Create a basic COUNT event rule to count events and create
an event alert if the total count exceeds a set threshold. For example,
you could create an event rule that counts all wire transfer transactions
within 24 hours and sends an event alert if the transaction count
is more than 500.
Before you begin
You must have an existing CEP project, which groups events
rules and all rules configuration.
About this task
These steps provide the basic instructions for creating
a simple business rule that counts the value of your choosing. For
some steps, there are multiple ways to achieve the same end result.
For more options, refer to the Situations section of
the IBM Advanced Middlewaretm Technology User's Guide
(guide for the Eclipse-basedtm CEP Rule Author tool),
which is included with your product.
Procedure
- In the left navigation pane, right-click Situation and
select . Make sure the correct project name displays
in Event Processing Project.
- Enter a unique rule name in Situation name. The situation name is the event rule name that displays in the
entity database and in the Visualizer component, if you choose to
display event alerts there. Make the name meaningful to those who
analyze the event alerts. For example, if you are creating a rule
to count all the events that occurred at a particular branch location,
you might name this rule CountBranch102Transactions.
- In Select source, select Empty
of Type and then select one of the following values from
the drop-down list:
- atleast: At least n or
more events have arrived during the life span.
- atmost: No more than n events
have arrived by the end of the life span.
Both situation types can count event values, as well as preserve
the information of each event that met the event rule. For more information
about situation types, refer to Situation Properties in
the User's Guide .
- Click Finish. When
the main situations screen displays, you might notice several errors
in the Problems section. These errors indicate
missing values, but you can ignore these errors for now. As you complete
these steps, the errors go away.
- In the Events section, select EVENT as
the base event for this rule. EVENT is
the always the base event for every event business rule. It contains
the necessary mapping to the entity database GEM_TABLE and
the EVENT data segment.
- You can build a threshold condition to
filter events before they are evaluated against this rule, so that
the events must meet the threshold condition specified to be considered.
- On the Condition & Results tab
in Lifespan, select EASLifeSpan. Notice that until you make the selection, this field displays
in red. The red color indicates that this is a required field, and
it is one of the errors listed in the Problems section. When you make the lifespan selection, the error disappears
from the Problems section.
- In Quantity, enter the "atleast"
or "atmost" quantity that the event rule counts to before generating
the event alert.
- In Detection Mode, notice that immediate is
selected. Keep this selection. The detection mode determines
when to calculate and report the results of the events. The immediate selection
generates an alert as soon as the count reaches the quantity.
- In Situation Attributes, enter the
required situation attribute names, types, and expressions:
- EVENT_SIT_STATUS
- REASON_DESC
- ALERT_GROUP
- To preserve the details of all the events that make up
the count, add the EVENTS situation attribute,
using the following information:
- In Name, enter EVENTS,
- In Type, enter integer.
- In Expression, enter EVENT_ID (or
select it in the Expression Builder).
- Click Show Advanced to display
the Dimensions column, and enter [] in
the column to indicate that the type is an array of events.
These values instruct CEP to send the internal EVENT_ID of
each event included in the total sum back to the pipeline along with
the event alert. The pipeline writes each EVENT_ID to
the entity database and sends the information to the Visualizer or
the client application used to display event alerts. The EVENT_ID is
an internal sequential number (ID) created by the pipeline when it
sends event data to the CEP engine.
- Save the event rule.