The purpose of this document is to provide a comprehensive reference to existing, public EventGnosis System Objects/Application Components. It is also meant to assist in the sales, development and maintenance of Event Correlation Applications (ECA’s) for use by EventGnosis, EventGnosis VAR’s, as well as EventGnosis customers. EMML (Event Management Markup Language) is extensively utilized throughout to specify EventGnosis System Objects.
EventGnosis System Objects can be classified into the following three broad categories:
Event Sources: convert events from a certain protocol into an internal EventGnosis information schema.
Event Destinations: convert from an internal EventGnosis information schema to the outbound protocol.
Filters: cohesive units of functionality that perform well-defined tasks on event streams flowing through the system. Filters are often chained together inside Filter Stacks to solve specific application problems. They can be placed into the following three general categories:
Edit: edits the content of events before passing the event to the filter’s stdout.
Flow: controls the flow of events.
Correlation: initiates new events or sends messages when specific patterns are detected.
To enable rapid configuration and deployment of these objects, a set of templates, each implementing a particular object type, are presented to the user for configuration via a textual description with editable configuration parameters.
EventGnosis Default ECA (ecaDefault.xml) is a correlation application delivered with the EventGnosis Event Correlation Server (ECS). Defining built-in Parameter, Source, Filter and Destination Types in a correlation application demonstrates the extensibility of the EventGnosis platform and allows the built-in objects to be updated independently of an update to the Event Correlation Server. Specific configurations using these types allow powerful groups of components to be assembled to solve a specific application problem.
The EventGnosis default correlation application includes a superset of typical configurations of all the existing EventGnosis types, each with workable configurations. Slight changes in this configuration will allow many users to configure it to solve their particular systems problem.
This reference document for the ECA Editor Module provides detailed information on the individual sources, filters and destinations provided in the product, including the event field/schema mappings for the individual protocols. A high-level description of the application components is available inside the ECA Editor upon creation of new sources, filters and destinations. This document is specifically not meant to be used for the independent development of ECA applications using EMML without the ECA Editor. The EMML language definition is subject to change/revision at any time, and is not currently supported for direct end-user development outside of the ECA Editor.