'Irregular alerts when detecting missing events for multiple keys using Siddhi

I want to detect missing events for multiple keys and the rule has two parts:

  1. No event in the timeWindow after system starts - Trigger an alert
  2. No event for timeWindow after an event already occured.

I have this rule which works fine for one id..

from not inputStream[id == 'ID12345'] for 20 sec 
select 'ID12345' as id, 'ID12345-GapDetection' as ruleId insert into outputStream; 
from every f1=inputStream[id == 'ID12345'] -> not inputStream[id == f1.id] for 20 sec 
select f1.id as id, 'ID12345-GapDetection' as ruleId  insert into outputStream;

However, when I add a similar rule, with the only difference being filter Id (Adding 2 rules in the system - ID12345, IDPQRST) with different rule ids.

from not inputStream[id == 'IDPQRST'] for 20 sec 
select 'IDPQRST' as id, 'IDPQRST-GapDetection' as ruleId insert into outputStream; 
from every f1=inputStream[id == 'IDPQRST'] -> not inputStream[id == f1.id] for 20 sec 
select f1.id as id, 'IDPQRST-GapDetection' as ruleId  insert into outputStream;

The output is random and not what I expect. It randomly alerts in the following ways:

  1. Two correct alerts (One for each ID)
  2. Alerts for either of the IDs
  3. Misses the alerting completely and stops alerting any further
  4. Alerts for the same ID twice

I have tried a couple of other rules too to achieve the same solution, however they all end up with the same issue. My other tried rule is:

Using sequence:

from not inputStream[id == 'ID12345'] for 20 sec 
select 'ID12345' as id, 'ID12345-GapDetection' as ruleId insert into outputStream;
from every f1=inputStream[id == 'ID12345'], not inputStream[id == 'ID12345'] for 20 sec 
select f1.id as id, 'ID12345-GapDetection' as ruleId  insert into outputStream;

This makes me wonder if this has got something to do with the way internal rule trigger works for detecting missing events within a certain time period.

I also noticed that if input events are generated at a slower rate, the alerts get triggered correctly.

apache-flinkcomplex-event-processingsiddhi


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Kinesis Analytics SQL query to narrow down the sensors that are not sending data

where's socketTextStream in pyflink

What is the Java version that the Flink can support in 2022?

Flink Missing Events With Windowed Processor(Event Time Windows) and Kafka Source

Apache Flink + CEP - Detect same events

Apache Flink: AWS S3 timeout exception when starting a job from a savepoint

Kafka Client Timeout of 60000ms expired before the position for partition could be determined

I'm looking for code to connect PyFlink to Pulsar

FLINK1.8 , ERROR INFO : state is larger than the maximum permitted memory-backed state. use RocksDBStateBackend not useful

Windowing on mapped stream is giving different results

What should I use instead deprecated FlinkKafkaConsumer? Scala Flink

Integration testing flink job

Cannot access Flink dashboard localhost:8081 on windows

Apache Flink - writing stream to S3 error - null uri host

Flink checkpoint not replaying the kafka events which were in process during the savepoint/checkpoint