(Originally Published by Tim Bass, TIBCO Software Inc., April 30, 2007)
In What is Complex Event Processing? (Part 3), we discussed event preprocessing in event processing applications. Now, in Part 4, we discuss event refinement, also referred to as object refinement or track and trace.
Event refinement is the functional aspect of event processing that describes refining a single event object, an iterative process of operating on event data to determine attributes of individual event objects and also to build and track their behavioural characteristics. Here, the term event object refers to a distinct object. A track is often constructed based on detections of an individual identified event object, but it can also be indirectly based on detecting actionable parameters of event objects. In addition, event refinement also includes the functionality of state estimation and prediction for individual event objects – the trace aspect.
Examples of event refinement (track and trace) are:
– tracking market transactions in equities and calculating a VWAP on each tracked equity;
– tracking user sessions in an on-line e-commerce application and ranking sessions for likelihood of fraudulent behavior;
– tracking an individual container or package (with RFID, for example) as it travels around the globe and looking for delays or other exceptional conditions;
– tracking a log file in a network device or applications and searching for a specific pattern or anomalous behavior;
– tracking the path of a single aircraft, vessel or train in motion; or,
– tracking a patient in a hospital as they move through various stations and treatments.
Kindly note that in the examples above the event objects are a stream of single stock transactions: an on-line user, a package or container, a log file, an aircraft or a patient. We can all think of many different examples of objects in our businesses than are, or should be, tracked and traced in order to efficiently run the business and search for threats and opportunities to the business.
Event refinement, or track and trace, when applied to digital event information is very similar in functionality to data stream, or event stream processing, ESP. Event stream processing is a very important component of both event processing and complex event processing applications. Steams of events generally consist of event objects related and comparable by time; for example, market transactions of an individual equity are related by the time of execution. Entries in a single log file, the tracking data of an individual aircraft, and other sensor readings are also generally recorded with a time stamp.
Additionally, events may not have known time stamps but are related by causality, ontology or taxonomy. Often the causality is hidden or unknown. Finding hidden causality when debugging distributed systems was the genesis of the work in complex event processing by Dr. David Luckham. Here, the relationships are more complex than tracking and tracing objects in a stream of comparable objects within a known time series.
In my next post, What Is Complex Event Processing, Part 5, we will get into the heart of CEP: analytics where various (multiple) objects are compared, aggregated, correlated and/or analyzed to detect various business situations and scenarios.