Evaluate operations begin with an <Evaluate> property, which has the following basic syntax:
<Evaluate> <Field input="rule name" output="DRL"> <!CDATA[ <Drools rule> </Field> <Field input="action name" output="DRF"> <!CDATA[ <Drools action> </Field> </Evaluate>
Defines the name of the event rule in the rule section and the name of the corresponding action in the action section.
Defines the type of Drools language to output. Use DRL for rules and DRF for actions.
Defines the event rule criteria in the Drools language.
Defines the event workflow action to run if the rule criteria are met. A workflow action is not required for every rule if the rule itself can perform the appropriate action.
Example: Detect immediate service shutdown and create a higher severity event
The following example detects when a Windows service shuts down within 30 seconds after starting. These operations are tracked in separate events, so an event rule is required to correlate the events and trigger an appropriate action. In this case, the operation creates a new event to replace the other events with a message and severity that reflects the more serious nature of the situation, and also prints the message to a CSV file. This evaluate operation contains a rule and does not require a separate action.
Important! This is a basic example that is easily configurable using the Event Policies dialog in the Operations Console. You should always use the Event Policies dialog to create evaluate operations for event policies, unless the operation is not supported by the interface. For information about creating more complex Drools rules, see the Drools documentation. For other syntax examples (for example, if you want to create a complex enrichment evaluate operation and need a frame of reference), create event policies from the Event Policies dialog and see the resultant syntax at SA_HOME\resources\EventManagement\Policies.
The rule for this example is as follows:
<EventClass name='Alert'>
<Evaluate>
<Field input='test drools' output='DRL'>
<![CDATA[
package com.ca.eventplus.catalog;
import com.ca.eventplus.catalog.util.EPEvent;
import java.util.HashMap;
declare EPEvent
@role(event)
end
rule "test drools"
no-loop true
when
pattrn1 : EPEvent((alertedMdrElementID=="?" && message matches ".**entered the running state.*") && reEvaluate!="test drools")
pattrn2 : EPEvent((alertedMdrElementID=="?" && message matches ".**entered the stopped state.*") && reEvaluate!="test drools", this after[-30s,30s] pattrn1)
then
pattrn1.createEvent("test drools",true,false,pattrn1,pattrn2);
end
]]>
</Field>
</Evaluate>
</EventClass>
<EventClass name='test drools' extends='Alert'>
<FormatPostN>
<Field output='AlertType' format='Quality' input='' />
<Field output='Severity' format='Major' input='' />
<Field conditional='pattern1.AlertedMdrProduct'
output='AlertedMdrProduct' format='{0}'
input='pattern1.AlertedMdrProduct' />
<Field conditional='pattern1.AlertedMdrProdInstance'
output='AlertedMdrProdInstance' format='{0}'
input='pattern1.AlertedMdrProdInstance' />
<Field conditional='pattern1.AlertedMdrElementID'
output='AlertedMdrElementID' format='{0}'
input='pattern1.AlertedMdrElementID' />
<Field output='Message' format='{0}' input='Service crashing' />
<Field output='MdrProduct' format='{0}' input='pattern1.MdrProduct' />
<Field output='MdrProdInstance' format='{0}'
input='pattern1.MdrProdInstance' />
<Field output='MdrElementID' format='{0}' input='{uniqueidentifier}' />
<Field output='ReportTimestamp' format='{0}' input='{xsdateTime}' />
<Field output='OccurrenceTimestamp' format='{0}'
input='pattern1.OccurrenceTimestamp' />
</FormatPostN>
</EventClass>
Note: This syntax comes from an event policy file created through the Event Policies dialog. If you are manually writing evaluate operations, you would write them directly in a connector policy file integrated with the rest of the connector policy.
The input and output properties define the rule name and output. The Drools rule is embedded in the '![CDATA[' property. The Drools rule contains the following sections:
Defines Java methods to import for use in the rule. This declaration must include the EPEvent method, which describes the event properties that the Drools engine can use.
Declares EPEvent as an event role, enabling correlation between events.
Starts the event rule.
Defines the rule criteria. The when clause in this example looks for the following events occurring within thirty seconds of one another:
Note the format of the clause, specifically how it uses the EPEvent method to retrieve and evaluate the properties. Also note the syntax of the clause that defines the time interval between events.
Defines the action to run when the criteria in the when clause are met. The then clause in this example creates a new event based on the properties of the correlated events.
Sets the properties for the new event. Note that this syntax uses the Format operation to establish the new event properties, and the event class matches the name of the original rule. The Message and Severity properties have new values that reflect the new event condition, and the other properties use the values from the first event.
Note: Several properties have been omitted from this example.
For additional examples and information about the syntax and requirements of the Drools language version 5, see the following page: http://www.jboss.org/drools/documentation.html.
|
Copyright © 2013 CA.
All rights reserved.
|
|