IT-Monitoring

Event ProcessingIntelligent event processing

Even the smallest effect has its origin

With event processing, causal correlations are recognized by analyzing events and various metrics. Processing has to be intelligent and decisions have to be made as distinct as possible.

A high page load for example can be caused by different things: Maybe there is a sudden rise in user requests during an advertisement campaign, maybe the new software has been installed or maybe the page is bombed with illicit requests. Depending on the cause automatic actions such as providing another virtual machine of the cluster or measures to block illegal requests can be initiated. If necessary, the event can also be escalated to administrators.

Monitoring Sensor Systems
The sensor system provides measure values that are evaluated by agents. Distral events are sent to the central control along with the metrics.
Complex Event Processing
Complex event processing links distral events with other measured values of the monitoring hierarchy and initiates actions.
Automatic Remediation of Monitoring Events
Reactions can be automatic processes or escalations to decision-makers such as administrators.

Complex event processing

The process of Complex Event Processing is diverted into two phases. On agent level, there is pre-processing of the measure values recorded by the sensor system. The results from this procedure are distral events which are sent to the central control along with the metrics. The environment of these events, meaning every hierarchically linked values, are saved as snapshot within a central database.

Intelligent processing happens during the second phase, when there will be decided whether distral events are relevant and reactions necessary. Reactions could be either automated processes or escalations to decision-makers in charge such as administrators.

Concerning the decision methodology, Complex Event Processing works based on knowledge, as rule-based algorithms will in most cases deliver distinct results. For automatic reactions this has crucial significance. Knowledge-based systems can be adapted to changes or a new state of knowledge much easier than systems that for example are based on neuronal networks.

Knowledge-bases algorithms

Depending on the value pattern, knowledge-based algorithms will decide if measures have to be taken. The required logic is working upon defined rules and facts, such as the trend of recorded values. The system is learning what the data fluctuation of the network usually has to look like and, based on this knowledge, is able to detect anomalies. The required expert knowledge is on one hand strictly predefined by rules, on the other hand learnt by recording metrics and undergoing a corresponding training.

Operation and development

When developing and training of models and algorithms to be used for Complex Event Processing, we can benefit from our yearlong experience in system analysis. If knowledge from system operation and extensive skills in algorithm development work hand in hand, a continuous optimization is guaranteed, which is an important quality factor for Complex Event Processing.