The Rulecore CEP Language – Reakt! – When you need to react immediately.
Reakt is a language for complex event processing, or CEP for short. It is designed to provide a powerful and productive tool for developers allowing them to quickly create solutions for detection oriented CEP scenarios.
Reakt is not a traditional programming language. Reakt is a business situation description language. By using a declarative approach it allows the developer to concentrate on what kind of situations to detect and not how
The design goal of Reakt is to provide a way for organisations to react immediately to critical situations. It achieves this goal by finding related events from streams of inbound events. What events a critical situation consists of, and how the events are related, are defined by the user using Reakt. Reakt allows the user to specify conditions and temporal relationships which must hold in order for the events to be considered a noteworthy situation. When the situation is detected by Reakt, an user defined real-time report is created which provides actionable information about the situation.
Allowing the enterprise to react immediately.
This short white paper gives an informal description of the language and explains the different language elements using examples instead of formal definitions.
Rulecore Reakt is a small domain specific complex event processing language designed for detecting situations by observing streams of events. A situation is a formal description of a combination, a pattern, of events as they happen over time along with optional restrictions among the events. A simple example of situations that you might want to detect could be
"A vehicle has visited zone A more than 10 times during the last hour"
"Event A comes before event B, unless event C has been seen"
Main Reakt language features:
- Continuous Evaluation – Designed to operate on live streams of events as they happen.
- Declarative – Rules and other items are specified using a high-level declarative approach.
- Modular – Rules are defined using modular and re-usable building blocks.
- Temporal – Handling of time is an integral part of Reakt. Timing restrictions and other temporal conditions can be stated using a number of declarations.
- Location Aware – Reakt includes built in support to understand location information and other geographical objects such as zones.
- Implementation Independent – The elements of Reakt are defined using standard XML and are implementation independent. Different implementations can be created in order to provide specialized execution environments.
- Automatic Life Cycle Management – Rule instances are created and deleted automatically in response to events. Rule instances are analyzed and deleted if their situation is determined to be undetectable.
- Dynamic Context Management – Each rule instance maintains its own virtual view into the incoming event stream. The view provides a window into the incoming event stream in order to create a dynamic context for rule evaluation.
- Separation of Concerns – Reakt uses reusable blocks for;
- Selection of events from the inbound stream
- Rule life cycle management
- Situation definition
- Rule trigger reporting
The design goals of Reakt is to provide a language which allows the user to describe complex situations consisting of multiple events with non trivial temporal and geospatial relationships. The language is declarative. Lacking any procedural elements provides a base for formal verification and automated optimization and analysis of the language.
A design assumption made early in the language design was that is is likely that machines will use Reakt to create and modify rules more frequently than humans. The rate at which new rules need to be created and old ones modified is assumed to be high. Thus the language was designed to be easily understandable by machines and at the same time being reasonably human readable for system developers.
The current version of Reakt uses XML for its syntax. XML was chosen to take advantage as much as possible of existing knowledge among the developers, known standards and existing tools for generating and parsing. It would also be possible to create alternative syntaxes for Reakt. For example to create a more compact human friendly representation for business users.
The Reakt language was designed to support execution environments which fits into an architectural style called Event Driven Architecture (EDA). In order be a natural building block in an EDA, the ruleCore Reakt language and its supporting execution environment, the ruleCore CEP Server, was designed to be completely event driven. This purely event driven approach allows all systems in a distributed messaging architecture to integrate with ruleCore using simple events as their only communication mechanism.
The System Information Model
The System Information Model, or SIM for short, is both the name of the information model used by ruleCore CEP Server where all information about different items (rules, situations etc.) can be found and the name of the run-time data structure modelled after the familiar DOM model, commonly used to represent information originating from XML. The SIM is part of the ruleCore CEP Server implementation and not the language definition. But as all the language elements declared are executed against the SIM it is described here briefly. Different implementations can implement varying information models.
The SIM is used for various purposes, for example:
- Listing available definitions – All definitions of items such as rules, views, zones, entities, situations and actions can be found in the SIM. Definitions are created using the systems events, for example AddRuleDef, AddSituationDef and AddActionDef.
- Listing user defined events – Before an event can be sent into ruleCore CEP Server, it must be defined using the AddEventDef system event. The SIM contains all user defined events
- List of rule instances – When a rule instance is created, it’s state and internal data structures can be monitored by querying the SIM. The ruleCore CEP Server provides a query mechanism using XPath. But other implementations might query the SIM using other methods.
- Monitoring situation progress – As a situation develops, its progress can be monitored by querying the SIM.
