operations on complex events, including reading, creating, transforming or abstracting them.
In my next post, What Is Complex Event Processing, Part 6, we will discuss another important area in CEP, impact assessment – where detected business situations are compared, correlated, and/or analyzed in “what if” type of scenarios to determine and predict business consequences.