In the current on-demand and business environment, business entities and enterprises frequently have to make critical decisions in real time. The input for such decisions is based on streams of events received in real time. For example, a bank institution frequently monitors and receives ATM transactions across its service areas. An ATM user may insert or swipe her ATM card at an ATM machine. The ATM user may next make a cash withdrawal, a deposit, an account balance inquiry, or other actions or operations provided by the ATM machine. As these operations are monitored and received by the bank institution as events in real time, the bank institution is required to determine whether a valid ATM transaction has taken place or an ATM fraud has occurred.
Currently, some existing systems may receive and record these and other business events, but the events are not monitored and/or analyzed at real time. Using the ATM transaction example above, the bank institution customarily may receive thousands of ATM transactions per day and data relating to the events are stored in a database or a data store for processing. At a pre-determined time (e.g., around midnight), the stored data is then processed and organized for later retrieval and/or query. It is through this “after-the-fact” processing of the stored data that the bank institution sometimes discovers or determines that an ATM fraud has occurred (such as two ATM transactions by the same ATM card number take place within 20 minutes of each other at two locations 100 miles apart). Such existing systems prove to be inadequate to deal with real time event stream processing.
In other systems, real time monitoring of events may be achieved, but processing and producing an accurate state of the real time events are inadequate. In detecting a possible ATM fraud, suppose events relating to the ATM transactions are received in real time and is subsequently stored in a typical relational database or application for later retrieval or processing by a user. In a typical scenario, an event representing a user's successful entering of her ATM personal identification number (PIN) is followed by a withdrawal event at the same ATM machine. Ideally, the bank institution receives these events in the chronological order in which they occur; that is, an ATM transaction is defined as a PIN entering event followed by a withdrawal event of the user at the same ATM machine. However, as data relating to these events may be transmitted with delays at different stages in the communication network, these events may not be received at the chronological order. As such, the data relating to the withdrawal event may arrive before the PIN entering event. Consequently, if a user of the bank institution wishes to perform a query on the number of completed ATM transactions (e.g., PIN entering and withdrawal) which have taken place, the query may return an inaccurate result because there is no corresponding PIN entering event preceding the withdrawal event. As such, these existing systems lack ability to process real time events while accommodating varying latencies and delays.