KSQL makes it easy to read, write, and process streaming data in real-time, at scale, using SQL-like semantics. It offers an easy way to express stream processing transformations as an alternative to writing an application in a programming language such as Java or Python. https://www.confluent.io/product/ksql/

With WinCC OA Java (https://github.com/vogler75/oa4j) we can stream data from WinCC OA to Apache Kafka, use KSQL to produce some insights and send it back to WinCC OA by using a WinCC OA Driver written in Java connected to Kafka.

Attached you will find a docker-compose.yml to setup KSQL + WinCC OA Connector and Driver to test it. Just use “docker-compose up -d” to start up everything. Before you should set the “data” and “event” environment variables in the docker-compose.yml to point to a running WinCC OA project.

root@docker1:~/docker/builds/winccoa# docker-compose up -d

Creating winccoa_frontend_1 ==> collect data from OA and publish it by ZeroMQ

Creating winccoa_backend-kafka_1 ==> get the data from the Frontend and write it to Kafka

Creating winccoa_driver-kafka_1 ==> OA driver to read data from kafka.

Creating winccoa_zookeeper_1
Creating winccoa_kafka_1
Creating winccoa_schema-registry_1
Creating winccoa_ksql-cli_1

We use Docker to startup WinCCOA Mangers (frontend, backend) and Drivers.

Afterwards you can start KSQL: docker-compose exec ksql-cli ksql-cli local –bootstrap-server kafka:29092

Create a stream of the topic which is sent from WinCC OA to kafka (currently every change of value in WinCC OA is sent to Kafka):

CREATE STREAM Scada_FloatVar (TimeMS BIGINT, Status BIGINT, Value DOUBLE) WITH (kafka_topic=’Scada_FloatVar’, value_format=’JSON’);

Create a result table in KSQL which will be read by the WinCC OA Driver, here we detect if a datapoint changes more often than 5 times in 10 seconds. Just a simple example to show how KSQL can be used:

CREATE TABLE result WITH (PARTITIONS=1) AS SELECT rowkey AS “Name”, count(*) AS “Value” FROM Scada_FloatVar WINDOW TUMBLING (size 10 second) GROUP BY rowkey HAVING count(*) > 5;

In WinCC OA you should put a peripheral address on a datapoint with the example driver (num 4) to get the result back (you will need the panels and scripts from here https://github.com/vogler75/oa4j/tree/master/Project/Drivers/Kafka to use the driver).

docker-compose.yml

For example we do this with the Oracle Alert Log. Very often an Oracle Database is used with WinCC OA to store history values. But a lot of times no one takes care of the Oracle database. At least the Alert-Log file should be observed. With Logstash, Apache Kafka and the WinCC OA Apache Kafka Driver we can send alert log messages from the Oracle database(s) to a WinCC OA monitoring system.

Keep in Mind: It is not a comparison of the databases only. With Oracle we used the WinCC OA RDB Manager with OA Query-RDB Direct option, and the RDB-Manager has lot of more functionalities than the NoSQL Prototyp! The other databases were tested with a NoSQL Logger Prototyp written in Java, and the implementations for writing and reading are different, because there are different interfaces for each database – for PostgreSQL we used the PostgreSQL JDBC driver, MongoDB has it’s own Java API and InfluxDB uses REST/HTTP. So, not only the speed of the database itself is compared – also the interfaces to WinCC OA and the implementations of reading are taken into account.

Oracle and OA RDB-Manager Results:
2016.07.29 09:09:03.302[“start…”]
2016.07.29 09:09:39.628[36.326][33669]
2016.07.29 09:11:22.051[“start…”]
2016.07.29 09:11:36.213[14.159][33669]

MongoDB Results:
2016.07.29 09:10:37.449[“start…”]
2016.07.29 09:10:53.171[15.72][33669]
2016.07.29 09:11:42.932[“start…”]
2016.07.29 09:11:52.918[9.986][33669]

InfluxDB Results:
WCCOAui1:2016.07.29 09:47:33.441[“start…”]
WCCOAui1:2016.07.29 09:47:42.477[9.035][33668]
WCCOAui1:2016.07.29 09:48:12.733[“start…”]
WCCOAui1:2016.07.29 09:48:18.745[6.011][33668]

it is faster than MongoDB. And our InfluxDB is running on a MacMini (Hyper-V) and the data is stored on a shared Synology NAS for home usage (DS414 slim) – much less power for InfluxDB compared to the four 7.2k disks and to the i7 where the Oracle DB and MonogDB is running on.

PostgreSQL Results:
WCCOAui1:2016.07.29 09:56:55.062[“start…”]
WCCOAui1:2016.07.29 09:57:03.475[8.41][33669]
WCCOAui1:2016.07.29 09:57:14.767[“start…”]
WCCOAui1:2016.07.29 09:57:20.196[5.427][33669]

PostgreSQL is running on the same machine and disks as Oracle and MongoDB.

Complex Event Processing (CEP) and event series analysis are used for detecting situations among events. EsperTech provides the Event Processing Language (EPL) designed for concisely expressing situations and fast execution against both historical and currently-arriving events (Espertech.com).

The Esper EPL is quite powerful – details can be found in the Esper documentation. Found also some slides about Esper. The EPL is a CQL (continuous query language), after a statement is created it is running coninously and results are streamed to listeners – in this prototype a listener is sending the results back to WinCC OA datapoints.

A WinCCOA API-Frontend-Manager gathers all value changes from WinCC OA and publishes it by ZeroMQ. The WinCC OA CEP Manager, with the open source Esper-Engine, subscribes to the Frontend-Manager to get the value changes. The advantage is that many subscribers can be connected to the Frontend-Manager, without increasing the load on the WinCC OA system (based on the ideas from CERN).

With the WinCC OA CEP Manager we can define EPL / CQL statements in WinCC OA and the result streams are passed back to WinCC OA on datapoints, where the results can be processed further.

Some simple EPL examples:

Calculate 5 minute average values with intermediate results every 1 minute:

select avg(value), min(value), max(value) 
from event(tag='System1:Meter_Input.Watt').win:time(5 min) 
output snapshot at (*/1, *, *, *, *)

With pattern matching complex event sequences can be observed with EPL. A simple example is: detect if datapoint B is set after datapoint A (A->B), and its value is higher than the value of A.

select a.value, b.value
from pattern [a=Event(tag='System1:Analog1.Input') -> every b=Event(tag='System1:ExampleDP_Trend1.' and b.value>a.value)]

Get a notification when a datapoint is changing more than 100 times within 10 seconds:

select tag, count(value) 
from Event.win:time_batch(10 sec) 
group by tag having count(*) > 100

Get a notification when a datapoint changes and there is no following value change within the next 10 seconds. For example: if meters are normally changing every 5 seconds, possible broken meters/interfaces can be detected with EPL:

select a.tag, count(*) from pattern 
[every a=Event -> (timer:interval(10 sec) and not Event(tag=a.tag))] 
group by a.tag

Other examples can be found here.

Attached is a screenshot of a simple panel where EPL statements can be defined and observed.

Other examples for CEP with Esper: http://www.adrianmilne.com/complex-event-processing-made-easy/