CN111722991A - Alarm information processing method, device, equipment and storage medium - Google Patents

Alarm information processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN111722991A
CN111722991A CN202010582578.8A CN202010582578A CN111722991A CN 111722991 A CN111722991 A CN 111722991A CN 202010582578 A CN202010582578 A CN 202010582578A CN 111722991 A CN111722991 A CN 111722991A
Authority
CN
China
Prior art keywords
alarm
basic
information
type
notification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010582578.8A
Other languages
Chinese (zh)
Inventor
刘邺超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Puhui Enterprise Management Co Ltd
Original Assignee
Ping An Puhui Enterprise Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Puhui Enterprise Management Co Ltd filed Critical Ping An Puhui Enterprise Management Co Ltd
Priority to CN202010582578.8A priority Critical patent/CN111722991A/en
Publication of CN111722991A publication Critical patent/CN111722991A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Quality & Reliability (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Alarm Systems (AREA)

Abstract

The invention relates to the field of information security in artificial intelligence, and discloses an alarm information processing method, an alarm information processing device, alarm information processing equipment and a storage medium, which are used for solving the problem of low alarm information processing efficiency. The alarm information processing method comprises the following steps: monitoring basic alarm information based on a monitoring system, wherein a plurality of basic alarm information are provided; carrying out duplication removal processing on the basic alarm information to generate a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one; determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type; and configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to the corresponding alarm processing object based on the sending thread. By classifying the basic alarm notifications, different types of basic alarm notifications are sent to different alarm processing objects for processing, so that the effect of hierarchical processing is realized, and the processing efficiency of basic alarm information is improved.

Description

Alarm information processing method, device, equipment and storage medium
Technical Field
The invention relates to the field of information security in artificial intelligence, in particular to an alarm information processing method, an alarm information processing device, alarm information processing equipment and a storage medium.
Background
With the continuous improvement of the informatization level of each business, in order to better adapt to the development requirements of the network era, each large enterprise can continuously expand the business range of the enterprise along with the network construction, and the gradual network operation and maintenance problem begins to emerge from the water surface. In order to guarantee efficient, safe and uninterrupted service of the network system, the states of the application system and the server cluster need to be tracked and monitored in real time, and real-time monitoring and alarming of the running states and performances of the network service system and the application server are realized through analysis of monitoring, alarming and message pushing technologies of the network system and the application server. In the existing network monitoring technology, a server automatically generates alarm information according to a monitoring state, and then pushes the alarm information in a mode of mails, short messages and the like, so that the purpose of monitoring the network alarm information is achieved.
When the server processes the monitored alarm information, the alarm processing object processes a plurality of repeated alarm information, and only a single alarm processing object processes redundant alarm information, which results in low processing efficiency of the alarm information.
Disclosure of Invention
The invention mainly aims to solve the problem of low alarm information processing efficiency.
The first aspect of the present invention provides an alarm information processing method, including: monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple; carrying out duplication removal processing on the basic alarm information to generate basic alarm notifications, wherein the number of the basic alarm notifications is multiple, and the basic alarm notifications correspond to the basic alarm information one by one; determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type; and configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to a corresponding alarm processing object based on the sending thread.
Optionally, in a first implementation manner of the first aspect of the present invention, the performing deduplication processing on the basic alarm information to generate a basic alarm notification, where there are multiple basic alarm notifications, and a one-to-one correspondence between the basic alarm notification and the basic alarm information includes: acquiring alarm sources of basic alarm information, and grouping the basic alarm information according to the alarm sources to obtain grouped alarm information, wherein the alarm sources are source objects for generating the alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one; and eliminating repeated alarm information in the grouped alarm information to obtain residual alarm information, and packaging the residual alarm information into a basic alarm notification.
Optionally, in a second implementation manner of the first aspect of the present invention, the obtaining an alarm source of basic alarm information, and grouping the basic alarm information according to the alarm source to obtain grouped alarm information, where the alarm source is a source object for generating alarm information, there are a plurality of basic alarm notifications, and the one-to-one correspondence between the basic alarm notifications and the basic alarm information includes: acquiring a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one; extracting basic feature vectors of the warning sources, wherein the basic feature vectors are multiple and correspond to the warning sources one by one; calculating a basic Euclidean distance between any two basic feature vectors, and grouping the basic feature vectors by using values of the basic Euclidean distance to obtain grouped feature vectors, wherein the number of the grouped feature vectors is multiple, and the value of the basic Euclidean distance between any two basic feature vectors in each grouped feature vector is zero; and determining the alarm source corresponding to the classification characteristic vector as a grouping alarm source, and determining the basic alarm information corresponding to the grouping alarm source as grouping alarm information.
Optionally, in a third implementation manner of the first aspect of the present invention, the determining, based on a preset alarm type, a basic alarm type corresponding to the basic alarm notification includes: acquiring to-be-detected alarm categories of the basic alarm notification, wherein the number of the to-be-detected alarm categories is multiple, and the to-be-detected alarm categories correspond to the basic alarm notification one by one; calculating a basic matching value between the alarm category to be detected and a preset alarm type, and taking the basic matching value with the maximum value as a target matching value of the alarm category to be detected, wherein the number of the basic matching values is multiple; and determining the to-be-detected alarm type corresponding to the target matching value as a preset alarm type to obtain a basic alarm type corresponding to the basic alarm notification.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the configuring, according to the basic alarm type, a sending thread for the basic alarm notification, and sending, based on the sending thread, the basic alarm notification to a corresponding alarm processing object includes: judging whether the basic alarm type of the basic alarm notification is the same as a first standard type, wherein the first standard type is an alarm type of which the alarm level of the basic alarm type is higher than or equal to a standard threshold value, and a plurality of basic alarm types are arranged in the first standard type; when the basic alarm type is the same as the first standard type, sending a basic alarm notification corresponding to the basic alarm type to a first alarm processing object based on a first sending thread; and when the basic alarm type is different from the first standard type, judging that the basic alarm type is the same as a second standard type, and sending a basic alarm notification corresponding to the basic alarm type to a second alarm processing object based on a second sending thread, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, and a plurality of basic alarm types are arranged in the second standard type.
