Nowadays, the generated data in a typical IT infrastructure is rapidly growing including critical systems, where it is important to react to changes in the system status in near real-time. Without a quick response to these events, the system could fail, causing significant economic loss or even environmental harm. Using domain-specific knowledge, high-level requirements describe how the system is supposed to operate without failure.
However, the logic of event processing application is typically implemented manually, in a low-level manner which hinders the validation of these high-level requirements. If an application has limited built-in knowledge about the observed system, it can neither recognize the situations that need to be avoided, nor can it take the necessary actions to prevent them.
A system model about the structure and behaviour of the observed environment can help to reduce the gap between the domain knowledge and the application logic. Therefore, the monitoring of the system can be improved by more accurate system detections and also the validation of high-level requirements becomes easier. The model provides information about the meaningful events and patterns of the system, thus the large volume of event-flow can be shrunk to an easily manageable size.
This thesis discusses a possible way of implementing of a model-based event processing application that uses qualitative models and domain-specific rules about the observed system during the processing. For this purpose, the challenges of event processing, the elements and features of qualitative modelling are described including extensions to the qualitative model that are necessary for its effective use. The popular stream-processing and complex event processing frameworks are detailed that can provide the logic of the model-based application. The thesis also describes a method to formalise and store domain-specific knowledge that can be used by the event processing application efficiently. The result of the research is detailed in a case study where the implemented model-based event processing application helps the monitoring of a complex, virtualized IT infrastructure.
The purpose of this thesis is to provide a methodology of supporting model-based event processing that can be applied in system diagnosis.