CN113347045A - Alarm message processing method and device - Google Patents
Alarm message processing method and device Download PDFInfo
- Publication number
- CN113347045A CN113347045A CN202110739093.XA CN202110739093A CN113347045A CN 113347045 A CN113347045 A CN 113347045A CN 202110739093 A CN202110739093 A CN 202110739093A CN 113347045 A CN113347045 A CN 113347045A
- Authority
- CN
- China
- Prior art keywords
- alarm
- message
- notification
- alert
- alarm message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0604—Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Alarm Systems (AREA)
Abstract
The invention provides a processing method for acquiring an alarm message, which relates to the field of big data processing and comprises the following steps of; acquiring an alarm rule corresponding to the received first alarm message; compressing the first alarm message based on the alarm rule to obtain an alarm notification; and outputting the alarm notice. The embodiment of the invention can effectively improve the processing efficiency of the alarm message, enables the compression mode of the alarm message to be more flexible and reasonable, solves the trouble of alarm storm and improves the user experience.
Description
Technical Field
The invention relates to the technical field of big data processing, in particular to a method and a device for processing an alarm message.
Background
With the continuous development of IT and Internet technologies, various business IT systems in enterprises are more and more emphasized, and alarm messages as necessary parameters for measuring the activities and the operating conditions of the business IT systems of the enterprises need to be monitored in time, so that the processing of the alarm messages becomes a basic work for the operation and the maintenance of the business IT systems of the enterprises.
Due to various reasons, an IT system can generate a large amount of abnormal logs caused by the same abnormal event within a certain period of time, and in the existing technology, only simple alarm message notification is carried out after the abnormal event is detected, so that a user is easily disturbed repeatedly by the same abnormal event, the condition of alarm storm cannot be dealt with, and the alarm message processing efficiency is low.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing a numerical alarm message, which can realize the high-efficiency processing of the alarm message.
In order to solve the above technical problem, an embodiment of the present invention provides an alarm message processing method, where the method includes:
acquiring an alarm rule corresponding to the received first alarm message;
compressing the first alarm message based on the alarm rule to obtain an alarm notification;
and outputting the alarm notice.
Optionally, in the above method, the step of compressing the first alarm message based on the alarm rule to obtain the alarm notification includes:
acquiring alarm compression information in the alarm rule;
and compressing the first alarm message according to the alarm compression information to obtain an alarm notification.
Optionally, in the foregoing method, the alarm compression information includes: the step of compressing the first alarm message according to the alarm compression information to obtain an alarm notification comprises the following steps:
acquiring a second alarm message with the same alarm label as the first alarm message;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
Optionally, in the foregoing method, the alarm compression information includes: and at continuous time intervals, the step of compressing the first alarm message according to the alarm compression information to obtain an alarm notification comprises the following steps:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
Optionally, in the foregoing method, the compressing the first alarm message based on the alarm rule to obtain the alarm notification includes:
and generating an alarm notification corresponding to the alarm notification type based on the alarm notification type in the alarm rule.
Optionally, in the above method, before the step of outputting the alarm notification, the method further includes:
determining a condition for outputting an alert notification based on the type of the alert notification;
the step of outputting the alert notification includes:
and if the condition of the alarm notice is met, outputting the alarm notice.
Optionally, in the foregoing method, the type of the alert notification includes at least one of: start alert notifications, sustain alert notifications, and end alert notifications.
Optionally, in the above method, if the alarm notification is the alarm start notification, and if the condition of the alarm notification is satisfied, the step of outputting the alarm notification includes:
and outputting a starting alarm notification when the first alarm message is received.
Optionally, in the foregoing method, if the alarm notification is the persistent alarm notification, and if the condition of the alarm notification is satisfied, the step of outputting the alarm notification includes:
acquiring the time interval between the last time of outputting the continuous alarm notification and the current time;
and if the time interval exceeds the alarm interval, outputting the continuous alarm notification.