Optionally, in a fifth implementation manner of the first aspect of the present invention, after performing deduplication processing on the basic alarm information to generate a basic alarm notification, where there are a plurality of basic alarm notifications, and after the basic alarm notifications are in one-to-one correspondence with the basic alarm information, before determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type, the method further includes: and dividing the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used for indicating the importance degree of the alarm notification.
Optionally, in a sixth implementation manner of the first aspect of the present invention, the dividing, according to the alarm frequency corresponding to the basic alarm information, an alarm level of a basic alarm notification, where the alarm level is used to indicate an importance degree of the alarm notification includes: respectively acquiring alarm frequencies corresponding to basic alarm information, wherein the alarm frequencies are the times of occurrence of the basic alarm information in a preset time period, the alarm frequencies are multiple, and the alarm frequencies correspond to the basic alarm information one by one; determining the alarm frequency with the alarm frequency value larger than a preset frequency threshold value as a target alarm frequency, and sequencing corresponding basic alarm information according to the value of the target alarm frequency to obtain an alarm notification list, wherein the target alarm frequency is multiple; and determining the alarm level of the basic alarm information corresponding to the basic alarm notification by using the alarm notification list, wherein the alarm level is used for indicating the importance degree of the alarm notification, and the larger the value of the alarm frequency is, the higher the level of the alarm notification is.
A second aspect of the present invention provides an alarm information processing apparatus, including: the monitoring module is used for monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple; the system comprises a duplication elimination module, a data processing module and a data processing module, wherein the duplication elimination module is used for carrying out duplication elimination processing on the basic alarm information and generating basic alarm notifications, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one; the determining module is used for determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type; and the sending module is used for configuring a sending thread for the basic alarm notification according to the basic alarm type and sending the basic alarm notification to a corresponding alarm processing object based on the sending thread.
Optionally, in a first implementation manner of the second aspect of the present invention, the deduplication module includes: the device comprises a grouping unit, a processing unit and a processing unit, wherein the grouping unit is used for acquiring alarm sources of basic alarm information and grouping the basic alarm information according to the alarm sources to obtain grouped alarm information, the alarm sources are source objects for generating alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one; and the eliminating unit is used for eliminating repeated alarm information in the grouped alarm information to obtain residual alarm information, and packaging the residual alarm information into a basic alarm notice.
Optionally, in a second implementation manner of the second aspect of the present invention, the grouping unit is specifically configured to: acquiring a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one; extracting basic feature vectors of the warning sources, wherein the basic feature vectors are multiple and correspond to the warning sources one by one; calculating a basic Euclidean distance between any two basic feature vectors, and grouping the basic feature vectors by using values of the basic Euclidean distance to obtain grouped feature vectors, wherein the number of the grouped feature vectors is multiple, and the value of the basic Euclidean distance between any two basic feature vectors in each grouped feature vector is zero; and determining the alarm source corresponding to the classification characteristic vector as a grouping alarm source, and determining the basic alarm information corresponding to the grouping alarm source as grouping alarm information.
Optionally, in a third implementation manner of the second aspect of the present invention, the determining module is specifically configured to: acquiring to-be-detected alarm categories of the basic alarm notification, wherein the number of the to-be-detected alarm categories is multiple, and the to-be-detected alarm categories correspond to the basic alarm notification one by one; calculating a basic matching value between the alarm category to be detected and a preset alarm type, and taking the basic matching value with the maximum value as a target matching value of the alarm category to be detected, wherein the number of the basic matching values is multiple; and determining the to-be-detected alarm type corresponding to the target matching value as a preset alarm type to obtain a basic alarm type corresponding to the basic alarm notification.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the sending module is specifically configured to: judging whether the basic alarm type of the basic alarm notification is the same as a first standard type, wherein the first standard type is an alarm type of which the alarm level of the basic alarm type is higher than or equal to a standard threshold value, and a plurality of basic alarm types are arranged in the first standard type; when the basic alarm type is the same as the first standard type, sending a basic alarm notification corresponding to the basic alarm type to a first alarm processing object based on a first sending thread; and when the basic alarm type is different from the first standard type, judging that the basic alarm type is the same as a second standard type, and sending a basic alarm notification corresponding to the basic alarm type to a second alarm processing object based on a second sending thread, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, and a plurality of basic alarm types are arranged in the second standard type.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the warning information processing apparatus further includes: and the dividing module is used for dividing the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used for indicating the importance degree of the alarm notification.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the dividing module is specifically configured to: respectively acquiring alarm frequencies corresponding to basic alarm information, wherein the alarm frequencies are the times of occurrence of the basic alarm information in a preset time period, the alarm frequencies are multiple, and the alarm frequencies correspond to the basic alarm information one by one; determining the alarm frequency with the alarm frequency value larger than a preset frequency threshold value as a target alarm frequency, and sequencing corresponding basic alarm information according to the value of the target alarm frequency to obtain an alarm notification list, wherein the target alarm frequency is multiple; and determining the alarm level of the basic alarm information corresponding to the basic alarm notification by using the alarm notification list, wherein the alarm level is used for indicating the importance degree of the alarm notification, and the larger the value of the alarm frequency is, the higher the level of the alarm notification is.
A third aspect of the present invention provides an alarm information processing apparatus, including: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line; the at least one processor invokes the instructions in the memory to cause the alert information processing apparatus to execute the alert information processing method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the above-described warning information processing method.
In the technical scheme provided by the invention, basic alarm information is monitored based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and a plurality of basic alarm information are provided; carrying out duplication removal processing on the basic alarm information to generate basic alarm notifications, wherein the number of the basic alarm notifications is multiple, and the basic alarm notifications correspond to the basic alarm information one by one; determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type; and configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to a corresponding alarm processing object based on the sending thread. In the embodiment of the invention, after monitoring a plurality of alarm messages, the server firstly carries out duplication elimination processing on the plurality of alarm messages to generate a plurality of corresponding alarm notices, then determines the types of the alarm notices and finally sends the alarm notices of different types to different alarm processing objects for processing. The different types of basic alarm notifications are sent to different alarm processing objects for processing through the basic alarm notifications of the classified basic alarm information, so that the effect of grading processing is realized, and the processing efficiency of the basic alarm information is improved.
