This documentation is for WSO2 Complex Event Processor 4.0.0. View documentation for the latest release.
WSO2 Complex Event Processor is succeeded by WSO2 Stream Processor. To view the latest documentation for WSO2 SP, see WSO2 Stream Processor Documentation.
Skip to end of metadata
Go to start of metadata


This sample demonstrates how to set up an execution plan with a Siddhi query to use Siddhi PMML extension in order to detect network intruders. The input event stream is processed by the execution plan which uses the pmml predictive model to detect whether a particular user is an intruder to the network or not. The output stream contains the processed query results which includes the predicted response along with the feature values extracted from the input event stream. This sample uses CEP event simulator to input data and the logger publisher for logging the outputs to the CEP console.

 The query used in this sample is as follows. 

from IntruderInputStream#pmml:predict('samples/artifacts/0301/decision-tree.pmml')
select *
insert into IntruderOutputStream;

Above query:

  • Receives events through the IntruderInputStream. 
  • Use PMML extension to predict with the aid of the decision-tree.pmml model.
  • Finally outputs results into the IntruderOutputStream.


Set up the following prerequisites before starting the configurations.

  1. Set up the prerequisites required for all samples.
  2. Start the server in standard mode and install Siddhi PMML Extension as a feature. For more information see Install WSO2 GPL Features.

Building the sample

Start the WSO2 CEP server with the sample configuration numbered 0301. For instructions, see Starting sample CEP configurations. This sample configuration does the following:

  • Points the default Axis2 repo to <CEP_HOME>/sample/artifacts/0301 (by default, the Axis2 repo is <CEP_HOME>/repository/deployment/server).

Executing the sample

  1. Log into the CEP management console which is located at https://localhost:9443/carbon

  2. Go to Tools -> Event Simulator. Under the 'Multiple Events' section, you can see the listed 'intruder.csv' file which contains some sample data. Click 'play' to start sending sample events from the file.
  3. You view the values of the  IntruderOutputStream from the CEP console as shown below.

  • No labels