Optionally, in the above method, if the alarm notification is the alarm termination notification, and if the condition of the alarm notification is satisfied, the step of outputting the alarm notification includes:
and if the third alarm message which is the same as the first alarm message alarm tag is not received within the specified time, outputting the alarm finishing notice.
Optionally, in the above method, before the step of obtaining the alarm rule corresponding to the received first alarm message, the method further includes:
acquiring configuration operation;
generating an alarm rule based on the configuration operation.
The embodiment of the invention also provides an alarm message processing device, which comprises:
the first acquisition module is used for acquiring an alarm rule corresponding to the received first alarm message;
the compression module is used for compressing the alarm message based on the alarm rule to obtain an alarm notice;
and the output module is used for outputting the alarm notice.
Optionally, in the above apparatus for processing an alarm message, the compression module includes:
the first obtaining submodule is used for obtaining the alarm compression information in the alarm rule;
and the compression submodule is used for compressing the first alarm message according to the alarm compression information to obtain an alarm notification.
Optionally, in the above apparatus for processing an alarm message, the alarm compression information includes: and the compression submodule is specifically used for:
acquiring a second alarm message with the same alarm label as the first alarm message;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
Optionally, in the above apparatus for processing an alarm message, the alarm compression information includes: at successive time intervals, the compression submodule is further configured to:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
Optionally, in the above alarm message processing apparatus, the compression module is further configured to:
and generating an alarm notification corresponding to the alarm notification type based on the alarm notification type in the alarm rule.
Optionally, the apparatus for processing an alarm message further includes:
a determination module for determining a condition for outputting an alert notification based on the type of the alert notification;
the output module is further specifically configured to: and if the condition of the alarm notice is met, outputting the alarm notice.
Optionally, in the above alarm message processing apparatus, the alarm notification includes at least one of the following: start alert notifications, sustain alert notifications, and end alert notifications.
Optionally, in the above apparatus for processing an alarm message, if the alarm notification is the start alarm notification, the output module is further specifically configured to:
and outputting a starting alarm notification when the first alarm message is received.
Optionally, in the above alarm message processing apparatus, if the alarm notification is the persistent alarm notification, the output module is further specifically configured to:
acquiring the time interval between the last time of outputting the continuous alarm notification and the current time;
and if the time interval exceeds the alarm interval, outputting the continuous alarm notification.
Optionally, in the above apparatus for processing an alarm message, if the alarm notification is the end alarm notification, the output module is further specifically configured to:
and if the third alarm message with the same label as the first alarm message is not received within the specified time, outputting the alarm finishing notice.
Optionally, the apparatus for processing an alarm message further includes:
the second acquisition module is used for acquiring configuration operation;
and the generating module is used for generating an alarm rule based on the configuration operation.
The embodiment of the present invention further provides an alarm message processing apparatus, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when the computer program is executed by the processor, the steps of the alarm message processing method are implemented.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the alarm message processing method are implemented as described above.
The embodiment of the invention compresses the alarm message through the set alarm rule, and can effectively improve the processing efficiency of the alarm message. Furthermore, the same type of alarm message is determined through the alarm tag, so that the same type of alarm message in the continuous time interval is compressed, the compression mode of the alarm message is more flexible and reasonable, in addition, a plurality of alarm notification modes are set, a large number of repeated and meaningless alarms are avoided, the trouble of alarm storms is solved, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of an alarm message processing method according to an embodiment of the present invention;
fig. 2 is a flowchart of another alarm message processing method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an alarm rule interface for a newly created event according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another newly created event alert rule interface according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of another newly created event alert rule interface according to an embodiment of the present invention;
fig. 6 is a block diagram of an alert message processing apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of an alarm message processing method provided in an embodiment of the present invention, where the alarm message processing method is applied to a data monitoring system, and as shown in fig. 1, the alarm message processing method includes the following steps:
The data monitoring system acquires an alarm rule corresponding to the first alarm message based on the received first alarm message.
