CN110245208B - A retrieval and analysis method, device and medium based on big data storage - Google Patents

A retrieval and analysis method, device and medium based on big data storage Download PDF

Info

Publication number
CN110245208B
CN110245208B CN201910362509.3A CN201910362509A CN110245208B CN 110245208 B CN110245208 B CN 110245208B CN 201910362509 A CN201910362509 A CN 201910362509A CN 110245208 B CN110245208 B CN 110245208B
Authority
CN
China
Prior art keywords
field
events
searchable
event
retrieval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910362509.3A
Other languages
Chinese (zh)
Other versions
CN110245208A (en
Inventor
凌翔
秦昊
张东波
杨瑞
魏千洲
林利彬
刘智
张昱
王晓旭
郭旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Intelligent Manufacturing of Guangdong Academy of Sciences
Original Assignee
Guangdong Institute of Intelligent Manufacturing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Institute of Intelligent Manufacturing filed Critical Guangdong Institute of Intelligent Manufacturing
Priority to CN201910362509.3A priority Critical patent/CN110245208B/en
Publication of CN110245208A publication Critical patent/CN110245208A/en
Application granted granted Critical
Publication of CN110245208B publication Critical patent/CN110245208B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/31Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/3331Query processing
    • G06F16/334Query execution

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开一种基于大数据存储的检索分析方法、装置及介质,涉及数据存储分析技术领域,包括接收字段查询信息;根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;生成对应的现场可搜索事件的子集;识别子集中一个或多个事件中字段,并确定上述字段存在的唯一值的个数;显示所选的字段名称和所述唯一值的个数,字段名称为可在查询信息中引用的字段的字段名称;根据用户输入的条件,面向存储于各数据中心的海量大数据,基于特定的查询标准对一组可搜索事件进行查询,显示查询字段结果和唯一值数字,从而极大的提升检索的速率,改善大数据库检索的使用感受。

Figure 201910362509

The invention discloses a retrieval and analysis method, device and medium based on big data storage, and relates to the technical field of data storage analysis, including receiving field query information; searching for corresponding on-site searchable events in stored data according to the field query information, and the field-searchable event is an active event in terms of security or performance of one or more information technology systems; generating a corresponding subset of field-searchable events; identifying fields in one or more events in the subset, and determining that such fields exist The number of unique values; display the selected field name and the number of unique values, the field name is the field name of the field that can be referenced in the query information; Massive big data, query a set of searchable events based on specific query criteria, display query field results and unique value numbers, thereby greatly improving the retrieval speed and improving the experience of large database retrieval.

Figure 201910362509

Description

一种基于大数据存储的检索分析方法、装置及介质A retrieval and analysis method, device and medium based on big data storage

技术领域technical field

本发明涉及数据存储分析技术领域,尤其涉及一种基于大数据存储的检索分析方法、装置及介质。The invention relates to the technical field of data storage and analysis, in particular to a retrieval and analysis method, device and medium based on big data storage.

背景技术Background technique

在大数据的环境下,根据用户提供的条件快速和准确的检索到用户关心和感兴趣的信息,是大数据应用的基础和重要的组成部分。随着计算机技术的不断发展和信息化程度的不断提高,数据量迅速增长,面向海量数据存储及应用也随之蓬勃发展,大数据应用越来越广泛。如,在网络安全上,使用大数据技术分析网络攻击行为;在电子商务上,使用大数据技术分析用户购物喜好或最受青睐的商品;在城市建设上,利用大数据技术构建智慧城市,方便人民出行。诸如此类,大数据技术在建设节约型社会,提高生成效率等方面起到了积极的推动作用。In the big data environment, quickly and accurately retrieving the information that the user cares about and is interested in according to the conditions provided by the user is the foundation and an important part of the big data application. With the continuous development of computer technology and the continuous improvement of the degree of informatization, the amount of data has grown rapidly, and the storage and application of massive data has also flourished, and the application of big data has become more and more extensive. For example, in network security, big data technology is used to analyze network attacks; in e-commerce, big data technology is used to analyze users' shopping preferences or the most popular commodities; in urban construction, big data technology is used to build smart cities, which is convenient for People travel. In this way, big data technology has played a positive role in building a conservation-minded society and improving production efficiency.