Drawings
FIG. 1 is a diagram of an embodiment of an alarm information processing method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another embodiment of an alarm information processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of an alarm information processing apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of an alarm information processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of an alarm information processing device in the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an alarm information processing method, an alarm information processing device, alarm information processing equipment and a storage medium, which are used for carrying out duplicate removal processing on a plurality of alarm information after the plurality of alarm information are monitored to generate a plurality of corresponding alarm notifications, then determining the types of the alarm notifications, and finally sending the alarm notifications of different types to different alarm processing objects for processing, so that the processing efficiency of the alarm information is improved.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a detailed flow of the embodiment of the present invention is described below, and referring to fig. 1, an embodiment of an alarm information processing method in the embodiment of the present invention includes:
101. monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple;
it is to be understood that the execution subject of the present invention may be an alarm information processing apparatus, and may also be a terminal or a server, which is not limited herein. The embodiment of the present invention is described by taking a server as an execution subject.
The server monitors a plurality of basic alarm information used for indicating abnormal information in a system log or a database based on a monitoring system.
The server is essential to monitor various data information in the process of network management. The server can timely find that the network has abnormity by monitoring system logs or database data, and after detecting the abnormity, the server can send the monitored alarm information to an alarm processing object, and the alarm processing object checks the network abnormity and makes corresponding decisions so as to recover the propagation of normal network information. The server monitors the alarm information based on the monitoring system, when the monitoring system monitors a plurality of basic alarm information, a series of processing can be carried out on the basic alarm information, finally, the monitoring system in the server can send the processed basic alarm information to the alarm system, the alarm system in the server sends corresponding basic alarm notification, the basic alarm notification is distributed with different threads and sent to different alarm processing objects, and the alarm processing objects can timely solve network abnormity.
The basic alarm information is information of abnormality occurrence in the system log or the database, and the information of the abnormality includes information such as information type of the abnormality, position of occurrence of the abnormality information, and generation time of the abnormality information, that is, information such as data type, data storage position, or data recording time of the system log or the database is abnormal, thereby forming a plurality of different basic alarm information.
102. Carrying out duplication removal processing on the basic alarm information to generate a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one;
the server performs deduplication processing on the plurality of basic alarm information and generates a plurality of basic alarm notifications used for indicating that corresponding basic alarm information is sent to the alarm processing object.
After acquiring a plurality of pieces of basic alarm information, the server needs to process the basic alarm information and then sends the basic alarm information to the alarm processing object. The server may obtain multiple pieces of repeated alarm information from multiple pieces of basic alarm information, where the repeated alarm information is caused by the fact that the server does not send the basic alarm information to the alarm processing object in time for processing, and because the alarm processing object does not process the basic alarm information in time and errors displayed by the basic alarm information are not solved in time, the alarm source still generates a large amount of basic alarm information to remind the server of processing the error information. Therefore, it is necessary that the server performs deduplication processing on the basic alarm information after acquiring the basic alarm information, and the processing efficiency of the alarm processing object on the basic alarm information is further improved.
103. Determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
the server determines a plurality of basic alarm types corresponding to a plurality of basic alarm notifications based on preset alarm types, wherein each basic alarm type is different.
The server carries out alarm type identification on the basic alarm notification so as to timely send the basic alarm notification to a processing object for processing. Different types of basic alarm notifications need to be sent to different alarm processing objects for processing, and the distribution of the alarm strategy can enable the basic alarm notifications to be processed better and faster. When the server determines the type of the basic alarm notification, firstly, the server needs to acquire the to-be-detected alarm category of the basic alarm notification, then the server calculates a plurality of basic matching values between the alarm category to be detected and the preset alarm type, the preset alarm types are set in advance according to different alarm types, after the basic matching degree between the alarm type to be detected of the basic alarm notification and the preset alarm types is calculated, the alarm type of the basic alarm notification can be determined, the higher the basic matching value is, the higher the similarity between the alarm category to be detected and the preset alarm type of the basic matching value is calculated, finally, the basic matching value with the maximum value of the basic matching value is selected from the multiple basic matching values to be used as a target matching value, and the preset alarm type corresponding to the target matching value is used as the basic alarm type of the basic alarm notification by the server.
104. And configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to the corresponding alarm processing object based on the sending thread.
The server configures different sending threads for the plurality of basic alarm notifications according to the basic alarm types, and sends the plurality of basic alarm notifications to corresponding alarm processing objects based on the plurality of sending threads.
After the server obtains the basic alarm type of the basic alarm notification, the server needs to send the basic alarm notification of different basic alarm types to different alarm processing objects through different sending threads, and first, the server determines whether the basic alarm type is the same as a first standard type, where the first standard type is an alarm type in which the alarm level of the basic alarm type is higher than or equal to a standard threshold, where the standard threshold is a threshold for determining that the basic alarm notification is a first standard type or a second standard type, for example: the alarm type of the basic alarm notification and the alarm level corresponding to the alarm type are as follows: level 1: quality of service alarm, level 2: port alarm, level 3: configuration alarm, level 4: equipment alarm, level 5: environmental alarm, level 6: and communication alarm, wherein the threshold value is 4, the first standard type is equipment alarm, environment alarm and communication alarm, and the second standard type is service quality alarm, port alarm and configuration alarm.
In addition, the sending thread corresponding to the basic alarm notification of the first standard type is a first sending thread, and the receiving end of the first sending thread is a first alarm processing object. For example: and when the basic alarm type is the same as the first standard type, the server indicates that the basic alarm notification corresponding to the basic alarm type needs to notify the computer equipment of the administrator with a high management level for processing, and then the server sends the basic alarm notification to the computer equipment of the administrator in a mail mode. And when the basic alarm type is different from the first standard type, the server judges that the basic alarm type is a second standard type, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, the corresponding sending thread of the basic alarm notification of the second standard type is a second sending thread, and the receiving end of the second sending thread is a second alarm processing object. For example: and setting a second sending thread as a prompt short message, setting a second alarm processing object as computer equipment of an operation and maintenance worker, and when the basic alarm type is the same as the second standard type, indicating that the basic alarm notification corresponding to the basic alarm type needs to be notified to the computer equipment of the operation and maintenance worker with a low management level for processing, and sending the basic alarm notification to the computer equipment of the operation and maintenance worker by the server in a short message mode.