The specific generation process of the first warning message is as follows: the process from the event source to the event alarm generation is completed by a log collection engine, a user is required to create an alarm rule in advance, the alarm rule is issued to a configuration system, the log collection engine acquires the alarm rule from the configuration system, a message required to generate an alarm is screened out according to the alarm condition in the alarm rule, and an event alarm message is generated according to the message content. The event alert message is sent to the designated kafka topic after generation. The log collection engine can read and analyze data from a data source, input a result to a specified destination after analyzing according to rules, serve as an event source, such as es or kafka, and filter or reform data in a transmission pipeline, and the log analysis operation and the alarm message transmission of the event source are completed through the log collection engine. In the alarm process, the log collection engine obtains data from an event source, generates an alarm message according to an alarm rule and inputs a specified theme. The event alert message sample is as follows:
the alarm rule is a mode of performing alarm processing on the abnormal event, and the alarm rule may be set by a user. The alert rules include, but are not limited to: event source, alarm condition, alarm compression information, alarm notification setting, alarm priority (alarm notification level), and the like.
The event source is the source of the log, and in the invention, the event source may refer to a subject of a certain parsing job output, or may also be a kafka subject from other collected messages, allowing a user to customize configuration. Specifically, the parsing operation parses the original log to obtain all fields included in the original log, the parsing operation selects a specified field to generate a target log (e.g., JSON message), and stores the target log, for example, the generated target log may be stored in kafka or topic, where kafka or topic is an event source. Or, the user generates a message with a similar format to be sent to a certain subject through own path, and the message can also be used as an event source.
The alarm condition refers to a condition for generating an alarm message. The log is analyzed into JSON information containing appointed fields through the analysis operation, whether event alarm is generated in the JSON information is judged according to the alarm condition, the value of one or more appointed fields analyzed from the JSON information is within the range set by the alarm rule, and the JSON information generates one event alarm. The setting of the alarm condition is not limited to the simple judgment of the field, and if the field is equal to, not equal to, larger than or smaller than a certain value, whether the alarm is generated or not can be judged by verifying whether the field meets a certain complex mode through regular matching.
And 102, compressing the alarm message based on the alarm rule to obtain an alarm notification.
Wherein, the step 102 of compressing the first alarm message based on the alarm rule to obtain the alarm notification includes:
acquiring alarm compression information in the alarm rule;
and compressing the first alarm message according to the alarm compression information to obtain an alarm notification. Wherein, the alarm compression information includes but is not limited to: whether alarm compression and alarm compression modes are needed, wherein the alarm compression modes comprise alarm tags and continuous time intervals.
The alarm tag is set by the user himself. For example, if the event source in the alarm rule is kafka topic of other collected messages, the user may customize the alarm tag; for another example, if the event source in the alarm rule is the topic output by the parsing job, and the user sets a tag, the data monitoring system may present a tag list, and the user may select an alarm tag through the list. The label list is fields of the parsing operation for parsing the configuration incoming log, and the label of the alarm rule can be selected from the fields. Say a log:
INFO 19-09-26 00:19:46b2e.action.AbstractLoopAction[[ACTIVE]ExecuteThread:'6'for queue:'weblogic.kernel.Default
if the user chooses to parse out field logevel, which has the value INFO, and field time, which has the value 19-09-2600:19:46, then both fields logevel and time become candidate alarm tags for the alarm rule that uses the parsing job as the event source. The alarm tag plays a role in distinguishing different groups of alarm messages in the alarm compression process, and a user can select a proper alarm tag to enable the compressed alarm notification to be more consistent with the assumption. For example, a task executed by the data monitoring system may have multiple threads working simultaneously, and a user may want to know which threads are working abnormally, and in the case of no alarm tag, all logs meeting alarm conditions will only generate the same alarm message, and alarms generated by different threads will be compressed together, and the user may know that a certain abnormality occurs in a certain task and alarms 15 times, but at all, one thread is repeatedly alarming, or all threads are alarmed, and the user is difficult to distinguish. The alarm tag can solve the problem, for example, a user can select a thread field in an alarm rule as an alarm tag, then an alarm message with a tags value of { "thread": thread1 "} and an alarm message with a value of {" thread1 "} and" thread2 "} are compressed respectively and then sent out for notification, the user can definitely know that thread1 alarms for several times based on {" thread ": thread 1" }, and can definitely know that thread2 alarms for several times based on { "thread 2" }, so that information carried by the alarm notification is more accurate and has higher analytical value, and when a fault is cleared, only the working conditions of the two threads need to be checked, and time is not wasted for clearing all threads.
