ActiveSchema’s EventMill Suite includes a complex event processing (CEP) engine that enables customers to process event streams in different formats (e.g. XML-based data streams) from multiple data sources, and when specified events of interest are detected it performs a list of specified actions.

EventMill provides a high level event specification language that is declarative, specify what is required, not how to do it, and it is not application domain specific. Event specification language enables users to define events (simple and composite/complex events) of interest in terms of

  • event stream attributes (expressions on event attributes, content based filtering),
  • temporal events (intervals, absolute/relative time based events),
  • geospatial events (location based events),
  • relationships with other events,
  • grouped events,
  • event history,
  • data stored in databases,
  • plug-ins (system and user-defined functions for extensibility), and
  • actions to be performed when specified events are detected.

EventMill supports a plug-in framework that is a capability to add new functions to the language for extensibility, parameterization of events and access to data stored in databases.

Analysts will specify events of interest and actions to be performed when events are detected using event specification language. Multiple actions can be associated with a given event detection. Some of the examples of actions are sending messages using e-mail, logging messages to specified file, enable/disable other events, sending messages to specified system/device and instantiating events with new set of values (i.e. for parameterized events). New type of actions can be added based on customer requirements.

For example, in a banking application, a potential credit card fraud detection may be specified as a composite/complex event that states that notify an operator if a credit card has not been used for three consecutive months followed by total withdrawal exceeding $1000 within 3 hours between 9:00 pm and 3:00 am from at least 4 different ATM machines in a specified geographic location. This composite event and its associated action can be specified with 7-10 lines of event statements depending on how one wants to formulate it.

Main capabilities of EventMill Suite are :

  • acquisition of raw events from multiple data sources
  • detection of simple and composite/complex events
  • perform associated actions as events are detected
  • declarative high level language for defining simple and composite events, and actions
  • extensibility with plug-in framework
  • distributed architecture for scalability, performance and reliability
  • access to relational databases
  • operates on multiple platforms/OSs
  • online event management and dashboard facility