In the embodiment of the invention, after monitoring a plurality of alarm messages, the server firstly carries out duplication elimination processing on the plurality of alarm messages to generate a plurality of corresponding alarm notices, then determines the types of the alarm notices and finally sends the alarm notices of different types to different alarm processing objects for processing. The different types of basic alarm notifications are sent to different alarm processing objects for processing through the basic alarm notifications of the classified basic alarm information, so that the effect of grading processing is realized, and the processing efficiency of the basic alarm information is improved.
Referring to fig. 2, another embodiment of the method for processing an alarm information according to the embodiment of the present invention includes:
201. monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple;
the server monitors a plurality of basic alarm information used for indicating abnormal information in a system log or a database based on a monitoring system.
The server is essential to monitor various data information in the process of network management. The server can timely find that the network has abnormity by monitoring system logs or database data, and after detecting the abnormity, the server can send the monitored alarm information to an alarm processing object, and the alarm processing object checks the network abnormity and makes corresponding decisions so as to recover the propagation of normal network information. The server monitors the alarm information based on the monitoring system, when the monitoring system monitors a plurality of basic alarm information, a series of processing can be carried out on the basic alarm information, finally, the monitoring system in the server can send the processed basic alarm information to the alarm system, the alarm system in the server sends corresponding basic alarm notification, the basic alarm notification is distributed with different threads and sent to different alarm processing objects, and the alarm processing objects can timely solve network abnormity.
The basic alarm information is information of abnormality occurrence in the system log or the database, and the information of the abnormality includes information such as information type of the abnormality, position of occurrence of the abnormality information, and generation time of the abnormality information, that is, information such as data type, data storage position, or data recording time of the system log or the database is abnormal, thereby forming a plurality of different basic alarm information.
202. Carrying out duplication removal processing on the basic alarm information to generate a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one;
the server performs deduplication processing on the plurality of basic alarm information, generates a plurality of basic alarm notifications used for indicating that corresponding basic alarm information is sent to the alarm processing object, and the basic alarm notifications correspond to the basic alarm information one to one. Specifically, the method comprises the following steps:
the method comprises the steps that a server obtains alarm sources of basic alarm information, and groups the basic alarm information according to the alarm sources to obtain grouped alarm information, wherein the alarm sources are source objects for generating the alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one; the server eliminates repeated alarm information in the grouped alarm information to obtain residual alarm information, and encapsulates the residual alarm information into a basic alarm notification.
In the process of removing the duplicate of the basic alarm information, the server firstly carries out grouping processing on a plurality of basic alarm information from different alarm sources, and then the server carries out duplicate checking on a plurality of basic alarm information under the same alarm source. The duplicate removal operation refers to removing the repeated alarm information in each group of basic alarm information, generally, the basic alarm information carries a timestamp for generating the basic alarm information, namely, the time for generating the basic alarm information by an alarm source, the server obtains the timestamp in each repeated alarm information, only the basic alarm information with the earliest timestamp is reserved, and the rest basic alarm information is deleted, namely, the purpose of removing the repeated alarm information is achieved. In addition, the basic alarm notifications are used to indicate that alarm information is sent to the alarm processing object, and each basic alarm notification corresponds to one basic alarm information.
The server acquires the alarm sources of the basic alarm information, and groups the basic alarm information according to the alarm sources to obtain grouped alarm information, wherein the alarm sources are source objects for generating the alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one. Specifically, the method comprises the following steps: the method comprises the steps that a server firstly obtains alarm sources of basic alarm information, wherein the alarm sources are source objects for generating the alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one; secondly, the server extracts basic feature vectors of the warning sources, wherein the number of the basic feature vectors is multiple, and the basic feature vectors correspond to the warning sources one by one; then the server calculates the basic Euclidean distance between any two basic characteristic vectors, and groups the basic characteristic vectors by using the value of the basic Euclidean distance to obtain grouped characteristic vectors, wherein the number of the grouped characteristic vectors is multiple, and the value of the basic Euclidean distance between any two basic characteristic vectors in each grouped characteristic vector is zero; and finally, the server determines the alarm source corresponding to the classification characteristic vector as a grouping alarm source and determines the basic alarm information corresponding to the grouping alarm source as grouping alarm information.
Since there is not only one basic alarm message monitored by the monitoring system, the received basic alarm message will come from different alarm sources, which may be: hardware, network messages, clusters, virtualization, operating systems, application software, databases, middleware network element monitoring, code components, browsers and the like, and when errors or faults occur in the alarm sources, corresponding alarm information can be generated. When analyzing the alarm information, the server matches and groups a plurality of basic alarm information according to different alarm sources, and the server issues the notification according to the notification mode configured in the strategy. For example, when the a-index of the system a is monitored, relevant data is screened out from the received monitored data, the type of the relevant data is judged, and when the type of the relevant data belongs to the preset data type, the relevant data is issued with a basic alarm notification according to a notification mode corresponding to the preset data type.
It should be noted that, when classifying the warning sources, the warning sources are classified by calculating the basic euclidean distance between the basic feature vectors of the warning sources, when the basic euclidean distance between two basic feature vectors is zero, it is indicated that the two warning sources corresponding to the two basic feature vectors are the same, the two warning sources are classified into one class, and for a certain feature vector of the plurality of feature vectors, the euclidean distance between the certain feature vector and the remaining feature vectors is calculated, so that a group of feature vectors can be obtained. Within the same group, the basic Euclidean distance between any two feature vectors is zero.
