3

I am trying to build a CEP system with Apache Flink for correlating events. One of the requirements is to be able to add new patterns for anomaly detection at runtime without losing the system availability. Any Ideas of how could I do that?

For instance, If I have a stream of security events (e.g. accesses, authentications) and a pattern for detecting anomalies (e.g. >10 logins to the same machine in 1 minute) I would like to be able to change the pattern parameters, for instance instead of 10 logins, maybe I would like 8 and I at the same time I would like to be able to create other patterns (maintaining the same stream) to detect a new type of anomaly without losing events/system availability.

Regards.

Pedro Chaves
  • 123
  • 13
  • Question also at http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/What-is-the-best-way-to-load-add-patterns-dynamically-at-runtime-with-Flink-td9461.html#a9470 – Pedro Chaves Oct 12 '16 at 20:02

1 Answers1

0

This is already answered at Adding patterns dynamically in Apache Flink without restarting job

Basically, as Flink CEP is coded right now, you can't do it. It is expected this feature for future releases, but we keep waiting for it.

David Corral
  • 4,085
  • 3
  • 26
  • 34