Tim Bass
08-30-2008 03:17 AM
In*A Short History of Complex Event Processing. Part 1: Beginnings, David Luckham opens his history discussion by saying;
�Event processing has been going on for more than fifty years.�
However, in*On Event Processing as a Discipline and Some Subsets*my colleague mistakenly says,
�� people who dealt in this area [network management and event correlation] have never investigated event processing in the larger sense (e.g. looking at additional patterns), and this area has also not spawned the event processing discipline.�
If you examinejust onepage from the CEP history at Stanford, researchers*there outlined their view of the future applications for CEP, as follows:
- Instant Insight* - hierarchical event viewing applied to the Enterprise IT layer.
[list] -
Analysing business processes
[/list] - Network Level Monitoring and Management
- Cyber Security: Network Intrusion Detection
- Enterprise Monitoring and Management
- Modeling and Simulation of Collaborative Business Processes
- Business Policy Monitoring
- Analysis and Debugging of Distributed Systems
These applications areasmentioned by Stanford researchers, includingProfessor Luckham,support and validateour recent discussion Magic Quadrant for IT Event Correlation and Analysis, 2007where we concluded that �event correlation and event analysisis Gartner's closestmagic quadrant (MQ) [...] relates directly to complex event processing (and event processing in general).�**
If you take a detailed look at the 1999 CEPpresentation, Defeating Large Scale Attacks: Technology and Strategies for Global Network Monitoringyou will readily see that*ourcolleagues areincorrect whenthey says that event correlational and network management folks havenever investigated event processing in the �larger sense�.* For example, the 1999 slides above, Stanford,*slide 6, is titled �Complex Event Processing,� defineing CEP from the application perspective of event correlation;
Complex Event Processing
- Accept network �events' from any source
[list] - CISCO NetFlow FlowCollector, tcpdump
[/list] - Correlates events based on content and temporal relationship between events
- Event Processing Agents (EPAs) connected in an Event Processing Network (EPNs)
- Both post-mortem and real-time processing
This single event correlational project example from David�s team at Stanford*examinedthe challenging event correlation problemsin the context of hierarchical events, maps, patterns, visualization tools, event processing models, patterns languages, network management abstraction layers, and more.* Those core event processing problems from this 1999 example, very large and complex*then, still exist today and are much more large and complex - precisely why it is called �complex event processing.�
It is quite obvious, in just this one example,that many folks have been looking at event correlation asa motivating applicationfor event processing, ina larger context,for a long time, contrary to whatour colleaguessays intheir �history of event processing� posts.**
In a future post I will completely debuke these event processing �history revisionists.� * I willillustrate very clearly how the history of event processing goes backat least a decade, and perhapstwo (twenty years) beforethe history outlined in*posts like On Research and Practice in Event Processingand The History of Complex Event Processing.
David Luckam stated that the art-and-science of event processing goes back around 50 years.*
I am not sure I will go all the way back to 1960 in my next post on the history of event processing.* However, *I will go back at least to the early days of Internet Protocol (IP)*networking and illustrate why distributed IP networking, network management and network security,*is one of the key**motivating factors for what we now call �event processing� and �complex event processing.�
*
*