203. Dividing the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used for indicating the importance degree of the alarm notification;
and the server divides the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used for indicating the importance degree of the alarm notification. Specifically, the method comprises the following steps:
the method comprises the steps that a server firstly obtains alarm frequencies corresponding to basic alarm information respectively, wherein the alarm frequencies are the times of occurrence of the basic alarm information in a preset time period, the alarm frequencies are multiple, and the alarm frequencies correspond to the basic alarm information one by one; then the server determines the alarm frequency of which the value of the alarm frequency is greater than a preset frequency threshold value as a target alarm frequency, and sorts corresponding basic alarm information according to the value of the target alarm frequency to obtain an alarm notification list, wherein the target alarm frequency is multiple; and finally, the server determines the alarm level of the basic alarm information corresponding to the basic alarm notification by using the alarm notification list, wherein the alarm level is used for indicating the importance degree of the alarm notification, and the larger the value of the alarm frequency is, the higher the level of the alarm notification is.
It can be understood that the basic alarm notification is limited in the importance degree by the alarm level, the more important the basic alarm notification with the higher alarm level is, the processing object with the higher processing level needs to be processed, the alarm level of the basic alarm notification is divided according to the alarm frequency of the basic alarm information, the server first obtains the alarm frequency of a plurality of basic alarm information, the alarm frequency is the occurrence frequency of the basic alarm information, then the server screens out the basic alarm information with the alarm frequency greater than the preset frequency threshold value, and arranges the screened out basic alarm information according to the value size of the alarm frequency to generate an alarm notification list, wherein the larger the value of the alarm frequency is, the more front the corresponding basic alarm information is in the alarm notification list. For example: the alarm frequency of the basic alarm information A is 3, the alarm frequency of the basic alarm information B is 10, the alarm frequency of the basic alarm information C is 2, the alarm frequency of the basic alarm information D is 8, the alarm frequency of the basic alarm information E is 5, a preset frequency threshold value is set to be 5, the alarm level corresponding to the alarm frequency of 5-7 is 2, the alarm level corresponding to the alarm frequency of 7-10 is 3, and the arrangement sequence in the alarm notification list is the basic alarm information B, 3, basic alarm information D and 2. The preset frequency threshold value is a threshold value for judging the level of the alarm notification, the server sets the alarm notification with the alarm frequency greater than the preset frequency threshold value as the basic alarm notification with the important level, and the larger the alarm frequency is, the more important the importance degree of the alarm notification is, and the higher the alarm level is. It should be noted that the frequency threshold of the basic alarm information is smaller than the preset frequency threshold, and the alarm notification is set as a level 1 alarm notification. The preset frequency threshold is a determined value, which is trained by a large amount of basic alarm notification data through a model, and the value of the preset frequency threshold can be changed according to the change of the actual situation, so that the value of the preset frequency threshold is not limited in the application.
It should be noted that, the basic alarm notification has different alarm levels, and the alarm processing objects of the basic alarm notification are different, and the basic alarm notification with different levels is sent to different alarm processing objects for processing.
204. Determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
the server determines a basic alarm type corresponding to the basic alarm notification based on the preset alarm type. Specifically, the method comprises the following steps:
the method comprises the steps that a server firstly obtains to-be-detected alarm categories of basic alarm notifications, wherein the number of the to-be-detected alarm categories is multiple, and the to-be-detected alarm categories correspond to the basic alarm notifications one by one; secondly, the server calculates basic matching values between the alarm categories to be detected and preset alarm types, and the basic matching value with the largest numerical value is used as a target matching value of the alarm categories to be detected, wherein the number of the basic matching values is multiple; and finally, the server determines that the to-be-detected alarm type corresponding to the target matching value is a preset alarm type to obtain a basic alarm type corresponding to the basic alarm notification.
The server carries out alarm type identification on the basic alarm notification so as to timely send the basic alarm notification to a processing object for processing. Different types of basic alarm notifications need to be sent to different alarm processing objects for processing, and the distribution of the alarm strategy can enable the basic alarm notifications to be processed better and faster. When the server determines the type of the basic alarm notification, firstly, the server needs to acquire the to-be-detected alarm category of the basic alarm notification, then the server calculates a plurality of basic matching values between the alarm category to be detected and the preset alarm type, the preset alarm types are set in advance according to different alarm types, after the basic matching degree between the alarm type to be detected of the basic alarm notification and the preset alarm types is calculated, the alarm type of the basic alarm notification can be determined, the higher the basic matching value is, the higher the similarity between the alarm category to be detected and the preset alarm type of the basic matching value is calculated, finally, the basic matching value with the maximum value of the basic matching value is selected from the multiple basic matching values to be used as a target matching value, and the preset alarm type corresponding to the target matching value is used as the basic alarm type of the basic alarm notification by the server.
For example, the following steps are carried out: the alarm type to be detected of the known basic alarm notification is configured early warning, and the preset alarm type is as follows: the method comprises the steps of presetting service quality alarm, presetting port alarm, presetting configuration alarm, presetting equipment alarm and presetting environment alarm, wherein a server respectively calculates basic matching values between configuration alarm and preset alarm types to obtain 0.56, 0.82, 0.98, 0.79 and 0.62 respectively, wherein the basic matching value 0.98 is the value with the highest basic matching value, and therefore the alarm type notified by the basic alarm can be judged to be the configuration alarm.
205. And configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to the corresponding alarm processing object based on the sending thread.
And the server configures a sending thread for the basic alarm notification according to the basic alarm type and sends the basic alarm notification to a corresponding alarm processing object based on the sending thread. Specifically, the method comprises the following steps:
the server judges whether the basic alarm type of the basic alarm notification is the same as a first standard type, wherein the first standard type is an alarm type of which the alarm level of the basic alarm type is higher than or equal to a standard threshold value, and a plurality of basic alarm types are arranged in the first standard type; when the basic alarm type is the same as the first standard type, the server sends a basic alarm notification corresponding to the basic alarm type to a first alarm processing object based on a first sending thread; and when the basic alarm type is different from the first standard type, the server judges that the basic alarm type is the same as the second standard type, and sends a basic alarm notification corresponding to the basic alarm type to a second alarm processing object based on a second sending thread, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, and a plurality of basic alarm types are arranged in the second standard type.