Optionally, the alarm compression information includes: the alarm tag is used for compressing the first alarm message according to the alarm compression information to obtain an alarm notification, and compressing the first alarm message according to the continuous time interval in the alarm rule to obtain the alarm notification, wherein the step of obtaining the alarm notification comprises the following steps:
acquiring a second alarm message which has the same alarm label as the first alarm message according to the alarm label;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
The first alarm message and the second alarm message with the same label belong to the same group of alarm messages, and the first alarm message and the second alarm message are generated by the same alarm rule.
Specifically, the alarm tag is essentially a field parsed from the log, and is stored in the tag field of the message in JSON format in the event alarm message. Acquiring an alarm tag configured by the alarm rule from the first alarm message, then searching whether a second alarm message with the same alarm tag as the first alarm message is contained in a cache in the data monitoring system, if the second alarm message does not exist, indicating that the second alarm message is the first alarm message generated by the abnormal event, and storing the first alarm message in the cache; and if so, compressing the first alarm message and the second alarm message.
In an application scenario, if a user selects two fields, namely a field a and a field b, as an alarm tag in an alarm rule, a tag value of an existing event alarm message is { "a": "aaa", "b": "bbb", then only the alarm message with the same tag value as the alarm message from the same alarm rule is in the same group, and any field value of a and b is not the same, or the alarm messages with the same a and b values but different alarm rules are not in the same group.
Optionally, the alarm compression information includes: and at continuous time intervals, the step of compressing the first alarm message according to the alarm compression information to obtain an alarm notification comprises the following steps:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
Specifically, whether the continuous interval time between the current first alarm message and the last alarm message (wherein the last alarm message is the same alarm message as the alarm tag of the first alarm message) exceeds a set continuous interval is determined, if not, the alarm messages are compressed, and the number of the alarm messages in the alarm notification is + 1. And if the interval time between the current first alarm message and the last alarm message exceeds the set continuous interval, counting the alarm messages corresponding to the abnormal events occurring when the interval time exceeds the continuous interval time again.
The continuous time interval is the maximum time interval at which two alarm messages can be compressed together, and setting the continuous time interval in the alarm rule compresses the same set of event alarm messages generated in the interval time in units of minutes, wherein the same set of event alarm messages are generated based on the same alarm rule and have the same alarm tag. For example, if the continuous time interval is 1 minute, and an event alert message is generated every 40 seconds for 100 same set of alert messages, then the 100 event alert messages are compressed together even if they take 4000 seconds. If the 101 th alarm message of the group is 70 seconds away from the previous alarm message, the 101 th alarm message is not compressed together with the previous 100 alarm messages, but is re-timed to wait for the next 1 minute if the same group of alarm messages is compressed together.
As shown in the alarm message flow chart of fig. 2, all alarm messages, whether compressed or not, are stored in the index of the search server elastic search, in the alarm compression module, the alarm messages pulled out in batch are stored in the cache one by one, and after the batch of alarm messages are all processed, the batch update is performed, that is, the event alarms in the cache are stored in the index of the search server elastic search at one time, and then the cache is cleared.
Optionally, before the step of compressing the alarm message based on the alarm rule to obtain the alarm notification, the method further includes:
and determining whether to perform alarm compression on the first alarm message according to the alarm compression information in the alarm rule of the first alarm message.
Specifically, before performing alarm compression, the data monitoring system determines whether to perform alarm compression on each alarm message according to the alarm compression information in the alarm rule of each event alarm message. For example, if the data monitoring system queries that the alarm rule is configured with a continuous time interval, it is determined that alarm compression is required, and the anti-rule determines that compression is not required.
Optionally, the step 102 of compressing the first alarm message based on the alarm rule to obtain the alarm notification further includes:
and generating an alarm notification corresponding to the alarm notification type based on the alarm notification type in the alarm rule.
Specifically, after the alarm message is compressed, the alarm notification is obtained based on the alarm notification setting in the alarm rule. The type of alert notification includes at least one of: start alert notifications, sustain alert notifications, and end alert notifications.
And 103, outputting the alarm notification.
Optionally, before the step of outputting the alert notification, the method further includes:
determining a condition for outputting an alert notification based on the type of the alert notification;
the step of outputting the alert notification includes:
and if the condition of the alarm notice is met, outputting the alarm notice.
Wherein, if the alarm notification is the start alarm notification, and if the condition of the alarm notification is satisfied, the step of outputting the alarm notification includes:
and outputting a starting alarm notification when the first alarm message is received.
If the alarm notification is the continuous alarm notification, and if the condition of the alarm notification is met, the step of outputting the alarm notification comprises the following steps:
acquiring the time interval between the last time of outputting the continuous alarm notification and the current time;
and if the time interval exceeds the alarm interval, outputting the continuous alarm notification.
If the alarm notification is the alarm termination notification, and if the condition of the alarm notification is met, the step of outputting the alarm notification comprises the following steps:
and if the third alarm message which is the same as the first alarm message alarm tag is not received within the specified time, outputting the alarm finishing notice.
Specifically, the alarm notification is a notification triggered by an event alarm, a template of the alarm notification is customized in an alarm rule by a user, and the form of the alarm notification includes sending a message to a specified subject or sending a mail to a specified mailbox, wherein different types of alarm notifications can define different templates. Wherein, the start alarm notification, the persistent alarm notification, and the end alarm notification are notifications generated at the start, during the persistent state, and after the end of a set of event alarms, respectively. The start alert notification is a notification generated upon receipt of a first event alert message; the alarm ending notice is a notice generated when the interval time of the current event alarm information and the adjacent event alarm information of the same group is greater than the set continuous interval; the persistent alert notification is an alert notification generated during the period of persistent alert between the start alert notification and the end alert notification.
Wherein, sending the alarm notification based on the set alarm notification may be: if the alarm notification is set with the alarm starting notification, when the first event alarm is generated and the event alarm information is stored in the cache, the alarm starting notification is sent based on the set alarm notification. And/or, if the alarm notification is set to end, storing the first piece of alarm information into a cache until the time of continuous intervals passes, if the same group of event alarm messages are received in the period, the event alarm messages cannot be notified, accumulating the number of the group of event alarms and adding 1, timing again, and waiting for the time of continuous intervals again. If a continuous interval time passes, the same group of new event alarms are not received, the end notification is sent, the user can be informed of the information such as the accumulated alarm times of the current event continuous alarms, the continuous alarm time and the like, the information of the group of event alarms in the cache is cleared, and if the same group of event alarm information is received again later, the start alarm notification is sent again and the timing is waited. And/or, if the continuous alarm notification is set in the alarm notification, the data monitoring system judges whether the current time has passed an alarm interval from the last continuous alarm notification time each time the same group of event alarm messages are received, and if so, sends a continuous notification to inform the user of information such as the continuous alarm time, the accumulated alarm times and the like. Wherein, the alarm interval is the time interval for sending the continuous alarm notification, and is set in the alarm rule by taking minutes as a unit. When the same group of event alarms carry out continuous alarm, a continuous alarm notification is sent once every time when the alarm interval is passed.
Before the step 101 of obtaining an alert message, the method further comprises:
acquiring configuration operation;
generating an alarm rule based on the configuration operation.
Specifically, the user may create new alarm rules in the data monitoring system. First, as shown in fig. 3, basic information is filled in, and the rule name and priority are mandatory items, and once the rule name is saved, the rule name cannot be modified. Then, an alarm condition, an alarm tag and a continuous interval are set as shown in fig. 4. The event source in fig. 4 is a parsing job output topic named qudao, both the alarm condition and the alarm tag can be selected more, and the alarm condition cannot be null. Further, as shown in fig. 5, an alarm channel for sending an alarm notification is selected, and three types of notifications are selected and configured, and if a continuous interval is not checked on the alarm condition interface, a persistent notification and an end notification cannot be checked and configured on the interface. The available variables and the available labels on the interface are used for facilitating the user to configure the notification template, and the fields can be copied and pasted in the notification template by clicking the variable names or the label names. The sending mode of the alarm notification can be configured in the alarm channel and can be sent to a specified mailbox or a kafka theme.
The embodiment of the invention gives up notifying each alarm message for the same group of event alarm messages in continuous interval time, compresses a plurality of alarm messages of continuous intervals belonging to the same group of events, and replaces one-by-one notification with self-defined continuous alarm or finishing alarm notification, thereby avoiding the alarm list of a user from being submerged by a large number of repeated alarm notifications and improving the user experience. And the same group of event alarm messages in continuous time intervals are compressed, the continuous time intervals can be set by users, the compression mode of the alarm messages is more flexible and reasonable, and the compression efficiency is improved.
Based on the method for processing an alarm message provided in the above embodiment, an alarm message processing apparatus for implementing the method is further provided in the embodiment of the present invention, and referring to fig. 6, the alarm message processing apparatus 600 provided in the embodiment of the present invention includes:
a first obtaining module 601, configured to obtain an alarm rule corresponding to the received first alarm message;
a compression module 602, configured to perform compression processing on the alarm message based on the alarm rule to obtain an alarm notification;
an output module 603, configured to output the alert notification.
Optionally, the compression module 602 includes:
the compression module 602 includes:
the first obtaining submodule is used for obtaining the alarm compression information in the alarm rule;
and the compression submodule is used for compressing the first alarm message according to the alarm compression information to obtain an alarm notification.
Optionally, the alarm compression information includes: and the compression submodule is specifically used for:
acquiring a second alarm message with the same alarm label as the first alarm message;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
Optionally, the alarm compression information includes: at successive time intervals, the compression submodule is further configured to:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
Optionally, the compression module 602 is further configured to:
and generating an alarm notification corresponding to the alarm notification type based on the alarm notification type in the alarm rule.
Optionally, the warning message processing apparatus 600 further includes:
a determination module for determining a condition for outputting an alert notification based on the type of the alert notification;
the output module 603 is further specifically configured to: and if the condition of the alarm notice is met, outputting the alarm notice.
Optionally, the type of the alert notification includes at least one of: start alert notifications, sustain alert notifications, and end alert notifications.
Optionally, if the alarm notification is the start alarm notification, the output module 603 is further specifically configured to:
and outputting a starting alarm notification when the first alarm message is received.
Optionally, if the alarm notification is the persistent alarm notification, the output module 603 is further specifically configured to:
acquiring the time interval between the last time of outputting the continuous alarm notification and the current time;
and if the time interval exceeds the alarm interval, outputting the continuous alarm notification.
Optionally, if the alarm notification is the end alarm notification, the output module 603 is further specifically configured to:
and if the third alarm message with the same label as the first alarm message is not received within the specified time, outputting the alarm finishing notice.
Optionally, the warning message processing apparatus 600 further includes:
the second acquisition module is used for acquiring configuration operation;
and the generating module is used for generating an alarm rule based on the configuration operation.
An embodiment of the present invention provides an alarm message processing apparatus, which includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, where the computer program, when executed by the processor, implements the steps of the alarm message processing method according to the above embodiment.
An embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the alarm message processing method according to the above embodiment are implemented.
The embodiment of the present invention further provides a readable storage medium, where a computer program is stored on the readable storage medium, and when being executed by a processor, the computer program implements each process of the above-mentioned alarm message processing method embodiment, and can achieve the same technical effect, and is not described herein again to avoid repetition. The computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for processing an alarm message, the method comprising:
acquiring an alarm rule corresponding to the received first alarm message;
compressing the first alarm message based on the alarm rule to obtain an alarm notification;
and outputting the alarm notice.
2. The method according to claim 1, wherein the step of compressing the first alarm message based on the alarm rule to obtain the alarm notification comprises:
acquiring alarm compression information in the alarm rule;
and compressing the first alarm message according to the alarm compression information to obtain an alarm notification.
3. The alert message processing method of claim 2, wherein the alert compression information comprises: the step of compressing the first alarm message according to the alarm compression information to obtain an alarm notification comprises the following steps:
acquiring a second alarm message with the same alarm label as the first alarm message;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
4. The alert message processing method of claim 3, wherein the alert compression information comprises: and at continuous time intervals, the step of compressing the first alarm message according to the alarm compression information to obtain an alarm notification comprises the following steps:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
5. The alert message processing method according to any one of claims 1 to 4, wherein prior to the step of outputting the alert notification, the method further comprises:
determining a condition for outputting an alert notification based on the type of the alert notification;
the step of outputting the alert notification includes: and if the condition of the alarm notice is met, outputting the alarm notice.
6. An alert message processing apparatus, characterized in that the alert message processing apparatus comprises:
the first acquisition module is used for acquiring an alarm rule corresponding to the received first alarm message;
the compression module is used for compressing the alarm message based on the alarm rule to obtain an alarm notice;
and the output module is used for outputting the alarm notice.
7. The warning message handling system apparatus of claim 6 wherein the compression module comprises:
the first obtaining submodule is used for obtaining the alarm compression information in the alarm rule;
and the compression submodule is used for compressing the first alarm message according to the alarm compression information to obtain an alarm notification.
8. The alert message processing apparatus of claim 7, wherein the alert compression information comprises: and the compression submodule is specifically used for:
acquiring a second alarm message with the same alarm label as the first alarm message;
and compressing the first alarm message and the second alarm message to obtain an alarm notification.
9. The alert message processing apparatus of claim 7, wherein the alert compression information comprises: at successive time intervals, the compression submodule is further configured to:
acquiring a target alarm message of which the time interval with the first alarm message does not exceed the continuous time interval from the second alarm message;
and compressing the first alarm message and the target alarm message to obtain an alarm notification.