但随着数据量的持续增大和大数据应用的不断发展,用于分业务或分省点存储数据的数据中心也越来越多。某些行业或机构常设立多个数据中心用于存储业务数据,如此在海量数据分析应用中,只能对单数据中心进行数据提取,对各数据中心的所有数据作为整体数据集进行分组、统计、排序等简单分析的需求也日益明显。在大数据应用中,将存储于各数据中心的海量数据作为整体进行分析是必备手段之一。However, with the continuous increase of data volume and the continuous development of big data applications, more and more data centers are used to store data by business or province. Some industries or institutions often set up multiple data centers to store business data, so in massive data analysis applications, data can only be extracted from a single data center, and all data in each data center can be grouped and counted as a whole data set. , sorting and other simple analysis requirements are also increasingly obvious. In big data applications, it is one of the necessary means to analyze the massive data stored in each data center as a whole.

发明内容SUMMARY OF THE INVENTION

本发明针对背景技术的问题提供一种基于大数据存储的检索分析方法、装置及介质,以达到提升检索的速率,改善大数据库检索的使用感受。In view of the problems of the background technology, the present invention provides a retrieval and analysis method, device and medium based on big data storage, so as to increase the retrieval speed and improve the use experience of retrieval of large databases.

为了实现上述目的,本发明提出一种基于大数据存储的检索分析方法,方法包括:In order to achieve the above purpose, the present invention proposes a retrieval and analysis method based on big data storage, the method comprising:

接收字段查询信息;Receive field query information;

根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;Searching the stored data for a corresponding on-site searchable event according to the field query information, wherein the on-site searchable event is an activity event in terms of security or performance of one or more information technology systems;

生成所述对应的现场可搜索事件的子集;generating a subset of the corresponding field searchable events;

识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;identifying fields in one or more events in the subset, and determining the number of unique values that exist for the fields;

显示所选的字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。The selected field name and the number of the unique values are displayed, wherein the field name is the field name of the field that can be referenced in the query information.

优选地,所述字段查询信息,包括但不限于:字段的值标准、和/或关键字的标准、和/或时间范围。Preferably, the field query information includes but is not limited to: field value criteria, and/or keyword criteria, and/or time range.

优选地,所述存储数据,包括:多组现场可搜索事件,其中,Preferably, the stored data includes: multiple groups of on-site searchable events, wherein,

各组现场可搜索事件中的每个事件均与时间戳关联;Each event in each set of field searchable events is associated with a timestamp;

各组现场可搜索事件中的每个事件均包括反映一个或多个信息技术系统中活动的机器数据;Each event in each set of field-searchable events includes machine data reflecting activity in one or more information technology systems;

各组现场可搜索事件中至少一个事件包括反映一个或多个信息技术系统中活动的日志数据;At least one event in each set of field-searchable events includes log data reflecting activity in one or more information technology systems;

各组现场可搜索事件中至少一个事件包括非结构化数据。At least one event in each set of field searchable events includes unstructured data.

优选地,还包括:Preferably, it also includes:

显示具有字段并且存在于子集事件中的两个或更多个事件的信息,其中,所述两个或更多个事件以对应于字段的排序进行顺序显示。Displays information for two or more events having fields and present in a subset of events, wherein the two or more events are displayed in an order corresponding to the ordering of the fields.

优选地,所述字段的值标准,其中,所述字段存在于一组字段可搜索事件中的一个或多个事件中。Preferably, the value criteria of the field, wherein the field exists in one or more events in a set of field searchable events.

优选地,所述关键字的标准,具体为:要求匹配事件具有特定关键字的标准。Preferably, the criterion of the keyword is specifically: a criterion that requires the matching event to have a specific keyword.

本发明还提出一种基于大数据存储的检索分析装置,包括:The present invention also proposes a retrieval and analysis device based on big data storage, including:

查询接收器,用于接收字段查询信息;Query receiver, used to receive field query information;

查询执行器,用于根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;生成所述对应的现场可搜索事件的子集;识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;a query executor, configured to search the stored data for a corresponding field searchable event according to the field query information, wherein the field searchable event is an activity event in terms of security or performance of one or more information technology systems; generating a subset of the corresponding on-site searchable events; identifying fields in one or more events in the subset, and determining the number of unique values that exist for the fields;

数据存储器,用于存储多组现场可搜索事件;Data memory for storing multiple sets of field searchable events;

字段选择器,用于选择并显示字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。The field selector is used to select and display the field name and the number of the unique values, wherein the field name is the field name of the field that can be referenced in the query information.

优选地,还包括:数据存储器,用于存储多组现场可搜索事件。Preferably, it also includes: a data storage for storing a plurality of sets of field searchable events.

优选地,所述字段选择器,还用于显示现场可搜索事件的子集中的一个或多个事件的信息。Preferably, the field selector is also used to display information about one or more events in the subset of live searchable events.

本发明还提出一种计算机可读存储介质,其上存储计算机程序指令,所述计算机程序指令在被处理器执行时实现所述基于大数据存储的检索分析方法。The present invention also provides a computer-readable storage medium on which computer program instructions are stored, and when executed by a processor, the computer program instructions implement the retrieval and analysis method based on big data storage.

本发明提出一种基于大数据存储的检索分析方法、装置及介质,根据用户输入的条件,面向存储于各数据中心的海量大数据,基于特定的查询标准对一组可搜索事件进行查询,显示查询字段结果和唯一值数字,从而极大的提升检索的速率,改善大数据库检索的使用感受。The present invention provides a retrieval and analysis method, device and medium based on big data storage. According to the conditions input by the user, facing the massive big data stored in each data center, a set of searchable events is queried based on specific query criteria, and the display is displayed. Query field results and unique value numbers, thereby greatly improving the retrieval rate and improving the experience of large database retrieval.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图示出的结构获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention, and for those of ordinary skill in the art, other drawings can also be obtained according to the structures shown in these drawings without creative efforts.

图1为本发明一种实施例中基于大数据存储的检索分析方法流程图;1 is a flowchart of a retrieval and analysis method based on big data storage in an embodiment of the present invention;

图2为本发明一种实施例中现场可搜索事件示意图;FIG. 2 is a schematic diagram of an on-site searchable event in an embodiment of the present invention;

图3为本发明一种实施例中基于大数据存储的检索分析装置结构示意图;3 is a schematic structural diagram of a retrieval and analysis device based on big data storage in an embodiment of the present invention;

图4为本发明一种实施例中计算机储存介质结构示意图;4 is a schematic structural diagram of a computer storage medium in an embodiment of the present invention;

本发明目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics and advantages of the present invention will be further described with reference to the accompanying drawings in conjunction with the embodiments.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

需要说明,若本发明实施例中有涉及方向性指示(诸如上、下、左、右、前、后……),则该方向性指示仅用于解释在某一特定姿态(如附图所示)下各部件之间的相对位置关系、运动情况等,如果该特定姿态发生改变时,则该方向性指示也相应地随之改变。It should be noted that if there are directional indications (such as up, down, left, right, front, back, etc.) involved in the embodiments of the present invention, the directional indications are only used to explain a certain posture (as shown in the accompanying drawings). If the specific posture changes, the directional indication also changes accordingly.

另外,若本发明实施例中有涉及“第一”、“第二”等的描述,则该“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本发明要求的保护范围之内。In addition, if there are descriptions involving "first", "second", etc. in the embodiments of the present invention, the descriptions of "first", "second", etc. are only used for the purpose of description, and should not be construed as indicating or implying Its relative importance or implicitly indicates the number of technical features indicated. Thus, a feature delimited with "first", "second" may expressly or implicitly include at least one of that feature. In addition, the technical solutions between the various embodiments can be combined with each other, but must be based on the realization by those of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be realized, it should be considered that the combination of such technical solutions does not exist. , is not within the scope of protection required by the present invention.

系统架构:本发明执行设备可以是局域网内的设备,也可以是互联网上的设备,可以是个人电脑,也可以是服务器、工作站等;System architecture: The execution device of the present invention can be a device in a local area network, or a device on the Internet, a personal computer, a server, a workstation, etc.;

本发明提出的一种基于大数据存储的检索分析方法;A retrieval and analysis method based on big data storage proposed by the present invention;

本发明第一优选实施例中,如图1所示,方法包括:In the first preferred embodiment of the present invention, as shown in FIG. 1 , the method includes:

S100、接收字段查询信息;S100, receiving field query information;

本发明实施例中,通过执行设备接收用户输入的目标字段查询的信息,所述字段查询信息,包括但不限于:字段的值标准、和/或关键字的标准、和/或时间范围;具体为:所述字段存在于一组字段可搜索事件中的一个或多个事件中、要求匹配事件具有特定关键字的标准、用于搜索所述一组现场可搜索事件的查询与匹配事件必须落入其中的时间范围相关联;In this embodiment of the present invention, the information about the target field query input by the user is received by the execution device, and the field query information includes but is not limited to: field value criteria, and/or keyword criteria, and/or time range; specifically For: the field is present in one or more of a set of field-searchable events, criteria that requires matching events to have a specific keyword, the query used to search the set of field-searchable events must fall within the matching event associated with the time frame entered therein;

S200、根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;S200. Search the stored data for a corresponding on-site searchable event according to the field query information, wherein the on-site searchable event is an activity event in terms of security or performance of one or more information technology systems;

本发明实施例中,基于各数据中心存储的大数据进行事件的检索,In the embodiment of the present invention, the retrieval of events is performed based on the big data stored in each data center,

本发明实施例中,存储有多组现场可搜索事件,其中,各组现场可搜索事件中的每个事件均与时间戳关联;各组现场可搜索事件中的每个事件均包括反映一个或多个信息技术系统中活动的机器数据;各组现场可搜索事件中至少一个事件包括反映一个或多个信息技术系统中活动的日志数据;各组现场可搜索事件中至少一个事件包括非结构化数据;In this embodiment of the present invention, a plurality of groups of on-site searchable events are stored, wherein each event in each group of on-site searchable events is associated with a timestamp; each event in each group of on-site searchable events includes a Machine data of activity in multiple information technology systems; at least one event in each group of field-searchable events includes log data reflecting activity in one or more information technology systems; at least one event in each group of field-searchable events includes unstructured data;

举例说明:如图2所示,存储的可搜索事件集中包括事件1至事件N,其中N个时间均与时间戳相关联,事件1包含了:字段、机器数据、日志数据及非结构化数据;事件N则包含了:字段、机器数据和非结构化数据;通过事件关联时间戳及查询设定所述时间范围的方式,且在各子集中提取出事件的关键信息,以实现有针对性的查询搜索从而提高检索速度;Example: As shown in Figure 2, the stored searchable event set includes event 1 to event N, where N times are associated with timestamps, and event 1 includes: fields, machine data, log data and unstructured data ; Event N includes: fields, machine data and unstructured data; the time range is set through the event associated timestamp and query, and the key information of the event is extracted from each subset to achieve targeted query search to improve retrieval speed;

S300、生成所述对应的现场可搜索事件的子集;S300, generating a subset of the corresponding on-site searchable events;

S400、识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;S400, identifying the fields in one or more events in the subset, and determining the number of unique values existing in the above fields;

S500、显示所选的字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。S500. Display the selected field name and the number of the unique values, where the field name is a field name of a field that can be referenced in the query information.

本发明实施例中,显示具有字段并且存在于子集事件中的两个或更多个事件的信息,其中,所述两个或更多个事件以对应于字段的排序进行顺序显示;显示对应于字段存在唯一值的个数及可在查询中引用字段的字段名称(用于指定字段标准以进一步过滤事件的子集),还显示关于事件子集中的一个或多个事件的信息;且接收用户对字段名称的选择,隐藏不包含所选字段的至少一个先前显示的事件。In this embodiment of the present invention, the information of two or more events having fields and existing in a subset of events is displayed, wherein the two or more events are displayed in order in the order corresponding to the fields; The number of unique values that exist for the field and the field name by which the field can be referenced in queries (used to specify field criteria to further filter the subset of events), and also display information about one or more events in the subset of events; and receive User selection of a field name, hides at least one previously displayed event that does not contain the selected field.

本发明实施例中,使得直方图的显示指示所述事件子集中有多少事件与落入多个时间范围中的每个时间范围内的时间戳相关联。In this embodiment of the present invention, the display of the histogram is made to indicate how many events in the event subset are associated with timestamps that fall within each of the multiple time ranges.

本发明实施例中,使得对应于在事件子集的一个或多个事件中存在的第二字段的事件子集中存在多少个唯一值的至少第二数字的显示;In this embodiment of the present invention, the display of at least the second number corresponding to how many unique values exist in the event subset corresponding to the second field existing in one or more events of the event subset;

本发明还提出一种基于大数据存储的检索分析装置,该装置的硬件结构包括显示器、处理器及储存器;The present invention also provides a retrieval and analysis device based on big data storage, the hardware structure of the device includes a display, a processor and a storage;

本发明第二优选实施例中,如图3所示,包括:In the second preferred embodiment of the present invention, as shown in FIG. 3 , it includes:

查询接收器,用于接收字段查询信息;Query receiver, used to receive field query information;

查询执行器,用于根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;生成所述对应的现场可搜索事件的子集;识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;a query executor, configured to search the stored data for a corresponding field searchable event according to the field query information, wherein the field searchable event is an activity event in terms of security or performance of one or more information technology systems; generating a subset of the corresponding on-site searchable events; identifying fields in one or more events in the subset, and determining the number of unique values that exist for the fields;

数据存储器,用于存储多组现场可搜索事件;Data memory for storing multiple sets of field searchable events;

字段选择器,用于选择并显示字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。The field selector is used to select and display the field name and the number of the unique values, wherein the field name is the field name of the field that can be referenced in the query information.

本发明实施例中,具体各器件的技术细节在第一优先实施例中已经阐述,此处不再复述;In the embodiment of the present invention, the technical details of the specific components have been described in the first preferred embodiment, and will not be repeated here;

本发明还提出一种计算机可读存储介质;The present invention also provides a computer-readable storage medium;

本发明第三优选实施例中,如图4所示,其上存储计算机程序指令,所述计算机程序指令在被处理器执行时实现所述基于大数据存储的检索分析方法,例如:In the third preferred embodiment of the present invention, as shown in FIG. 4 , computer program instructions are stored thereon, and when the computer program instructions are executed by the processor, the retrieval and analysis method based on large data storage is implemented, for example:

S100、接收字段查询信息;S100, receiving field query information;

S200、根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;S200. Search the stored data for a corresponding on-site searchable event according to the field query information, wherein the on-site searchable event is an activity event in terms of security or performance of one or more information technology systems;

S300、生成所述对应的现场可搜索事件的子集;S300, generating a subset of the corresponding on-site searchable events;

S400、识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;S400, identifying the fields in one or more events in the subset, and determining the number of unique values existing in the above fields;

S500、显示所选的字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。S500. Display the selected field name and the number of the unique values, where the field name is a field name of a field that can be referenced in the query information.

本发明实施例中,具体各器件的技术细节在第一优先实施例中已经阐述,此处不再复述;In the embodiment of the present invention, the technical details of the specific components have been described in the first preferred embodiment, and will not be repeated here;

在本发明的实施方式的描述中,需要说明的是,流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。In the description of the embodiments of the present invention, it should be noted that any process or method description in the flow chart or otherwise described herein may be understood to mean that it includes one or more functions for implementing a specific logic function or modules, segments, or portions of code of executable instructions for the steps of a process, and the scope of the preferred embodiments of the present invention includes alternative implementations, which may not be in the order shown or discussed, including on a rudimentary basis depending on the functionality involved The functions are performed in a concurrent manner or in the reverse order, as would be understood by those skilled in the art to which embodiments of the invention pertain.

在流程图中表示或在此以其他方式描述的逻辑和/或步骤,例如,可以被认为是用于实现逻辑功能的可执行指令的定序列表,可以具体实现在任何计算机可读介质中,以供指令执行系统、装置或设备(如基于计算机的系统、包括处理模块的系统或其他可以从指令执行系统、装置或设备取指令并执行指令的系统)使用,或结合这些指令执行系统、装置或设备而使用。就本说明书而言,“计算机可读取介质”可以是任何可以包含、存储、通信、传播或传输程序以供指令执行系统、装置或设备或结合这些指令执行系统、装置或设备而使用的装置。计算机可读介质的更具体的示例(非穷尽性列表)包括以下:具有一个或多个布线的电连接部(电子装置),便携式计算机盘盒(磁装置),随机存取存储器,只读存储器,可擦除可编辑只读存储器,光纤装置,以及便携式光盘只读存储器。另外,计算机可读取介质甚至可以是可在其上打印所述程序的纸或其他合适的介质,因为可以例如通过对纸或其他介质进行光学扫描,接着进行编辑、解译或必要时以其他合适方式进行处理来以电子方式获得所述程序,然后将其存储在计算机存储器中。The logic and/or steps represented in flowcharts or otherwise described herein, for example, may be considered an ordered listing of executable instructions for implementing the logical functions, may be embodied in any computer-readable medium, For use by an instruction execution system, apparatus or apparatus (such as a computer-based system, a system including a processing module, or other system that can fetch instructions from and execute instructions from an instruction execution system, apparatus or apparatus), or in conjunction with such instruction execution system, apparatus or equipment. For the purposes of this specification, a "computer-readable medium" can be any device that can contain, store, communicate, propagate, or transport the program for use by or in conjunction with an instruction execution system, apparatus, or apparatus . More specific examples (non-exhaustive list) of computer readable media include the following: electrical connections with one or more wiring (electronic devices), portable computer disk cartridges (magnetic devices), random access memory, read only memory , Erasable Editable ROM, Fiber Optic Devices, and Portable Optical ROM. In addition, the computer readable medium may even be paper or other suitable medium on which the program may be printed, as the paper or other medium may be optically scanned, for example, and then edited, interpreted or otherwise rewritten as necessary. Process in a suitable manner to obtain the program electronically and then store it in computer memory.

以上所述仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是在本发明的发明构思下,利用本发明说明书及附图内容所作的等效结构变换,或直接/间接运用在其他相关的技术领域均包括在本发明的专利保护范围内。The above descriptions are only the preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Under the inventive concept of the present invention, the equivalent structural transformations made by the contents of the description and drawings of the present invention, or the direct/indirect application Other related technical fields are included in the scope of patent protection of the present invention.

Claims (9)

1.一种基于大数据存储的检索分析方法,其特征在于,方法包括:1. a retrieval analysis method based on big data storage, is characterized in that, method comprises: 接收字段查询信息;Receive field query information; 根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;Searching the stored data for a corresponding on-site searchable event according to the field query information, wherein the on-site searchable event is an activity event in terms of security or performance of one or more information technology systems; 生成所述对应的现场可搜索事件的子集;generating a subset of the corresponding field searchable events; 识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;identifying fields in one or more events in the subset, and determining the number of unique values that exist for the fields; 显示所选的字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称;Display the selected field name and the number of the unique values, wherein the field name is the field name of the field that can be referenced in the query information; 所述存储数据,包括:多组现场可搜索事件,其中,The stored data includes: a plurality of groups of on-site searchable events, wherein, 各组现场可搜索事件中的每个事件均与时间戳关联;Each event in each set of field searchable events is associated with a timestamp; 各组现场可搜索事件中的每个事件均包括反映一个或多个信息技术系统中活动的机器数据;Each event in each set of field-searchable events includes machine data reflecting activity in one or more information technology systems; 各组现场可搜索事件中至少一个事件包括反映一个或多个信息技术系统中活动的日志数据;At least one event in each set of field-searchable events includes log data reflecting activity in one or more information technology systems; 各组现场可搜索事件中至少一个事件包括非结构化数据。At least one event in each set of field searchable events includes unstructured data. 2.根据权利要求1所述的基于大数据存储的检索分析方法,其特征在于,所述字段查询信息,包括但不限于:字段的值标准、和/或关键字的标准、和/或时间范围。2. The retrieval analysis method based on big data storage according to claim 1, wherein the field query information includes but is not limited to: field value criteria, and/or keyword criteria, and/or time scope. 3.根据权利要求1所述的基于大数据存储的检索分析方法,其特征在于,还包括:3. The retrieval analysis method based on big data storage according to claim 1, is characterized in that, also comprises: 显示具有字段并且存在于子集事件中的两个或更多个事件的信息,其中,所述两个或更多个事件以对应于字段的排序进行顺序显示。Displays information for two or more events having fields and present in a subset of events, wherein the two or more events are displayed in an order corresponding to the ordering of the fields. 4.根据权利要求2所述的基于大数据存储的检索分析方法,其特征在于,所述字段的值标准,其中,所述字段存在于一组字段可搜索事件中的一个或多个事件中。4. The retrieval and analysis method based on big data storage according to claim 2, wherein the value standard of the field, wherein the field exists in one or more events in a set of field searchable events . 5.根据权利要求2所述的基于大数据存储的检索分析方法,其特征在于,所述关键字的标准,具体为:要求匹配事件具有特定关键字的标准。5 . The retrieval and analysis method based on big data storage according to claim 2 , wherein the criterion of the keyword is specifically: a criterion that requires a matching event to have a specific keyword. 6 . 6.一种基于大数据存储的检索分析装置,应用于如权利要求1-5任一所述的检索分析方法,其特征在于,包括:6. A retrieval analysis device based on big data storage, applied to the retrieval analysis method according to any one of claims 1-5, characterized in that, comprising: 查询接收器,用于接收字段查询信息;Query receiver, used to receive field query information; 查询执行器,用于根据所述字段查询信息在存储数据中搜索对应的现场可搜索事件,其中,所述现场可搜索事件为一个或多个信息技术系统的安全性或性能方面的活动事件;生成所述对应的现场可搜索事件的子集;识别所述子集中一个或多个事件中的字段,并确定上述字段存在的唯一值的个数;a query executor, configured to search the stored data for a corresponding field searchable event according to the field query information, wherein the field searchable event is an activity event in terms of security or performance of one or more information technology systems; generating a subset of the corresponding on-site searchable events; identifying fields in one or more events in the subset, and determining the number of unique values that exist for the fields; 字段选择器,用于选择并显示字段名称和所述唯一值的个数,其中,所述字段名称为可在查询信息中引用的字段的字段名称。The field selector is used to select and display the field name and the number of the unique values, wherein the field name is the field name of the field that can be referenced in the query information. 7.根据权利要求6所述的基于大数据存储的检索分析装置,其特征在于,还包括:数据存储器,用于存储多组现场可搜索事件。7 . The retrieval and analysis device based on big data storage according to claim 6 , further comprising: a data storage for storing multiple groups of on-site searchable events. 8 . 8.根据权利要求6所述的基于大数据存储的检索分析装置,其特征在于,所述字段选择器,还用于显示现场可搜索事件的子集中的一个或多个事件的信息。8 . The retrieval and analysis device based on big data storage according to claim 6 , wherein the field selector is further configured to display information of one or more events in the subset of on-site searchable events. 9 . 9.一种计算机可读存储介质,其上存储计算机程序指令,其特征在于,所述计算机程序指令在被处理器执行时实现如权利要求1-5中任一项所述的方法。9. A computer-readable storage medium on which computer program instructions are stored, wherein the computer program instructions, when executed by a processor, implement the method according to any one of claims 1-5.
CN201910362509.3A 2019-04-30 2019-04-30 A retrieval and analysis method, device and medium based on big data storage Active CN110245208B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910362509.3A CN110245208B (en) 2019-04-30 2019-04-30 A retrieval and analysis method, device and medium based on big data storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910362509.3A CN110245208B (en) 2019-04-30 2019-04-30 A retrieval and analysis method, device and medium based on big data storage

Publications (2)

Publication Number Publication Date
CN110245208A CN110245208A (en) 2019-09-17
CN110245208B true CN110245208B (en) 2022-05-24

Family

ID=67883581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910362509.3A Active CN110245208B (en) 2019-04-30 2019-04-30 A retrieval and analysis method, device and medium based on big data storage

Country Status (1)

Country Link
CN (1) CN110245208B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240143482A1 (en) * 2022-10-31 2024-05-02 Bitdrift, Inc Systems and methods for providing a timeline view of log information for a client application