After obtaining the basic alarm type of the basic alarm notification, the server needs to send the basic alarm notification of different basic alarm types to different alarm processing objects through different sending threads, and first, the server determines whether the basic alarm type is the same as a first standard type, where the first standard type is an alarm type in which the alarm level of the basic alarm type is higher than or equal to a threshold, where the threshold is a threshold for determining that the basic alarm notification is a first standard type or a second standard type, for example: the alarm type of the basic alarm notification and the alarm level corresponding to the alarm type are as follows: level 1: quality of service alarm, level 2: port alarm, level 3: configuration alarm, level 4: equipment alarm, level 5: environmental alarm, level 6: and communication alarm, wherein the threshold value is 4, the first standard type is equipment alarm, environment alarm and communication alarm, and the second standard type is service quality alarm, port alarm and configuration alarm.
In addition, the sending thread corresponding to the basic alarm notification of the first standard type is a first sending thread, and the receiving end of the first sending thread is a first alarm processing object. For example: and when the basic alarm type is the same as the first standard type, the server indicates that the basic alarm notification corresponding to the basic alarm type needs to notify the computer equipment of the administrator with a high management level for processing, and then the server sends the basic alarm notification to the computer equipment of the administrator in a mail mode. And when the basic alarm type is different from the first standard type, the server judges that the basic alarm type is a second standard type, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a threshold value, a sending thread corresponding to the basic alarm notification of the second standard type is a second sending thread, and a receiving end of the second sending thread is a second alarm processing object. For example: and setting a second sending thread as a short message, wherein a second alarm processing object is computer equipment of an operation and maintenance person, and when the basic alarm type is the same as the second standard type, the basic alarm notification corresponding to the basic alarm type needs to be notified to the computer equipment of the operation and maintenance person with a low management level for processing, and the server sends the basic alarm notification to the computer equipment of the operation and maintenance person in a short message mode.
It will be appreciated that a first standard type of base alarm notification requires processing by an alarm processing object (first processing object) having a high processing level, and a second standard type of base alarm notification requires processing by an alarm processing object (second processing object) having a lower processing level. Such a hierarchical processing allows the underlying alert notifications to be processed more timely.
In the embodiment of the invention, after monitoring a plurality of alarm messages, the server firstly carries out duplication elimination processing on the plurality of alarm messages to generate a plurality of corresponding alarm notices, then determines the types of the alarm notices and finally sends the alarm notices of different types to different alarm processing objects for processing. The different types of basic alarm notifications are sent to different alarm processing objects for processing through the basic alarm notifications of the classified basic alarm information, so that the effect of grading processing is realized, and the processing efficiency of the basic alarm information is improved.
In the above description of the method for processing alarm information in the embodiment of the present invention, an alarm information processing apparatus in the embodiment of the present invention is described below with reference to fig. 3, where an embodiment of an alarm information processing apparatus in the embodiment of the present invention includes:
the monitoring module 301 is configured to monitor basic alarm information based on a monitoring system, where the basic alarm information is used to indicate abnormal information in a system log or a database, and there are multiple basic alarm information;
a duplicate removal module 302, configured to perform duplicate removal processing on the basic alarm information to generate a plurality of basic alarm notifications, where the basic alarm notifications correspond to the basic alarm information one to one;
a determining module 303, configured to determine a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
a sending module 304, configured to configure a sending thread for the basic alarm notification according to the basic alarm type, and send the basic alarm notification to a corresponding alarm processing object based on the sending thread.
In the embodiment of the invention, after monitoring a plurality of alarm messages, the server firstly carries out duplication elimination processing on the plurality of alarm messages to generate a plurality of corresponding alarm notices, then determines the types of the alarm notices and finally sends the alarm notices of different types to different alarm processing objects for processing. The different types of basic alarm notifications are sent to different alarm processing objects for processing through the basic alarm notifications of the classified basic alarm information, so that the effect of grading processing is realized, and the processing efficiency of the basic alarm information is improved.
Referring to fig. 4, another embodiment of the apparatus for processing alarm information according to the embodiment of the present invention includes:
the monitoring module 301 is configured to monitor basic alarm information based on a monitoring system, where the basic alarm information is used to indicate abnormal information in a system log or a database, where there are multiple basic alarm information;
a duplicate removal module 302, configured to perform duplicate removal processing on the basic alarm information to generate a plurality of basic alarm notifications, where the basic alarm notifications correspond to the basic alarm information one to one;
a determining module 303, configured to determine a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
a sending module 304, configured to configure a sending thread for the basic alarm notification according to the basic alarm type, and send the basic alarm notification to a corresponding alarm processing object based on the sending thread.
Optionally, the deduplication module 302 includes:
a grouping unit 3021, configured to obtain an alarm source of basic alarm information, and group the basic alarm information according to the alarm source to obtain grouped alarm information, where the alarm source is a source object for generating alarm information, there are multiple basic alarm notifications, and the basic alarm notifications correspond to the basic alarm information one to one;
a removing unit 3022, configured to remove repeated alarm information in the grouped alarm information to obtain remaining alarm information, and encapsulate the remaining alarm information into a basic alarm notification.
Optionally, the grouping unit 3021 may be further specifically configured to:
acquiring a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one;
extracting basic feature vectors of the warning sources, wherein the basic feature vectors are multiple and correspond to the warning sources one by one;
calculating a basic Euclidean distance between any two basic feature vectors, and grouping the basic feature vectors by using values of the basic Euclidean distance to obtain grouped feature vectors, wherein the number of the grouped feature vectors is multiple, and the value of the basic Euclidean distance between any two basic feature vectors in each grouped feature vector is zero;
and determining the alarm source corresponding to the classification characteristic vector as a grouping alarm source, and determining the basic alarm information corresponding to the grouping alarm source as grouping alarm information.
Optionally, the determining module 303 may be further specifically configured to:
acquiring to-be-detected alarm categories of the basic alarm notification, wherein the number of the to-be-detected alarm categories is multiple, and the to-be-detected alarm categories correspond to the basic alarm notification one by one;
calculating a basic matching value between the alarm category to be detected and a preset alarm type, and taking the basic matching value with the maximum value as a target matching value of the alarm category to be detected, wherein the number of the basic matching values is multiple;
and determining the to-be-detected alarm type corresponding to the target matching value as a preset alarm type to obtain a basic alarm type corresponding to the basic alarm notification.
