So far, we've seen how to use rules to make decisions based on a set of data (called facts). This information is pretty much any group of Java objects describing the state of the domain on which we're making the decisions, but it has always represented the state of the world at one particular point in time. In this chapter, we're going to see a set of concepts, configurations, and rule syntax components that will allow us to make decisions based on time relationships between facts. These concepts are often called complex event processing (CEP).
Drools provides support for this under the name of Drools Fusion or Drools CEP, a conceptual module fully integrated into the Drools core features. This is just a conceptual separation as all the CEP features are fully supported by the same modules that provide the rule engine functionality. To fully understand this, the chapter will cover the following topics:
- Discussing different concepts associated with complex event processing, including sliding windows, entry points, and time operations
- Fitting complex event processing into a special kind of architecture called event-driven architecture
- Writing rules and configuring the runtime to take full advantage of the Drools CEP features
The main focus of CEP is to correlate small units of time-based data within an ever-changing, ever-growing data cloud in order to detect hard-to-find special situations and to do something for these cases. In order to fully understand how it works, we first need to define a few other concepts. Let's start by defining events.
In order to understand events, let's first talk about a familiar concept. So far, we've dealt with facts that we insert into a Kie Session and how they can match a specific rule. Facts are very similar to events, except events have one extra feature: time of occurrence. Events are simply the data about any domain (represented as a Java object), along with the information about the time in which this information was true.
Pretty much anything that we record taking place at a specific time can be an event, as follows:
- A sale in our eShop has a time for the transaction
- A phone call has a starting time and ending time
- Any sort of sensor reading will tell you its specific reading (temperature, humidity, and movement) in relation to a specific moment in time
Events, by themselves, are the basic structure of event processing. Every input we have from the outside world can be perceived as an event. However, we're going to be mostly interested in detecting complex events.
A complex event is simply an aggregation, composition, or abstraction of other events. The real power of complex event processing comes from being able to correlate simple incoming events in such a way that we can detect complex situations, which cannot be detected by any device or individual directly, as shown in the following:
- All the transactions that we have at a specific moment can be correlated to detect any possible fraud attempts (and take preemptive measures against it)
- At a call center, all the incoming calls, grouped by specific areas, can determine a massive outage of service at these areas to automatically notify the users of the case
Even sensor readings, combined on a large scale, can detect complex situations by just combining simpler events. Let's consider a set of sensor readings all over the city as our input events. A group of seismic events can tell us where an earthquake is happening in the city and its intensity. A set of fire alarms can tell us where in the city there is a fire.
In case of a large earthquake, combined with the information of the city infrastructure, we can infer the possible structural collapses and send experts to evaluate the current situation. If we have fire alarms going off, we can send the fire brigade to put the fire out.
If we find a set of small earthquakes, one after another and at the interval of one second, in the same direction, we might infer that something very large is moving in that general direction. If we also detect fires, one after the other in the same direction, we might aggregate all the seismic and fire-alarm events into a complex event, maybe Godzilla is moving in this direction, as shown in the following image:
If that's the case, we might not want to send architects and fire brigades in that general direction (they will most likely be eaten). Instead, we might take a different action, such as sending the military. As you can see, very small simple events can correlate time wise for us to be able to infer a lot more information from them. This is the main power of complex event processing.