This sample demonstrates how to use external time windows for a fraud detection use-case. In this sample, we look for two or more transactions done within a very short period of time and send an alert immediately when such an occurrence is detected.
The query used in this sample is as follows:
The first query uses a 60-second external time window, which keeps events based on the time of the meta_timestamp attribute. Upon arrival of each new event, it gets a count of the transactions so far (last 60 seconds), sum of the amount per each card and emits the results to an intermediate stream named transactions_per_card.
The second query looks for the condition where more than one transaction has taken place for a specific card and sends an alert.
See Prerequisites in CEP Samples Setup page.
Building the sample
Start the WSO2 CEP server with the sample configuration numbered 0114. For instructions, see Starting sample CEP configurations. This sample configuration does the following:
- Points the default Axis2 repo to
<CEP_HOME>/samples/cep/artifacts/0114(by default, the Axis2 repo is
Executing the sample
Open a terminal, go to
<CEP_HOME>/samples/cep/producers/wso2-eventand run the following command:
It builds and runs the
wso2eventproducer, which sends sample ATM transaction events to the CEP server.
From the terminal opened, see the details of the events sent.
To configure host, port, username, password use -Dhost=xxxx -Dport=xxxx -Dusername=xxxx -Dpassword=xxxx
After sending events, you can see the outputs from the CEP console (the outputs are logged by the logger which we use for this sample), given below is part of the console output of the logger when sending events from the producer.