Optionally, the sending module 304 may be further specifically configured to:
judging whether the basic alarm type of the basic alarm notification is the same as a first standard type, wherein the first standard type is an alarm type of which the alarm level of the basic alarm type is higher than or equal to a standard threshold value, and a plurality of basic alarm types are arranged in the first standard type;
when the basic alarm type is the same as the first standard type, sending a basic alarm notification corresponding to the basic alarm type to a first alarm processing object based on a first sending thread;
and when the basic alarm type is different from the first standard type, judging that the basic alarm type is the same as a second standard type, and sending a basic alarm notification corresponding to the basic alarm type to a second alarm processing object based on a second sending thread, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, and a plurality of basic alarm types are arranged in the second standard type.
Optionally, the warning information processing apparatus further includes:
a dividing module 305, configured to divide an alarm level of a basic alarm notification according to an alarm frequency corresponding to the basic alarm information, where the alarm level is used to indicate an importance degree of the alarm notification.
Optionally, the dividing module 305 may be further specifically configured to:
respectively acquiring alarm frequencies corresponding to basic alarm information, wherein the alarm frequencies are the times of occurrence of the basic alarm information in a preset time period, the alarm frequencies are multiple, and the alarm frequencies correspond to the basic alarm information one by one;
determining the alarm frequency with the alarm frequency value larger than a preset frequency threshold value as a target alarm frequency, and sequencing corresponding basic alarm information according to the value of the target alarm frequency to obtain an alarm notification list, wherein the target alarm frequency is multiple;
and determining the alarm level of the basic alarm information corresponding to the basic alarm notification by using the alarm notification list, wherein the alarm level is used for indicating the importance degree of the alarm notification, and the larger the value of the alarm frequency is, the higher the level of the alarm notification is.
In the embodiment of the invention, after monitoring a plurality of alarm messages, the server firstly carries out duplication elimination processing on the plurality of alarm messages to generate a plurality of corresponding alarm notices, then determines the types of the alarm notices and finally sends the alarm notices of different types to different alarm processing objects for processing. The different types of basic alarm notifications are sent to different alarm processing objects for processing through the basic alarm notifications of the classified basic alarm information, so that the effect of grading processing is realized, and the processing efficiency of the basic alarm information is improved.
Fig. 3 and fig. 4 above describe the alarm information processing apparatus in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the alarm information processing device in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of an alarm information processing apparatus according to an embodiment of the present invention, where the alarm information processing apparatus 500 may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored in the storage medium 530 may include one or more modules (not shown), each of which may include a series of instructions operating on the alert information processing apparatus 500. Still further, the processor 510 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the alert information processing apparatus 500.
The alert information processing apparatus 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc. Those skilled in the art will appreciate that the alarm information processing device configuration shown in fig. 5 does not constitute a limitation of the alarm information processing device, and may include more or less components than those shown, or some of the components may be combined, or a different arrangement of components.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the alarm information processing method.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An alarm information processing method, characterized in that the alarm information processing method comprises:
monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple;
carrying out duplication removal processing on the basic alarm information to generate basic alarm notifications, wherein the number of the basic alarm notifications is multiple, and the basic alarm notifications correspond to the basic alarm information one by one;
determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
and configuring a sending thread for the basic alarm notification according to the basic alarm type, and sending the basic alarm notification to a corresponding alarm processing object based on the sending thread.
2. The method according to claim 1, wherein the performing deduplication processing on the basic alarm information generates a plurality of basic alarm notifications, and the one-to-one correspondence between the basic alarm notifications and the basic alarm information comprises:
acquiring alarm sources of basic alarm information, and grouping the basic alarm information according to the alarm sources to obtain grouped alarm information, wherein the alarm sources are source objects for generating the alarm information, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one;
and eliminating repeated alarm information in the grouped alarm information to obtain residual alarm information, and packaging the residual alarm information into a basic alarm notification.
3. The method according to claim 2, wherein the acquiring the warning sources of the basic warning information and grouping the basic warning information according to the warning sources to obtain the grouped warning information, wherein the warning sources are source objects for generating warning information, the number of the basic warning notifications is multiple, and the one-to-one correspondence between the basic warning notifications and the basic warning information comprises:
acquiring a plurality of basic alarm notifications, wherein the basic alarm notifications correspond to the basic alarm information one by one;
extracting basic feature vectors of the warning sources, wherein the basic feature vectors are multiple and correspond to the warning sources one by one;
calculating a basic Euclidean distance between any two basic feature vectors, and grouping the basic feature vectors by using values of the basic Euclidean distance to obtain grouped feature vectors, wherein the number of the grouped feature vectors is multiple, and the value of the basic Euclidean distance between any two basic feature vectors in each grouped feature vector is zero;
and determining the alarm source corresponding to the classification characteristic vector as a grouping alarm source, and determining the basic alarm information corresponding to the grouping alarm source as grouping alarm information.
4. The alarm information processing method of claim 1, wherein the determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type comprises:
acquiring to-be-detected alarm categories of the basic alarm notification, wherein the number of the to-be-detected alarm categories is multiple, and the to-be-detected alarm categories correspond to the basic alarm notification one by one;
calculating a basic matching value between the alarm category to be detected and a preset alarm type, and taking the basic matching value with the maximum value as a target matching value of the alarm category to be detected, wherein the number of the basic matching values is multiple;
and determining the to-be-detected alarm type corresponding to the target matching value as a preset alarm type to obtain a basic alarm type corresponding to the basic alarm notification.
5. The method for processing alarm information according to claim 1, wherein the configuring a sending thread for the basic alarm notification according to the basic alarm type, and the sending the basic alarm notification to a corresponding alarm processing object based on the sending thread comprises:
judging whether the basic alarm type of the basic alarm notification is the same as a first standard type, wherein the first standard type is an alarm type of which the alarm level of the basic alarm type is higher than or equal to a standard threshold value, and a plurality of basic alarm types are arranged in the first standard type;
when the basic alarm type is the same as the first standard type, sending a basic alarm notification corresponding to the basic alarm type to a first alarm processing object based on a first sending thread;
and when the basic alarm type is different from the first standard type, judging that the basic alarm type is the same as a second standard type, and sending a basic alarm notification corresponding to the basic alarm type to a second alarm processing object based on a second sending thread, wherein the second standard type is an alarm type of which the alarm level of the basic alarm type is lower than a standard threshold value, and a plurality of basic alarm types are arranged in the second standard type.