10. The alert message processing apparatus according to any one of claims 6 to 9, wherein the alert message processing apparatus further comprises:
a determination module for determining a condition for outputting an alert notification based on the type of the alert notification;
the output module is further specifically configured to: and if the condition of the alarm notice is met, outputting the alarm notice.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110739093.XA CN113347045A (en) | 2021-06-30 | 2021-06-30 | Alarm message processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110739093.XA CN113347045A (en) | 2021-06-30 | 2021-06-30 | Alarm message processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113347045A true CN113347045A (en) | 2021-09-03 |
Family
ID=77481828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110739093.XA Pending CN113347045A (en) | 2021-06-30 | 2021-06-30 | Alarm message processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113347045A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612647A (en) * | 2021-09-10 | 2021-11-05 | 中国建设银行股份有限公司 | Alarm processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973653A (en) * | 2013-02-01 | 2014-08-06 | 上海迪爱斯通信设备有限公司 | Intelligent sensing analyzer |
| US20190386674A1 (en) * | 2018-06-18 | 2019-12-19 | Qualcomm Incorporated | Error resiliency for entropy coded audio data |
| CN111294218A (en) * | 2018-12-06 | 2020-06-16 | 云智慧(北京)科技有限公司 | Information processing method, device, system and storage medium |
| CN111782462A (en) * | 2020-06-13 | 2020-10-16 | 华青融天(北京)软件股份有限公司 | Alarm method and device and electronic equipment |
-
2021
- 2021-06-30 CN CN202110739093.XA patent/CN113347045A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973653A (en) * | 2013-02-01 | 2014-08-06 | 上海迪爱斯通信设备有限公司 | Intelligent sensing analyzer |
| US20190386674A1 (en) * | 2018-06-18 | 2019-12-19 | Qualcomm Incorporated | Error resiliency for entropy coded audio data |
| CN111294218A (en) * | 2018-12-06 | 2020-06-16 | 云智慧(北京)科技有限公司 | Information processing method, device, system and storage medium |
| CN111782462A (en) * | 2020-06-13 | 2020-10-16 | 华青融天(北京)软件股份有限公司 | Alarm method and device and electronic equipment |
Non-Patent Citations (4)
| Title |
|---|
| ALEXANDRE MOURADIAN.ETC: ""Preventing alarm storms in WSNs anomaly detection applications"", 《2014 IEEE 25TH ANNUAL INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR, AND MOBILE RADIO COMMUNICATION (PIMRC)》 * |
| 杨达达: ""IP网监控管理系统的设计及实践"", 《中国优秀硕士学位论文全文数据库 信息科技辑 》 * |
| 甘雯等: ""应对告警风暴告警的系统优化策略"", 《电信科学》 * |
| 胡秋秋: ""移动通信网络运行数据处理与分析"", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612647A (en) * | 2021-09-10 | 2021-11-05 | 中国建设银行股份有限公司 | Alarm processing method and device |
| CN113612647B (en) * | 2021-09-10 | 2022-12-27 | 中国建设银行股份有限公司 | Alarm processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110661659B (en) | Alarm method, device and system and electronic equipment | |
| CN108156006B (en) | Buried point data reporting method and device and electronic equipment | |
| CN110347716B (en) | Log data processing method, device, terminal equipment and storage medium | |
| CN103795580B (en) | A kind of data monitoring method, system and relevant device | |
| CN108572907B (en) | Alarm method, alarm device, electronic equipment and computer readable storage medium | |
| EP3425524A1 (en) | Cloud platform-based client application data calculation method and device | |
| EP2503733A1 (en) | Data collecting method, data collecting apparatus and network management device | |
| CN110830438A (en) | Abnormal log warning method and device and electronic equipment | |
| CN111538563A (en) | Event analysis method and device for Kubernetes | |
| CN110297746A (en) | A kind of data processing method and system | |
| CN113746703B (en) | Abnormal link monitoring method, system and device | |
| CN112015618A (en) | Abnormity warning method and device | |
| CN111130867B (en) | Intelligent household equipment alarm method and device based on Internet of things | |
| CN114090366A (en) | Method, device and system for monitoring data | |
| WO2015187001A2 (en) | System and method for managing resources failure using fast cause and effect analysis in a cloud computing system | |
| CN113206797A (en) | Flow control method and device, electronic equipment and storage medium | |
| CN114996085A (en) | Prometheus-based real-time service monitoring method and system | |
| CN111897834A (en) | Log searching method and device and server | |
| CN113347045A (en) | Alarm message processing method and device | |
| CN110442439B (en) | Task process processing method and device and computer equipment | |
| CN113760634A (en) | Data processing method and device | |
| JP2006331026A (en) | Message analysis system and message analysis program | |
| CN109687999A (en) | A kind of association analysis method of alarm failure, device and equipment | |
| CN107025148B (en) | Mass data processing method and device | |
| CN112580092B (en) | Sensitive file identification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |