Apama 10.15.4 | Developing Apama Applications | Developing Apama Applications in EPL | Defining Queries | Introduction to queries | Example of a query
 
Example of a query
The following code provides an example of a query. This query monitors credit card transactions for a large set of credit card holders. The goal is to identify any fraudulent transactions. While this example illustrates query operation, it is not intended to be a realistic application.
query ImprobableWithdrawalLocations {
parameters {
float period;
}
inputs {
Withdrawal(value>500) key cardNumber within period;
}
find Withdrawal as w1 -> Withdrawal as w2
where w2.country != w1.country {
log "Suspicious withdrawal: " + w2.toString() at INFO;
}
}
Each query definition is in a separate file that has a .qry file name extension. The example shows several query features:
*Parameters section
Queries can be parameterized. When a query has no parameters, a single instance of the query is automatically created when the query is loaded into a correlator. If one or more parameters are defined for a query, when the query is loaded into a correlator, no instances are created until you define an instance and specify a set of parameter values for that instance.
*Inputs section
The inputs section identifies the events that the query will operate on, that is, the event inputs. This section contains one or more definitions. Each definition identifies the type of input event (Withdrawal in the example) together with details identifying which Withdrawal events are input, how those events are distributed, and what state, or event history, is to be held.
The query key is a fundamental concept. If a key is defined, then the incoming events are partitioned into different sets based on the value of the key. Query processing operates independently for each set/partition. In the example query, events for each cardNumber will be independently processed.
For each event input, the definition identifies the set of events that are current. When looking for pattern matches or evaluating aggregates, only current events are used. For each event input, the set of events that is current is referred to as the event window.
*Find statement
The find statement identifies an event pattern to be matched and defines what event processing actions are taken when a match is found. A find statement consists of an event pattern followed by a find block.
The event pattern can specify conditions that determine whether there is a match. A where condition specifies a Boolean expression that must evaluate to true for there to be a match. A within condition specifies that certain elements within the pattern must occur within a given time period. A without condition specifies an event whose presence can prevent a match.
Statements in a find block can send events to communicate with other queries, with monitor instances, and with external system elements in a deployment, such as adapters, correlators, or other deployed processes. Some EPL statements, such as on, spawn, from, and die are not allowed in queries.