6. The method according to any one of claims 1 to 5, wherein after the performing deduplication processing on the basic alarm information to generate a basic alarm notification, wherein there are a plurality of basic alarm notifications, and the basic alarm notification corresponds to a basic alarm information one-to-one, before the determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type, further comprises:
and dividing the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used for indicating the importance degree of the alarm notification.
7. The method according to claim 6, wherein the dividing the alarm level of the basic alarm notification according to the alarm frequency corresponding to the basic alarm information, wherein the alarm level is used to indicate the importance degree of the alarm notification includes:
respectively acquiring alarm frequencies corresponding to basic alarm information, wherein the alarm frequencies are the times of occurrence of the basic alarm information in a preset time period, the alarm frequencies are multiple, and the alarm frequencies correspond to the basic alarm information one by one;
determining the alarm frequency with the alarm frequency value larger than a preset frequency threshold value as a target alarm frequency, and sequencing corresponding basic alarm information according to the value of the target alarm frequency to obtain an alarm notification list, wherein the target alarm frequency is multiple;
and determining the alarm level of the basic alarm information corresponding to the basic alarm notification by using the alarm notification list, wherein the alarm level is used for indicating the importance degree of the alarm notification, and the larger the value of the alarm frequency is, the higher the level of the alarm notification is.
8. An alert information processing apparatus characterized by comprising:
the monitoring module is used for monitoring basic alarm information based on a monitoring system, wherein the basic alarm information is used for indicating abnormal information in a system log or a database, and the number of the basic alarm information is multiple;
the system comprises a duplication elimination module, a data processing module and a data processing module, wherein the duplication elimination module is used for carrying out duplication elimination processing on the basic alarm information and generating basic alarm notifications, a plurality of basic alarm notifications are provided, and the basic alarm notifications correspond to the basic alarm information one by one;
the determining module is used for determining a basic alarm type corresponding to the basic alarm notification based on a preset alarm type;
and the sending module is used for configuring a sending thread for the basic alarm notification according to the basic alarm type and sending the basic alarm notification to a corresponding alarm processing object based on the sending thread.
9. An alarm information processing apparatus characterized by comprising: a memory having instructions stored therein and at least one processor, the memory and the at least one processor interconnected by a line;
the at least one processor invokes the instructions in the memory to cause the alert information processing apparatus to perform the alert information processing method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the alert information processing method according to any one of claims 1 to 7.
CN202010582578.8A 2020-06-23 2020-06-23 Alarm information processing method, device, equipment and storage medium Pending CN111722991A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010582578.8A CN111722991A (en) 2020-06-23 2020-06-23 Alarm information processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010582578.8A CN111722991A (en) 2020-06-23 2020-06-23 Alarm information processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111722991A true CN111722991A (en) 2020-09-29

Family

ID=72570025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010582578.8A Pending CN111722991A (en) 2020-06-23 2020-06-23 Alarm information processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111722991A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014884A (en) * 2021-03-10 2021-06-22 中信百信银行股份有限公司 Alarm processing method and device
CN114884798A (en) * 2022-05-05 2022-08-09 中国联合网络通信集团有限公司 Cross-professional fault analysis method, device and system
CN117527527A (en) * 2024-01-08 2024-02-06 天津市天河计算机技术有限公司 Multi-source alarm processing method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113014884A (en) * 2021-03-10 2021-06-22 中信百信银行股份有限公司 Alarm processing method and device
CN114884798A (en) * 2022-05-05 2022-08-09 中国联合网络通信集团有限公司 Cross-professional fault analysis method, device and system
CN114884798B (en) * 2022-05-05 2023-06-09 中国联合网络通信集团有限公司 Cross-specialty fault analysis method, device and system
CN117527527A (en) * 2024-01-08 2024-02-06 天津市天河计算机技术有限公司 Multi-source alarm processing method and system
CN117527527B (en) * 2024-01-08 2024-03-19 天津市天河计算机技术有限公司 Multi-source alarm processing method and system

Similar Documents

Publication Publication Date Title
US10417072B2 (en) Scalable predictive early warning system for data backup event log
CN111722991A (en) Alarm information processing method, device, equipment and storage medium
CN110888783B (en) Method and device for monitoring micro-service system and electronic equipment
CN110851321B (en) Service alarm method, equipment and storage medium
CN110708204A (en) Abnormity processing method, system, terminal and medium based on operation and maintenance knowledge base
CN109362235B (en) Method of classifying transactions at a network accessible storage device
CN110740061B (en) Fault early warning method and device and computer storage medium
CN105656693B (en) A kind of method and system of the information security abnormality detection based on recurrence
CN101668012B (en) Method and device for detecting security event
CN108809734B (en) Network alarm root analysis method, system, storage medium and computer equipment
CN113553210A (en) Alarm data processing method, device, equipment and storage medium
CN115809183A (en) Method for discovering and disposing information-creating terminal fault based on knowledge graph
CN105871581A (en) Method and device for processing of alarm information in cloud calculation
CN112988509A (en) Alarm message filtering method and device, electronic equipment and storage medium
CN112612680A (en) Message warning method, system, computer equipment and storage medium
CN113297042A (en) Method, device and equipment for processing alarm message
CN113190426A (en) Stability monitoring method for big data scoring system
CN108039971A (en) A kind of alarm method and device
CN106951360B (en) Data statistical integrity calculation method and system
CN114070711A (en) Alarm information processing method and device, electronic equipment and storage medium
CN117220917A (en) Network real-time monitoring method based on cloud computing
CN109634808B (en) Chain monitoring event root cause analysis method based on correlation analysis
CN114327988B (en) Visual network fault relation determination method and device
CN112036423A (en) Host monitoring alarm system and method based on dynamic baseline
CN114356722A (en) Monitoring alarm method, system, equipment and storage medium for server cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination