Some of the terms used in the Eclipse-basedtm Rule
Author tool might differ slightly from terms used in IBM InfoSphere
Identity Insight and its components. This glossary can help you understand
the complex event processing terms and how they relate to Event Manager
and other components, such as the Visualizer.
- cep.xml file
- The cep.xml file contains all the event business rules
and required complex event processing configuration settings required
for Event Manager and the CEP engine to process incoming event records.
An event rules file by this name must be exported to the product_installation_directory\srd-home\console\location.
Important: The file name must be all lower case, especially
in Unix environments.
- You maintain and export the event rules file using the Rule Author
tool.
- A starting cep.xml event rules file is included with
your IBM InfoSphere Identity Insight product installation. This starting
file already contains many of the required settings and configurations
needed to work with Event Manager. You can import the starting cep.xml event
rules file into the Rule Author tool, making a back up copy of the
original file first, to add event business rules and to export the
file to the required location. Consider using a versioning or source
control system to store the file before and after modifying it.
- CEP engine
- The complex event processing engine (or CEP engine) is the mechanism
that processes incoming event data from the pipeline and evaluates
the data against the rules defined in a CEP project. The CEP project
is defined in the cep.xml file, which is configured and exported
by the Rule Author tool.
- The CEP engine that Event Manager currently uses is part of the
IBM Active Middlewaretm Technology product. The version
of the CEP engine required by Event Manager is included and installed
as part of IBM InfoSphere Identity Insight. However, you must configure
Event Manager in the Configuration Console and event rules in the
Rule Author tool before you can successfully process events with the
CEP engine.
- CEP projects
- Projects are a top-level group that the complex event processor
uses to contain a grouping of events, lifespans, and rules. To use
Event Manager, you create one CEP project that contains all
the event information, including business event rules, for the events
that you want to monitor. Event Manager only uses one CEP project
at a time, but any single project can test multiple event types and
multiple rules per event type.
- You create and maintain the CEP project inside the Rule Author
tool.
- Rule Author tool (Eclipse-based Rule Author tool)
- This tool enables you to define CEP projects, events, and other
configurations that are part of the cep.xml event rules file
that the CEP engine uses to process events and generate event alerts.
- Event classes
- To use Event Manager, your CEP project must contain the following
event classes, which come preconfigured in the starting cep.xml file:
- EAS_START.event: Used to indicate the Event Manager lifespan
initiator.
- EAS_STOP.event: Used to indicate the Event Manager lifespan
terminator.
- EVENT.event: Used to define the Event Manager business
rules (or situations) that are used to process incoming event data
and generate event alerts.
- EVENT.event
- This CEP event class maps the input data that is passed from the
pipeline to the CEP engine for processing. The mapping corresponds
directly to the GEM_EVENT table in the entity database. You
use the Rule Author tool to ensure the attributes associated with EAS_EVENT match
the data mappings in the GEM_EVENT table.
- Lifespans
- In CEP, lifespans are the time intervals during which situations
(event rules) are relevant. A lifespan always starts with an initiator
and always ends with a terminator. Lifespans are associated with an
event class.
- For Event Manager, the event class EVENT must contain the lifespan
initiator EAS_START and the lifespan terminator EAS_STOP.
- Situations
- Situations in the Rule Author are equivalent to event rules.
You use the Rule Author tool to configure situations that define the
business rules determining which events or combination of events are
meaningful to your organization and what triggers an event alert.
- Situations are associated with a CEP project and event class and
are contained in the cep.xml event rules file.
- As UMF data comes into the pipeline, records (or UMF_ENTITY input
documents) that contain an EVENT data segment definition
are sent to the CEP engine. The CEP engine evaluates this incoming
event data against the configured situations in the cep.xml event
rules file. If an event meets or exceeds a defined situation, the
CEP engine sends an event alert back to the pipeline, which can be
displayed in the Visualizer or a visualization tool of your choice.
- Threshold condition
- You define threshold conditions as part of an event rule (situation).
Think of threshold conditions as data filters or quick data checks.
During processing, the CEP engine checks the incoming event data to
see if it meets the specified threshold condition before it processes
the data against the rule. If the data meets the threshold condition,
the CEP engine processes the event data against the rule; if the data
does not meet the threshold condition, the CEP engine moves to the
next event rule.
- For example, to only process events that occurred at Branch 102,
build a threshold condition that specifies EVENT_LOC='102'.
- UMF_LOG_ID key
- The UMF_LOG_ID is a unique sequential number assigned
to each record as it is processed. In a CEP project, the UMF_LOG_ID is
a grouping key that is associated with all of the required Event Manager
event classes and lifespan indicators. This grouping key ensures that
all the incoming records with the same UMF_LOG_ID are processed
together.
- If you import the starting cep.xml file included with
your product into a CEP project, the UMF_LOG_ID key is already
configured and assigned to the Event Manager event classes and lifespan
indicators.