Stream Processing.
Raw events need processing before ABIS analysis. Apply transformations, aggregations, and enrichments that optimize behavioral intelligence.
Stream processing transforms raw events into enriched behavioral signals. Operations include filtering (remove noise), mapping (normalize fields), aggregating (count actions per window), and enriching (add derived fields like session duration).
Windowing is essential for temporal aggregation. Tumbling windows (fixed, non-overlapping) work for periodic summaries. Sliding windows (overlapping) detect patterns across boundaries. Session windows (gap-based) group related activity regardless of duration.
Stateful processing maintains context across events. Track cumulative session statistics (total clicks, pages visited), detect sequences (login → sensitive action → logout), and compute running metrics (actions per minute). State management adds complexity but enables sophisticated behavioral patterns.
TUMBLING WINDOW
Fixed-size, non-overlapping windows. Example: Count events per 1-minute bucket. Simple to implement, clear boundaries.
USE: Periodic metricsSLIDING WINDOW
Fixed-size, overlapping windows. Example: Events in last 5 minutes, updated every 30 seconds. Smooths out boundary effects.
USE: Moving averagesSESSION WINDOW
Dynamic size based on activity gaps. Example: Group events until 30 minutes of inactivity. Captures natural user sessions.
USE: Session analysisGLOBAL WINDOW
All events in single window with triggers. Example: Emit when 100 events accumulated. Useful for batch-like processing in streams.
USE: Batch triggers