IM InfoSphere Identity Insight, Version 8.0

CEP terminology

Some of the terms used in the Eclipse-basedtm Rule Author tool might differ slightly from terms used in IBM InfoSphere Identity Insight and its components. This glossary can help you understand the complex event processing terms and how they relate to Event Manager and other components, such as the Visualizer.

cep.xml file
The cep.xml file contains all the event business rules and required complex event processing configuration settings required for Event Manager and the CEP engine to process incoming event records. An event rules file by this name must be exported to the product_installation_directory\srd-home\console\location.
Important: The file name must be all lower case, especially in Unix environments.
You maintain and export the event rules file using the Rule Author tool.
A starting cep.xml event rules file is included with your IBM InfoSphere Identity Insight product installation. This starting file already contains many of the required settings and configurations needed to work with Event Manager. You can import the starting cep.xml event rules file into the Rule Author tool, making a back up copy of the original file first, to add event business rules and to export the file to the required location. Consider using a versioning or source control system to store the file before and after modifying it.
CEP engine
The complex event processing engine (or CEP engine) is the mechanism that processes incoming event data from the pipeline and evaluates the data against the rules defined in a CEP project. The CEP project is defined in the cep.xml file, which is configured and exported by the Rule Author tool.
The CEP engine that Event Manager currently uses is part of the IBM Active Middlewaretm Technology product. The version of the CEP engine required by Event Manager is included and installed as part of IBM InfoSphere Identity Insight. However, you must configure Event Manager in the Configuration Console and event rules in the Rule Author tool before you can successfully process events with the CEP engine.
CEP projects
Projects are a top-level group that the complex event processor uses to contain a grouping of events, lifespans, and rules. To use Event Manager, you create one CEP project that contains all the event information, including business event rules, for the events that you want to monitor. Event Manager only uses one CEP project at a time, but any single project can test multiple event types and multiple rules per event type.
You create and maintain the CEP project inside the Rule Author tool.
Rule Author tool (Eclipse-based Rule Author tool)
This tool enables you to define CEP projects, events, and other configurations that are part of the cep.xml event rules file that the CEP engine uses to process events and generate event alerts.
Event classes
To use Event Manager, your CEP project must contain the following event classes, which come preconfigured in the starting cep.xml file:
  • EAS_START.event: Used to indicate the Event Manager lifespan initiator.
  • EAS_STOP.event: Used to indicate the Event Manager lifespan terminator.
  • EVENT.event: Used to define the Event Manager business rules (or situations) that are used to process incoming event data and generate event alerts.
EVENT.event
This CEP event class maps the input data that is passed from the pipeline to the CEP engine for processing. The mapping corresponds directly to the GEM_EVENT table in the entity database. You use the Rule Author tool to ensure the attributes associated with EAS_EVENT match the data mappings in the GEM_EVENT table.
Lifespans
In CEP, lifespans are the time intervals during which situations (event rules) are relevant. A lifespan always starts with an initiator and always ends with a terminator. Lifespans are associated with an event class.
For Event Manager, the event class EVENT must contain the lifespan initiator EAS_START and the lifespan terminator EAS_STOP.
Situations
Situations in the Rule Author are equivalent to event rules. You use the Rule Author tool to configure situations that define the business rules determining which events or combination of events are meaningful to your organization and what triggers an event alert.
Situations are associated with a CEP project and event class and are contained in the cep.xml event rules file.
As UMF data comes into the pipeline, records (or UMF_ENTITY input documents) that contain an EVENT data segment definition are sent to the CEP engine. The CEP engine evaluates this incoming event data against the configured situations in the cep.xml event rules file. If an event meets or exceeds a defined situation, the CEP engine sends an event alert back to the pipeline, which can be displayed in the Visualizer or a visualization tool of your choice.
Threshold condition
You define threshold conditions as part of an event rule (situation). Think of threshold conditions as data filters or quick data checks. During processing, the CEP engine checks the incoming event data to see if it meets the specified threshold condition before it processes the data against the rule. If the data meets the threshold condition, the CEP engine processes the event data against the rule; if the data does not meet the threshold condition, the CEP engine moves to the next event rule.
For example, to only process events that occurred at Branch 102, build a threshold condition that specifies EVENT_LOC='102'.
UMF_LOG_ID key
The UMF_LOG_ID is a unique sequential number assigned to each record as it is processed. In a CEP project, the UMF_LOG_ID is a grouping key that is associated with all of the required Event Manager event classes and lifespan indicators. This grouping key ensures that all the incoming records with the same UMF_LOG_ID are processed together.
If you import the starting cep.xml file included with your product into a CEP project, the UMF_LOG_ID key is already configured and assigned to the Event Manager event classes and lifespan indicators.


Feedback

Last updated: 2011