Technologies come and go, but one thing remains constant.
We love the complex components that make our lives easier when designing enterprise solutions and as architects and developers we are constantly searching for ways to make our lives easier.
One way to do this is to keep up on the popular new sites that relate to technologies of interest. Another way is to read as much as we can in the form of books, magazines or blogs on technology topics.
I do realize not everyone enjoys the rigorous and often mathematical foundations that are used in these papers to prove and support the theoretical results. Therefore, in an attempt to bring the JBoss relevant information to you with regards to the ties we have between community and products, this article will focus on extracting the CEP related results for Drools only.
You are free to download and read the complete original paper that was presented at 10th International Conference on Cyber Warfare and Security (ICCWS-2015) as the authors were so kind as to put the entire paper online.
This paper takes a look a a class of information systems that gathers data and events together to provide the ability to audit or maintain some form of security in today’s complex information technology environments. They classify these systems in the paper as Software Information and Event Management (SIEM) system, into which the popular open source rule-based Drools Complex Event Processing (CEP) engine fits for the authors evaluations.
The authors see the most important feature of these systems to be “…the correlation engine, which is used to normalize, reduce, filter and aggregate events from a set of heterogeneous inputs.” The paper promises to compare and present performance evaluations of the following correlation engines:
- Simple Event Correlator (SEC)
- Drools, which is supported by Red Hat in JBoss BRMS & JBoss BPM Suite
The remainder of this article will refer to the results in relation the the supported JBoss BRMS which productizes the Drools CEP engine that the authors consider a correlation engine in this paper. Remember that JBoss BPM Suite is a super set of JBoss BRMS, so therefore we choose to focus on JBoss BRMS for this article.
The testing architecture that pushed a load through the JBoss BRMS CEP component using a set of rules for processing, monitors the progress and then filters out the results into a report. Events were generated to trigger rules and in a predefined distribution.
The paper also states that the CEP component was optimized to produce the best results possible, but the authors do not present any details as to what this might entail. Testing was done on a virtualized Xeon CPU X5660 processor, Linux based operating system, with 4GB of RAM allocated and there were multiple runs of the test suite.
The final numbers were taken as an average over the results as measured over three runs and reflect measurements based on execution time and throughput (events processed per second). The following shows the results for set number of rules with variable number of events and for set number of events with variable number of rules.
1. Execution time and throughput for 500 rule set
The events are scaled up and the rule set remains static in size.
- 1k events
- Throughput – 125 events/sec
- Time – 8 sec
- 10k events
- Throughput – 1111 events/sec
- Time – 9 sec
- 100k events
- Throughput – 6250 events/sec
- Time – 16 sec
- 1 million events
- Throughput – 14286 events/sec
- Time – 70 sec
2. Execution time and throughput for 1 million event set
The second results offered are based on a single large event set and rules sets that grow in size.
- 20 rules
- Throughput – 21,272 events/sec
- Time – 47 sec
- 200 rules
- Throughput – 14,925 events/sec
- Time – 67 sec
- 500 rules
- Throughput – 14,286 events/sec
- Time – 70
We will leave the conclusions presented by the authors as an exercise for you to read, but without a doubt, JBoss BRMS CEP component provides a solid and powerful engine for processing your event streams no matter the size or rule complexity.