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081669A (en) * 2011-01-24 2011-06-01 哈尔滨工业大学 Hierarchical retrieval method for multi-source remote sensing resource heterogeneous databases
CN104636468A (en) * 2015-02-10 2015-05-20 广州供电局有限公司 Data query analysis method and system
CN107122358A (en) * 2016-02-24 2017-09-01 阿里巴巴集团控股有限公司 Mix querying method and equipment
CN108062384A (en) * 2017-12-13 2018-05-22 阿里巴巴集团控股有限公司 The method and apparatus of data retrieval

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8392418B2 (en) * 2009-06-25 2013-03-05 University Of Tennessee Research Foundation Method and apparatus for predicting object properties and events using similarity-based information retrieval and model
US20130124496A1 (en) * 2011-11-11 2013-05-16 Microsoft Corporation Contextual promotion of alternative search results
US9516052B1 (en) * 2015-08-01 2016-12-06 Splunk Inc. Timeline displays of network security investigation events
CN108874990A (en) * 2018-06-12 2018-11-23 亓富军 A kind of method and system extracted based on power technology journal article unstructured data
CN108984718A (en) * 2018-07-10 2018-12-11 四川汇源吉迅数码科技有限公司 A kind of digital content interactive system and exchange method based on big data technology
CN109033387B (en) * 2018-07-26 2021-09-24 广州大学 An Internet of Things search system, method and storage medium integrating multi-source data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081669A (en) * 2011-01-24 2011-06-01 哈尔滨工业大学 Hierarchical retrieval method for multi-source remote sensing resource heterogeneous databases
CN104636468A (en) * 2015-02-10 2015-05-20 广州供电局有限公司 Data query analysis method and system
CN107122358A (en) * 2016-02-24 2017-09-01 阿里巴巴集团控股有限公司 Mix querying method and equipment
CN108062384A (en) * 2017-12-13 2018-05-22 阿里巴巴集团控股有限公司 The method and apparatus of data retrieval

Also Published As

Publication number Publication date
CN110245208A (en) 2019-09-17

Similar Documents

Publication Publication Date Title
US8244725B2 (en) Method and apparatus for improved relevance of search results
US9043310B2 (en) Accessing a dimensional data model when processing a query
US11966419B2 (en) Systems and methods for combining data analyses
US8370331B2 (en) Dynamic visualization of search results on a graphical user interface
JP5710851B2 (en) System and method for impact analysis
US20140297614A1 (en) Location-based serach and map display
CN110990447B (en) Data exploration method, device, equipment and storage medium
US20110252018A1 (en) System and method for creating search index on cloud database
US20210065245A1 (en) Using machine learning to discern relationships between individuals from digital transactional data
US10152510B2 (en) Query hint learning in a database management system
KR102249466B1 (en) Data catalog providing method and system for providing recommendation information using artificial intelligence recommendation model
US9779135B2 (en) Semantic related objects
CN110546633A (en) Named entity based category tag addition for documents
US20160342646A1 (en) Database query cursor management
CN109791797B (en) System, apparatus and method for searching and displaying available information based on chemical structure similarity in large database
Aboulnaga et al. μbe: User guided source selection and schema mediation for internet scale data integration
CN110245208B (en) A retrieval and analysis method, device and medium based on big data storage
CN107402982A (en) Data write-in, data matching method, device and computing device
Karmaker Santu et al. Modeling the influence of popular trending events on user search behavior
Li et al. Crowdsourced top-k queries by pairwise preference judgments with confidence and budget control
KR102153259B1 (en) Data domain recommendation method and method for constructing integrated data repository management system using recommended domain
US20180285365A1 (en) Customized application programming interface presentation
US8473496B2 (en) Utilizing density metadata to process multi-dimensional data
US10417439B2 (en) Post-hoc management of datasets
CN113625967A (en) Data storage method, data query method and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 510000 building 13, 100 martyrs Road, Yuexiu District, Guangzhou, Guangdong.

Patentee after: Institute of intelligent manufacturing, Guangdong Academy of Sciences

Address before: 510000 building 13, 100 martyrs Road, Yuexiu District, Guangzhou, Guangdong.

Patentee before: GUANGDONG INSTITUTE OF INTELLIGENT MANUFACTURING