- Examine view contents – Each rule instance is executed in an unique context of events called the event stream view. The view contains a window into the inbound stream of events and contains only semantically related events.
- Referencing items – When an item such as a rule needs to reference other items it is done using references through the SIM.
- Component Specific Data – Each plug-in component that extends the engine creates an entry in the SIM and may add any component specific information.
The SIM consists internally of dynamic data structures which are updated as needed when the internal state of the ruleCore CEP Server changes in response to inbound events. These data structures have an external representation which is the user’s view of the SIM.
The external representation of the SIM can be treated as a DOM document which can be queried using XPath and transformed using XSLT. XPath queries can be executed against the SIM using the SysInfoQuery system event.
If is also useful to note that the ruleCore CEP Server uses events for all tasks. Special pre-defined system events are used to create rules and other items in ruleCore CEP Server in addition to monitor the run-time state of the rule evaluation.
Structure of a Rule
The main language element in Reakt is the rule. Reakt uses a class of rules called reactive rules to provide its situation detection capabilities. Reactive rules should not to be confused with production rules or other types of rules which must be explicitly evaluated. A rule in Reakt is never explicitly evaluated, its evaluation must be automatically managed by the execution environment in response to inbound events.
A rule consists of a number of elements, the main ones being:
- Initialization directives - Specifies which events can lead to the creation of a rule instance
- Termination directives – Specifies what causes a rule instance to be deleted.
- The rule level – Specifies on what level in the rule hierarchy instances should be created.
- Trigger Directives – Controls how and when to report Rule triggering.
- The View – A reference to a view, providing execution context for the rule.
- The Situation – A reference to a situation to track and detect situations.
- The Action – A reference to an action, which will generate an event when
- the situation is detected, or
- if the situation is determined to be undetectable.
General Rule Attributes
Each rule has a name and a attribute which can be used limit the number of rule instances that can be created of a particular rule. A common usage of the limit is to create a singleton rule, of which only one single instance can exist.
Rules at every level can publish their trigger events externally so that they are visible outside of Reakt.
All rule declarations specifies a level. Every rule instance is created on a specific level in a hierarchy of rules. Level zero is the level on which inbound events arrive. Thus the lowest level for a rule is 1 (one). A rule will only see events from a level directly below it.
For example, three levels of rules where the rule at level one sees the inbound events:
<Rule name="New Location" limit="1000" level="1"> … </Rule>
<Rule name="Zone Entry" limit="1000" level="2"> … </Rule>
<Rule name="Zone Exit" limit="1000" level="2"> … </Rule>
<Rule name="Zone Visit" limit="1000" level="3"> … </Rule>
Rule Life Cycle Management
Rule instances are automatically created and deleted based on directives in the rule declaration section.
The <Initialize> declaration controls when a new rule instance can be created. All rule instances are created in response to events. The <Initialize> section lists those events which can lead to new rule instances being created.
Create a rule instance when an event of type GPSPosition arrives.
The <Key> declaration is the unique key for each rule instance. The key consists of one or multiple properties of the init events.
The key declaration allows for easy detection of situations per something
For example, the above key declaration creates rule instances which are per vehicle and zone. So there would be rule instances created for each unique combination of vehicle and zone.
The <Terminate> section determines when a rule instance is deleted. The <Terminate> section consists of a number of directives which allows for creation of flexible termination strategies. A rule could for example be terminated when it has triggered three times, when it’s view is empty, on a specific date and time or when a particular event arrives.
A rule may trigger when one of two things happen; the situation is detected or it is automatically determined that the situation is undetectable in the future. Depending on the terminate declarations a rule can fire one or multiple times.
When a rule triggers, its action part is executed. The action part creates an event and thus the visible result when a rule triggers is a new event, created according to your specification.
Related to rule triggering is the reporting of the rule triggering. The triggering of the rule and reporting that triggering is separated in two stages. Thus it is possible to postpone the report of a rule triggering. For example, it is possible to report rule triggering, or multiple triggerings, each minute or when the rule has triggered five times or whichever comes first. It is also possible to limit the trigger reports so that only a specified number of reports are created. The most common case is to create rules whose triggering is reported only once.
<Every trigCount="10" timeframe="00:10:00">
The rule also contains a reference to the rule’s view, situation and action. All references in Reakt are specified using XPath and executed against the SIM.
The view reference contains a reference to a view declaration. The view provides the context in which the rule is executed
The situation reference contains a reference to the situation which is evaluated in the context of the view.
The action reference contains a reference to the action part which generates a new event when the rule triggers.
<ActionRef name="ZoneEntry" eventVisibility="external">
Complete Rule Example
Here is a complete example of a rule.
<Rule name="ZoneEntry" limit="1000" level="1">
<!– Create rule instance per Vehicle and Zone –>
<!– Create a rule instance then the Location event arrives,
if one does not exists per the key above –>
<!– Delete rule instance when rule has triggered 300 times, the view is
empty of at the specified time or when the Reset event arrives –>
<!– Report rule triggerings every 10th triggering of every tenth minute
or at rule termination, report a maximum of 234 triggerings –>
<Every trigCount="10" timeframe="00:10:00">
<!– Trigger rule when situation is detected –>
<ActionRef name="ZoneEntry" eventVisibility="external">
The rule declaration contains a reference to a view. The view provides the context in which the rule is evaluated. The view keeps related events together and selects only interesting events from the inbound stream of events.
Each rule instance contains its own private view instance. The view contains a collection of events. The view is kept updated based the stream of inbound events. The view provides a dynamically changing execution environment for the rule as each rule instance is executed in the context of its view.
The view consists of a number of declarations, each specifying a property of an event that must be true in order for the event to be present in the view.
All these declarations are evaluated to determine which events are present in the view of each rule instance.
Example of properties available:
- The type view property is used to include events into the view only if they are of the specified type.
- The maxage view property defines the maximum age for each event in the view. You could for example use the age property to let each rule instance see only events from the past 10 minutes.
- The maxcount property defines the maximum number of events in the view. You could for example use this property to limit the view to contain only the last 100 received events.
- The match property defines which event properties must match in order for them to be included in the same view. You could for example require that the property CustomerID matches on all events in the view, thereby creating a view which contains events about the same customer.
- The assert property defines an XPath expression that must evaluate to true for all instances of a specified event type. The assert property could for example be used to compare a certain element in the event body with a constant.
<!– All events in the view must be of types InsideZone or OutsideZone –>
<!– All events in the view must be from the same vehicle –>
<!– All events in the view must be from the same zone –>
<!– Keep only the last 100 events in the view –>
A situation describes an interesting combination of multiple events as they occur over time.
The situation detection capability of Reakt have the following features.
- Declarative – Complex situations are described using a high level declarative approach, avoiding complex procedural solutions using traditional programming languages.
- Temporal support – Support for describing temporal relationships between events. Timing restrictions such as deadlines for detection can easily be added.
- Extensible – The situation detector is designed to be extended with new task specific detector nodes.
- Monitoring – The detector is designed to be monitored and thus the progress of situation detection can easily be tracked.
As a situation describes an interesting combination of multiple events as they occur over time, it must start somewhere. A situation starts developing when a specific initiator event occurs. This is the first event in what could possibly be a fully developed situation consisting of multiple events. This also means that a situation has an exact point in time where is starts developing, namely the timestamp of the initiator event.
The situation develops over time and can either be detected at some point in time or automatically determined to be undetectable. A situation can develop over long periods of time and consist of a large number of contributing events. The ruleCore CEP Server provides a persistent rule state allowing rule instances and their situations to survive restarts and unexpected crashes.
The progress of a situation, as it develops, can be followed by submitting a query event to the ruleCore CEP Server about the state of a particular rule’s situation detector. The degree of completion of a situation can be monitored to provide an early warning about a situation which could possibly be detected soon.
For example, detect when a vehicle has been outside a zone for at least five seconds:
The above situation example is detected when the innermost event pickup does not pick up any events from the view five seconds after the rule instance was created. If InsideZone events have arrived into the view during those five seconds the situation is not detected.
A situation is defined using a tree with detector nodes. The <Detector> node is the root of the situation detector. Each node can be either true or false depending on its semantics.
One of the central detector nodes is the <EventPickup> node which selects events from the view. It selects events by executing a XPath query against the view. If the query returns any events from the view, the <EventPickup> node becomes true.
The detector is evaluated each time it is possible that changes in the view or temporal conditions in detector nodes can affect the state of the detector.
Actions are executed as the last part of a rule’s evaluation in response to a detected situation, or optionally when it is determined that a partially detected situation can’t be detected at any point in the future.
An action is used to create a new event. The new event is called the reaction event and is used to notify external systems about a detected situation. Different events can be created for a detected situation and for undetectable situations.
The outbound event created by the action is created using a XSLT stylesheet. The stylesheet is executed in the context of the rule and can access all the events that contributed to the detection of the situation. The stylesheet can also access the events present in the view at the time the action is evaluated.
<XPath>EventDef[@eventType="OutsideZone" and @eventClass="user"]</XPath>
Reakt is a trademark of Rulecore KB of Sweden.