Amazon.com, Inc.
Event-stream searching using compiled rule patterns

Abstract:

Methods, systems, and computer-readable media for implementing event-stream searching using compiled rule patterns are disclosed. A rule base is compiled based at least in part on one or more rule patterns. The field names are sorted within the rule patterns. The rule patterns comprise one or more field names and one or more field values. The rule base represents a finite-state machine comprising a plurality of states. A plurality of events are received. The events comprise field names and field values describing events associated with resources in a provider network. The field names are sorted within the events. The rule patterns are evaluated against the events using the rule base. In determining a matched rule pattern for one of the events, the finite-state machine transitions between at least two of the states for the matched rule pattern.