1-16 Oracle Complex Event Processing EPL Language Reference SELECT carId, expressway, direction, SUMsegmentMAXtimestamp-MINtimestamp AS speed FROM CarLocationEvent RETAIN 4 events PARTITION BY carId PARTITION BY expressway PARTITION BY direction

1.4.4 Detecting Rapid Fall-off

We define a rapid fall-off by alerting when the number of ticks per second for any second falls below 75 of the average number of ticks per second over the last 10 seconds. We can compute the average number of ticks per second over the last 10 seconds simply by using the TicksPerSecond events computed by the prior statement and averaging the last 10 seconds. Next, we compare the current rate with the moving average and filter out any rates that fall below 75 of the average: SELECT feed, AVGcnt AS avgCnt, cnt AS feedCnt FROM TicksPerSecond RETAIN 10 seconds GROUP BY feed HAVING cnt AVGcnt 0.75

1.4.5 Finding Network Anomalies

A customer may be in the middle of a check-in when the terminal detects a hardware problem or when the network goes down. In that situation we want to alert a team member to help the customer. When the terminal detects a problem, it issues an OutOfOrder event. A pattern can find situations where the terminal indicates out-of-order and the customer is in the middle of the check-in process: SELECT ci.term MATCHING ci:=Checkin FOLLOWED BY OutOfOrder term.id=ci.term.id AND NOT Cancelled term.id=ci.term.id OR Completed term.id=ci.term.id WITHIN 3 MINUTES Each self-service terminal can publish any of the four events below. ■ Checkin - Indicates a customer started a check-in dialogue. ■ Cancelled - Indicates a customer cancelled a check-in dialogue. ■ Completed - Indicates a customer completed a check-in dialogue. ■ OutOfOrder - Indicates the terminal detected a hardware problem All events provide information about the terminal that published the event, and a timestamp. The terminal information is held in a property named term and provides a terminal id. Because all events carry similar information, we model each event as a subtype to a base class TerminalEvent, which will provide the terminal information that all events share. This enables us to treat all terminal events polymorphically, which simplifies our queries by allowing us to treat derived event types just like their parent event types.

1.4.6 Detecting Absence of Event