Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fco/eventexpressionlanguage
https://github.com/fco/eventexpressionlanguage
event events parse pattern query-storage raku regex
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/fco/eventexpressionlanguage
- Owner: FCO
- Created: 2020-02-10T01:25:36.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-09-02T19:23:28.000Z (5 months ago)
- Last Synced: 2024-10-10T20:50:50.072Z (3 months ago)
- Topics: event, events, parse, pattern, query-storage, raku, regex
- Language: Raku
- Size: 86.9 KB
- Stars: 7
- Watchers: 4
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# EventExpressionLanguage
## Small example:
```
$ raku -MJSON::Fast -e '
loop {
say to-json :!pretty, %(:type, :a(^100 .pick), :b(^100 .pick))
}
' | bin/eel -l=events2.log -e='
event ble {
has $a1 = #1.a;
has $a2 = #2.a;
has $b1 = #1.b;
has $b2 = #2.b;
match {[
& bla(#1, a == 42, ?b == #2.b)
& bla(#2, a == 13, ?b == #1.b)
]}
}
'
{"a1":42,"a2":13,"b1":22,"b2":22,"timestamp":"2020-02-20T04:19:47.178670Z","type":"ble"}
{"timestamp":"2020-02-20T04:19:47.515712Z","type":"ble","b2":43,"b1":43,"a2":13,"a1":42}
{"b2":45,"type":"ble","timestamp":"2020-02-20T04:19:51.563406Z","a1":42,"a2":13,"b1":45}
{"b2":99,"type":"ble","timestamp":"2020-02-20T04:19:52.089484Z","a1":42,"a2":13,"b1":99}
{"b2":19,"type":"ble","timestamp":"2020-02-20T04:19:54.037338Z","a2":13,"a1":42,"b1":19}
{"b2":10,"type":"ble","timestamp":"2020-02-20T04:19:55.338196Z","a2":13,"a1":42,"b1":10}
{"b2":81,"timestamp":"2020-02-20T04:19:55.971652Z","type":"ble","a2":13,"a1":42,"b1":81}
{"b2":49,"timestamp":"2020-02-20T04:20:04.710167Z","type":"ble","a1":42,"a2":13,"b1":49}
{"a1":42,"a2":13,"b1":52,"b2":52,"timestamp":"2020-02-20T04:20:05.310459Z","type":"ble"}
{"b2":49,"timestamp":"2020-02-20T04:20:06.304376Z","type":"ble","a1":42,"a2":13,"b1":49}
^C
```
## What's it?
It's an idea of a solution for complex event processing, it's divided into 3 main parts:
- parse:
it should parse a language based on raku's grammar and raku's class
| syntax | meaning |
| ------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------- |
| 5min | time applied for the last construct (units: s, min, h, days) |
| [ A ] | group |
| A & B | A AND B in any order |
| A && B | A AND B on that order |
| A \| B | A OR B |
| ** N | indicates that the last matcher should be matched N times |
| ** N..M | indicates that the last matcher should be matched at least N times and max M |
| bla() | matches an event called `bla` |
| bla( value > 3 ) | matches an event called `bla` where value is greater than 3 |
| $ble | event propert called ble |
| #bli | internal name for a specific event |
| ?attr = #blo.attr | test if `attr` is equal to `#blo.attr` only if `#blo` is defined |
| [ bla( #blabla, ?id == #bleble.id ) & ble( #bleble, ?id == #blabla.id ) ] 5min | matches 2 events (`bla` and `ble`) at any order that has the same id and were dispatcher at max 5 min interval |
it should check most of things on parse time. its first draft is [here](https://github.com/FCO/EventExpressionLanguage/blob/master/lib/EventGrammar.pm6)
and some examples [here](https://github.com/FCO/EventExpressionLanguage/tree/master/examples) and a code to run this [here](https://github.com/FCO/EventExpressionLanguage/blob/master/bin/parser.p6)
Something like this:
```
event temperature { has $value, $area }
event humidity { has $value, $area }
event fire-risk {
has $temperature = #temp.value;
has $humidity = #hum.value;
match {
[
& temperature(#temp, value > 40, ?area == #hum.area )
& humidity(#hum, value < 20, ?area == #temp.area)
] 5min
}
}
```
should be transformed into something like this:
```perl6
my @rules =
{
cmd => "query",
query => %( :type("==" => "temperature"), :value(">" => 40) ),
id => "#temp",
store => < value area >,
next => {
cmd => "query",
query => %( :type("==" => "humidity"), :value("<" => 20), :area("==" => -> %state { %state<#temp> }) ),
id => "#hum",
store => < value area >,
next => {
cmd => "dispatch",
data => -> %state --> Hash() { :type, :area(%state<#temp>), :temperature(%state<#temp>), :humidity(%state<#hum>) },
}
}
},
{
cmd => "query",
query => %( :type("==" => "humidity"), :value("<" => 20) ),
id => "#hum",
store => < value area >,
next => {
cmd => "query",
query => %( :type("==" => "temperature"), :value(">" => 40), :area("==" => -> %state { %state<#hum> }) ),
id => "#temp",
store => < value area >,
next => {
cmd => "dispatch",
data => -> %state --> Hash() { :type, :area(%state<#temp>), :temperature(%state<#temp>), :humidity(%state<#hum>) },
}
}
}
;
```
## eel
```
Usage:
bin/eel [-l|--log=] [-d|--debug]
bin/eel -e|--eval|--evaluate|--code= [-l|--log=] [-d|--debug]
```
It accepts some EEL code (by file or by -e flag) and reads STDIN line by line for JSON object.
And prints back all recognized patterns.
## How it work
- runner:
It should accept the structure created by the parser and use it to add some queries on the query storage.
It should connect to N streams (log file, kinesis, kafka, eventsource, websocket, rabit MQ, etc) and following
the given rules, generate new events.
There are some examples of that should work [here](https://github.com/FCO/EventExpressionLanguage/blob/master/bin/runner.p6).
Once you describe what properties (and possibly those types) each event should have, it will also validate events, and
create a error event always it finds an invalid event.
Each step of the recognition of the pattern should store on the QueryStorage along with the query itself the next steps
for that pattern. So, for instance, your pattern is: `get-login-page(#login-page) post-login(form-id == #login-page.form-id, status-code == 200)`, then, it will add on the query storage the query: `{ :type }`, and on it's data information saying that on the next it should match `{ :type, :form-id(XXX), :status-code(200) }` when `XXX` is the `form-id` gotten from `get-login-page`.
- query storage:
is a way to store queries and when the events are dispatched, find what queries match that object and that way match each part of the track.
currently it's being implemented [here](https://github.com/FCO/EventExpressionLanguage/blob/master/lib/QueryStorage.pm6),
but optimally it should be an central process (as a database).