Sequence event processing using append-only tables
First Claim
1. A method for determining policy compliance of a stream of events, the method comprising the computer-implemented steps of:
- storing one or more policies that govern the stream of events;
defining and storing a set of base events according to a particular syntax specification, wherein each base event is a definition that specifies one or more conditions for selecting particular events from a stream of events based on one or more attributes included in a stream of records that are generated to respectively represent the stream of events;
receiving the stream of records that respectively represent the stream of events;
selecting a plurality of events from the stream of events by evaluating the one or more conditions specified in each base event of the set of base events over a plurality of attributes included in the stream of records in order to select a plurality of records that respectively represent the plurality of events, wherein the values of the plurality of attributes in the plurality of records satisfy the one or more conditions specified in each base event of the set of base events;
processing the plurality of events, wherein processing the plurality of events comprises;
storing the plurality of records in an append-only sequence on persistent storage; and
forgoing storing, in the append-only sequence on persistent storage, any records that represent those events that have not been selected from the stream of events;
determining whether one or more particular events, from the plurality of events, comply with the one or more policies by performing steps comprising;
retrieving the plurality of records from the append-only sequence;
evaluating one or more expressions based on the plurality of records; and
storing one or more results of evaluating the one or more expressions in one or more of volatile memory and persistent storage;
wherein the steps of the method are performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for processing events are provided. In one embodiment, a plurality of records is received. The plurality of records is generated by one or more computer systems and represents a plurality of events that have occurred in these computer systems. The plurality of events is processed, where processing the plurality of events comprises storing the plurality of records in an append-only sequence. The append-only sequence is a storage representation of the plurality of events that allows only appending new records that represent new events but does not allow modifying and deleting existing records that represent already existing events. One or more expressions are then evaluated based on the plurality of records that are stored in the append-only sequence.
40 Citations
24 Claims
-
1. A method for determining policy compliance of a stream of events, the method comprising the computer-implemented steps of:
-
storing one or more policies that govern the stream of events; defining and storing a set of base events according to a particular syntax specification, wherein each base event is a definition that specifies one or more conditions for selecting particular events from a stream of events based on one or more attributes included in a stream of records that are generated to respectively represent the stream of events; receiving the stream of records that respectively represent the stream of events; selecting a plurality of events from the stream of events by evaluating the one or more conditions specified in each base event of the set of base events over a plurality of attributes included in the stream of records in order to select a plurality of records that respectively represent the plurality of events, wherein the values of the plurality of attributes in the plurality of records satisfy the one or more conditions specified in each base event of the set of base events; processing the plurality of events, wherein processing the plurality of events comprises; storing the plurality of records in an append-only sequence on persistent storage; and forgoing storing, in the append-only sequence on persistent storage, any records that represent those events that have not been selected from the stream of events; determining whether one or more particular events, from the plurality of events, comply with the one or more policies by performing steps comprising; retrieving the plurality of records from the append-only sequence; evaluating one or more expressions based on the plurality of records; and storing one or more results of evaluating the one or more expressions in one or more of volatile memory and persistent storage; wherein the steps of the method are performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions for determining policy compliance of a stream of events, which instructions, when executed by one or more processors, cause performance of steps comprising:
-
storing one or more policies that govern the stream of events; defining and storing a set of base events according to a particular syntax specification, wherein each base event is a definition that specifies one or more conditions for selecting particular events from a stream of events based on one or more attributes included in a stream of records that are generated to respectively represent the stream of events; receiving the stream of records that respectively represent the stream of events; selecting a plurality of events from the stream of events by evaluating the one or more conditions specified in each base event of the set of base events over a plurality of attributes included in the stream of records in order to select a plurality of records that respectively represent the plurality of events, wherein the values of the plurality of attributes in the plurality of records satisfy the one or more conditions specified in each base event of the set of base events; processing the plurality of events, wherein processing the plurality of events comprises; storing the plurality of records in an append-only sequence on persistent storage; and forgoing storing, in the append-only sequence on persistent storage, any records that represent those events that have not been selected from the stream of events; determining whether one or more particular events, from the plurality of events, comply with the one or more policies by performing steps comprising; retrieving the plurality of records from the append-only sequence; evaluating one or more expressions based on the plurality of records; and storing one or more results of evaluating the one or more expressions in one or more of volatile memory and persistent storage. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification