CN110825592A - Method and computing device for generating alarm content - Google Patents
Method and computing device for generating alarm content Download PDFInfo
- Publication number
- CN110825592A CN110825592A CN201911077510.8A CN201911077510A CN110825592A CN 110825592 A CN110825592 A CN 110825592A CN 201911077510 A CN201911077510 A CN 201911077510A CN 110825592 A CN110825592 A CN 110825592A
- Authority
- CN
- China
- Prior art keywords
- alarm
- event log
- priority
- event
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
Abstract
The invention discloses a method for generating alarm content, which is executed in a computing device, wherein the computing device is provided with an alarm rule, and the method comprises the following steps: receiving an alarm template set by a client according to the type of the alarm content; when detecting that an alarm rule is triggered, selecting an event log with the highest final priority from the event logs before the alarm rule is triggered as an alarm log; and generating alarm content based on the alarm log and the alarm template. The invention also discloses a computing device. The method for generating the alarm content is beneficial to quickly and efficiently judging the core problem of triggering the alarm event based on the alarm content, thereby timely and effectively processing the alarm event.
Description
Technical Field
The invention relates to the technical field of monitoring alarm, in particular to a method and computing equipment for generating alarm content.
Background
The occurrence of an exception event, such as a program exception, in a computing device is inevitable. When an abnormal event occurs, it is important for a technician to be able to obtain the key information of the abnormal event at the first time and respond to and solve the abnormal event in time. Since different types of events contain different key information and even for the same event, different technicians focus on different key information. Therefore, how to flexibly customize the alarm content based on the event log is very necessary.
When monitoring abnormal events, the log monitoring system does not give an alarm for each abnormal event in order to avoid repeated alarm. Therefore, the developer configures the corresponding alarm rule in the monitoring system. For example, if a Y-type event occurs N times in the last X minutes, an alarm rule is triggered to alarm, and the content of an alarm usually includes all abnormal event logs monitored over a period of time and the alarm rule.
However, if the alarm content is simply a description that the event triggered the alarm rule, the alarm recipient cannot obtain the key information from the alarm content. If the alarm content is simply the content of all event logs spliced together, the alarm receiver is difficult to screen out the key information from the alarm content. Moreover, the content of the event log is usually long, and if all event logs are spliced together, the length of the final alarm content is too long, which may cause the alarm content to be limited and unable to be sent or unable to be sent completely.
For this reason, a method of generating alarm contents is required to solve the problems in the above alarm method.
Disclosure of Invention
To this end, the present invention provides a new method of generating alert content in an attempt to solve, or at least alleviate, the problems identified above.
According to one aspect of the present invention, there is provided a method of generating alert content, performed in a computing device having alert rules configured therein, comprising: receiving an alarm template set by a client according to the type of the alarm content; when detecting that an alarm rule is triggered, selecting an event log with the highest final priority from the event logs before the alarm rule is triggered as an alarm log; and generating alarm content based on the alarm log and the alarm template.
Optionally, in the method for generating alarm content according to the present invention, the event log includes one or more priorities, and before selecting an event log with the highest final priority from a plurality of event logs before the alarm rule is triggered, the method further includes the steps of: monitoring event logs, and acquiring a plurality of event logs before the alarm rule is triggered; determining the abnormal type of each event log, and respectively counting the abnormal type of each event log to generate an event log list; determining the priority included by the event log according to the abnormal type of the event log; and determining the final priority of the event log according to the priority included in the event log.
Optionally, in the method for generating alarm content according to the present invention, the step of determining the priority included in the event log includes: determining the exception type with the largest occurrence number in the event logs based on the event log list; traversing the event log list, and judging whether the abnormal type of the event log is the abnormal type with the largest occurrence frequency; if so, determining that the event log comprises a first priority.
Optionally, in the method for generating alarm content according to the present invention, the event logs in the event log list are arranged according to a chronological order, and the step of determining the priority included in the event logs further includes: traversing the event log list, and judging whether the abnormal type of the event log is the abnormal type which appears for the first time in a preset time period; and if so, determining that the event log comprises a second priority.
Optionally, in the method for generating alarm content according to the present invention, the step of determining the priority included in the event log further includes: judging whether the mark of the event log is delayed processing or not; if so, determining that the event log comprises a third priority.
Optionally, in the method for generating alarm content according to the present invention, the step of determining the priority included in the event log further includes: judging whether the mark of the event log is not required to be processed; if so, determining that the event log comprises a fourth priority.
Optionally, in the method of generating alarm content according to the present invention, the one or more priorities include a first priority, a second priority, a third priority, and a fourth priority; the priority levels of the first priority level, the second priority level, the third priority level and the fourth priority level are sequentially reduced.
Optionally, in the method for generating an alarm content according to the present invention, the method further includes the steps of: receiving a plurality of previous client settings and a plurality of previous alert templates generated; storing a plurality of previous alarm templates in a data storage device to generate an alarm template list; the step of receiving the alarm template set by the client according to the type of the alarm content comprises the following steps: providing the alarm template list to a client so that the client can select an alarm template from the alarm template list;
and acquiring the alarm template selected by the client from the data storage device.
Optionally, in the method for generating the alarm content according to the present invention, after generating the alarm content, the method further includes the steps of: sending the alarm content to the client; acquiring a feedback mark of the client to an alarm log corresponding to the received alarm content; and storing the alarm logs and the corresponding feedback marks in a data storage device, and generating a log mark list so as to determine marks corresponding to a new event log based on the log mark list when the new event log is acquired.
Optionally, in the method of generating alert content according to the present invention, the feedback flag includes a required process, an unnecessary process, and a delayed process.
Optionally, in the method for generating the alarm content according to the present invention, the alarm template is a Freemarker template.
Optionally, in the method of generating alarm content according to the present invention, the alarm content includes key field information of an alarm log.
According to an aspect of the present invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the method of generating alert content as described above.
According to an aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the method as described above.
According to the technical scheme of the invention, the event logs are monitored, when the alarm rule is detected to be triggered, the event logs for triggering the alarm rule are obtained, one event log with the highest final priority is selected from the event logs for triggering the alarm rule to serve as the alarm log, and the alarm content is generated based on the alarm log and the alarm template and then sent to the client. Finally, the event log with the highest priority reflects the event which can reflect the alarm condition of the time most in the event logs triggering the alarm rule, so that technical personnel can quickly and efficiently judge the core problem of triggering the alarm event from the obtained alarm content, and the alarm event can be processed more timely and effectively.
Furthermore, the client user sets the alarm template based on the type of the alarm content, and the content in the alarm log is customized according to the alarm template, so that the method is beneficial to simplifying the alarm content, the alarm content is short, and the key information in the alarm log can be displayed.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a schematic diagram of a monitoring alarm system 100 according to one embodiment of the present invention;
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention;
FIG. 3 shows a flow diagram of a method 300 of generating alert content according to one embodiment of the present invention;
fig. 4 shows a schematic diagram of an alarm device 400 according to an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
FIG. 1 shows a schematic diagram of a monitoring alarm system 100 according to one embodiment of the present invention. As shown in FIG. 1, monitoring and alarm system 100 includes a computing device 200 and one or more clients 110. The computing device 200 is resident with an alarm device, the alarm device is configured with corresponding alarm rules, and the alarm device monitors abnormal events of each application program in the computing device 200 and gives an alarm based on the alarm rules.
The client 110 is a terminal device used by a user, and may specifically be a personal computer such as a desktop computer and a notebook computer, or may also be a mobile phone, a tablet computer, a multimedia device, an intelligent wearable device, and the like, but is not limited thereto. Computing device 200 may be implemented as an application server, a Web server, or the like; but may also be implemented as a computing device such as a desktop computer, a notebook computer, a processor chip, a mobile phone, a tablet computer, etc., but is not limited thereto. Computing device 200 is networked with clients 110, either by wired or wireless means, to communicate with clients 110.
In the embodiment according to the present invention, the alarm apparatus 400 resides in the computing device 200, and the alarm apparatus 400 monitors an event log generated when an abnormal event occurs in each application program, detects whether an alarm rule is triggered, and alarms when it is detected that the alarm rule is triggered. It should be noted that multiple event logs generated over a predetermined period of time trigger an alarm rule. Here, the present invention is not limited to a specific number of the plurality of event logs that trigger the alarm rule, and the specific number of event logs may be set by those skilled in the art by configuring the alarm rule.
In an embodiment consistent with the invention, a user may set an alert template at client 110 according to the type of alert content and the alert template is sent by client 110 to computing device 200. When the alarm rule is detected to be triggered, the alarm device acquires a plurality of event logs before the alarm rule is triggered, selects the event log with the highest final priority from the event logs as the alarm log, and generates corresponding alarm content based on the alarm log and the alarm template. In turn, the computing device 200 sends the alert content to the client. It should be understood that the event logs before the alarm rule is triggered are the event logs for alarming when the alarm rule is triggered.
In one embodiment, the computing device 200 may send the alert content to a social application of the client 110 over a network, such that the user obtains the alert content through the social application. Here, the social application is, for example, an application such as a short message, a mail, or a nail, and the specific category of the social application is not limited by the present invention. After obtaining the alarm content, the client 110 may make a feedback flag for the alarm content, where the feedback flag is a flag made based on an alarm log corresponding to the alarm content.
In one embodiment, monitoring and alarm system 100 further includes data storage device 130, where data storage device 130 may be a local database residing in computing device 200, or may be disposed at a plurality of geographic locations as a distributed database, such as HBase, and in short, data storage device 130 is used to store data, and the specific deployment and configuration of data storage device 130 is not limited by the present invention. The computing device 200 may connect with the data storage 130 and retrieve data stored in the data storage 130. For example, the computing device 200 may directly read the data in the data storage device 130 (when the data storage device 130 is a local database of the computing device 200), or may access the internet in a wired or wireless manner, and obtain the data in the data storage device 130 through a data interface.
In one embodiment, the computing device 200 generates an alert template list corresponding to each type of alert content by receiving a plurality of previous alert templates that were set by a plurality of previous clients 110 according to the type of previous alert content and generated, and storing the obtained plurality of previous alert templates in a data store. Here, each item in the alert template list includes a type of alert content and an alert template corresponding to the type of alert content. In this way, when the technician performs relevant settings for the current alarm, the computing device 200 may provide the current client 110 with an alarm template list, so that the current client 110 directly selects a corresponding alarm template from the alarm template list based on the type of the current alarm content and feeds the corresponding alarm template back to the computing device, and the computing device 200 directly obtains the alarm template from the data storage device according to the options of the client 110. Based on the above embodiment, the operation step of user-defined setting at the client 110 is omitted, convenience and rapidness are achieved, and the alarm template can be determined based on the type of the alarm content.
FIG. 2 shows a block diagram of a computing device 200, according to one embodiment of the invention. As shown in FIG. 2, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a Digital Signal Processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. Example processor cores 214 may include Arithmetic Logic Units (ALUs), Floating Point Units (FPUs), digital signal processing cores (DSP cores), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 106 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is actually a plurality of program instructions for instructing the processor 204 to perform corresponding operations. In some embodiments, application 222 may be arranged to cause processor 204 to operate with program data 224 on an operating system.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
In one embodiment, computing device 200 of the present invention may perform the method of generating alert content of the present invention.
In a computing device 200 according to the present invention, the application 222 includes an alert apparatus 400, the alert apparatus 400 including a plurality of program instructions that can instruct the processor 204 to perform the method 300 of generating alert content. The alert apparatus 400 resides in a computing device 200 such that the computing device 200 performs the method 300 of generating alert content.
FIG. 3 shows a flow diagram of a method 300 of generating alert content according to one embodiment of the present invention. Method 300 is suitable for execution in a computing device, such as computing device 200 described above, in which alert rules are preconfigured. Here, the present invention does not limit the specific setting of the alarm rule, and the alarm rule can be set by a person skilled in the art according to the actual requirement.
It should be noted that each application program residing in the computing device may have an exception event, and when the exception event occurs, a corresponding event log is generated. Based on the configured alarm rule, the alarm rule is triggered to alarm only when a plurality of abnormal event logs occur within preset time. The alarm content needs to select a certain event log from a plurality of event logs monitored before the alarm rule is triggered, and the certain event log is generated after being processed.
As shown in FIG. 3, a method 300 of generating alert content begins at step S310. In step S310, the computing device receives an alert template set by the client according to the type of alert content. Here, the alarm template may be generated after the client is set according to the actual alarm content.
According to one embodiment, a computing device generates an alert template list corresponding to each type of alert content by receiving a plurality of previous alert templates that a plurality of previous clients set and generate according to the type of previous alert content, and storing the obtained plurality of previous alert templates in a data store. Here, each item in the alert template list includes a type of alert content and an alert template corresponding to the type of alert content. Therefore, when the technical staff carries out relevant setting for the alarm, the computing equipment can provide an alarm template list for the current client side, so that the current client side directly selects a corresponding alarm template from the alarm template list based on the type of the current alarm content and feeds the corresponding alarm template back to the computing equipment, and the computing equipment directly obtains the alarm template from the data storage device according to the options of the client side. Based on the embodiment, the operation step that a user carries out self-defining setting at the client is omitted, convenience and rapidness are achieved, and the alarm template can be determined based on the type of the alarm content.
According to one embodiment, the invention monitors the event log and obtains the event log generated each time an abnormal event occurs. The generation of multiple event logs triggers an alarm rule within a predetermined time, thereby alarming.
Subsequently, in step S320, when it is detected that the alarm rule is triggered, a plurality of event logs before the alarm rule is triggered are acquired, and an event log with the highest final priority is selected as an alarm log from the plurality of event logs before the alarm rule is triggered. It should be understood that the event logs before the alarm rule is triggered are the event logs for alarming when the alarm rule is triggered.
In one embodiment, the fields in the event log may take the form $ { field name } placeholder syntax, such as:
$ Project last $ timeWindow there is an exception log $ { COUNT } bar within minutes. Abnormal information exception information which needs to be paid attention most:
server IP $ { ServerIP }
Exception type $ { ExceptionType }
The user-defined information $ { CustomMessage }
Exception message $ { ExceptionMessage }
Finally, in step S330, the corresponding alarm content is generated based on the alarm log and the alarm template, that is, the alarm template is filled with the data related to the alarm log to generate the corresponding alarm content. It should be noted that the alarm log is combined with the alarm template set by the user in the client to generate the alarm content, that is, the content in the alarm log is customized according to the alarm template, which is beneficial to simplifying the alarm content, so that the alarm content is short and the key information in the alarm log can be displayed. Specifically, by setting a corresponding alarm template at the client, the alarm content generated based on the alarm log and the alarm template may include monitoring rules, event content, abnormal types of the alarm log, and key field information of the alarm log, which is convenient for technicians to obtain the key information of the alarm event more quickly and directly.
In one embodiment, the alarm template is, for example, a Freemarker template, and the alarm content generated based on the Freemarker template and the alarm log is, for example:
there are 200 exception logs in the last 5 minutes of atom. The most interesting anomaly information is needed.
Server IP 192.168.1.1.
The exception type is java.
The self-defining information is Error while query user keychaingqing.
Abnormal information:
it should be noted that the present invention is not limited to the specific types of alarm templates, and all types of templates that can implement the customization of the log contents in the prior art are within the scope of the present invention.
According to one embodiment, after each event log is obtained, the abnormal type of each event log is analyzed and determined, and the abnormal type of each event log is counted respectively to generate an event log list. Here, each entry in the event log list includes an event log and an exception type corresponding to the event log, respectively.
According to one embodiment, the present invention determines the priority included in each event log according to the exception type of each event log.
It should be noted that a plurality of event logs may include a plurality of exception types. The abnormal types corresponding to the event logs generated by the nodes at different times may be the same or different. When determining the corresponding priority based on the abnormal type of the event log, the invention can respectively determine the corresponding priority based on various properties of the abnormal type, for example, a priority can be determined according to the specific type of the abnormal type, a priority can also be determined according to the frequency of the event log corresponding to the abnormal type, and a priority can also be determined according to the occurrence time of the event log corresponding to the abnormal type. It should be appreciated that the corresponding priorities are determined based on various properties that the exception types of the event logs have, respectively, and thus each event log may include one or more priorities.
Further, the final priority of each event log is determined according to the priority included in each event log. For example, the final priority of each event log may be the sum of all the priorities it includes. And selecting the event log with the highest final priority as the alarm log by comparing the final priorities corresponding to the event logs before the alarm rule is triggered.
It should be appreciated that each priority included with an event log is a degree of abnormality of the event log evaluated from different levels based on the type of abnormality of the event log. The final priority can evaluate the abnormal degree of the corresponding event log from a plurality of layers and by integrating a plurality of factors, and can reflect the representativeness of the event log in a plurality of event logs acquired before the alarm rule is triggered. That is, the event log with the highest final priority actually reflects the event that can most reflect the current alarm condition in the event logs triggering the alarm rule. By taking the event log with the highest final priority as the alarm log and sending the alarm log to the client after generating the alarm content according to the alarm template, technicians can quickly and efficiently judge the core problem of triggering the alarm event from the obtained alarm content, and the alarm event can be processed more quickly and efficiently.
According to one embodiment, the plurality of priorities included in the plurality of event logs includes, for example, a first priority, a second priority, a third priority, and a fourth priority. The priority levels of the first priority level, the second priority level, the third priority level and the fourth priority level are sequentially reduced. It should be noted that the present invention is not limited to the specific number of the plurality of priority levels and the specific setting of each priority level, and each priority level may be specifically set by those skilled in the art according to the actual situation. In other embodiments, the plurality of priorities may also include other priorities in addition to the priorities listed above.
According to one embodiment, the plurality of event logs in the event log list are arranged in order of occurrence time (i.e., the time in which the event logs are monitored).
Specifically, the step of determining the priority included in each event log according to the exception type of each event log comprises the following steps:
and determining the exception type with the largest occurrence number in the event logs based on the event log list. That is, according to the abnormal type corresponding to each event log recorded in the event log list, each abnormal type is counted, and the number of event logs corresponding to each abnormal type is determined, so that the abnormal type with the largest number of corresponding event logs is selected. And traversing the event log list, and judging whether the abnormal type of each event log is the abnormal type with the maximum occurrence frequency. If the exception type of the event log is the exception type that occurs the most number of times, it is determined that the event log includes a first priority.
And traversing the event log list, and judging whether the abnormal type of each event log is the abnormal type which appears for the first time in a preset time period. Based on that a plurality of event logs in the event log list are sequentially arranged according to the occurrence time sequence, if the abnormal type corresponding to the event log does not occur in each item before the event log, determining that the abnormal type of the event log is the abnormal type occurring for the first time in a preset time period, and determining that the event log comprises a second priority.
It is determined whether the marking of each event log is a deferred handling, i.e., whether the event log is marked as deferred handling. If so, determining that the event log comprises a third priority.
A determination is made as to whether the marking of each event log is no-need-to-process, i.e., whether the event log is marked as no-need-to-process. If so, it is determined that the event log includes a fourth priority.
According to one embodiment, the computing device sends the alert content to the client after generating the alert content based on the alert log and the alert template. Specifically, the computing device may send the alert content to a social application of the client via a network, so that the technician obtains the alert content via the social application. Here, the social application is, for example, an application such as a short message, a mail, or a nail, and the specific category of the social application is not limited by the present invention. After the client receives the alarm content, a technician performs feedback marking on the alarm content at the client, wherein the feedback marking is made based on an alarm log corresponding to the alarm content. The feedback flag includes, for example, a required process, an unnecessary process, a delay process, and the like, but is not limited to these several kinds of flags.
And then, the client sends the feedback marks of the alarm logs corresponding to the alarm content to the computing equipment, after the computing equipment acquires the feedback marks, the corresponding alarm logs and the feedback marks are stored in the data storage device together, and a log mark list is generated based on the acquired alarm logs and the corresponding feedback marks. It should be understood that the alarm log is actually an event log, and each entry in the log label list includes an event log and its corresponding label. Therefore, when a new event log is acquired, the corresponding mark of the new event log can be determined based on the log mark list, so that whether the event log is marked to be processed in a delayed mode or not can be judged.
Fig. 4 shows a schematic diagram of an alarm device 400 according to an embodiment of the invention. The alert apparatus 400 resides in a computing device 200 to cause the computing device 200 to perform the method 300 of generating alert content of the present invention. As shown in fig. 4, the alarm apparatus 400 includes a receiving module 410, a detecting module 415, a processing module 420, and a generating module 430.
According to one embodiment, the receiving module 410 receives an alert template set by the client according to the type of alert content. The detection module 415 monitors the event log and detects whether an alarm rule is triggered. When it is detected that the alarm rule is triggered, the processing module 420 obtains a plurality of event logs before the alarm rule is triggered, and selects an event log with the highest final priority as an alarm log from the plurality of event logs before the alarm rule is triggered. The generating module 430 generates corresponding alarm content based on the alarm log and the alarm template.
It should be noted that the receiving module 410 is specifically configured to execute the method of step S310, the processing module 420 is specifically configured to execute the method of step S320, and the generating module 430 is specifically configured to execute the method of step S330.
For the processing logics and functions of the receiving module 410, the processing module 420, and the generating module 430, reference may be made to the related description of steps S310 to S330 in the method 300 for generating alarm content, and details are not described herein again.
A9, the method for generating alarm content according to any one of A1-A8, wherein after generating the alarm content, further comprising the steps of: sending the alarm content to the client; acquiring a feedback mark of the client to an alarm log corresponding to the received alarm content; and storing the alarm logs and the corresponding feedback marks in a data storage device, and generating a log mark list so as to determine marks corresponding to a new event log based on the log mark list when the new event log is acquired. A10, the method for generating alarm content of A9, wherein the feedback mark comprises required processing, no required processing and delayed processing. A11, the method for generating alarm content according to any A1-A10, wherein the alarm template is a Freemarker template. A12, the method of generating alarm content according to any one of A1-A11, wherein the alarm content includes key field information of an alarm log.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the multilingual spam-text recognition method of the present invention according to instructions in said program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense, and the scope of the present invention is defined by the appended claims.
Claims (10)
1. A method of generating alert content, performed in a computing device having alert rules configured therein, comprising:
receiving an alarm template set by a client according to the type of the alarm content;
when detecting that an alarm rule is triggered, selecting an event log with the highest final priority from the event logs before the alarm rule is triggered as an alarm log; and
and generating alarm content based on the alarm log and the alarm template.
2. The method of generating alert content according to claim 1, wherein the event logs include one or more priorities, and further comprising, before selecting an event log with a highest final priority from a plurality of event logs before the alert rule is triggered, the steps of:
monitoring event logs, and acquiring a plurality of event logs before the alarm rule is triggered;
determining the abnormal type of each event log, and respectively counting the abnormal type of each event log to generate an event log list;
determining the priority included by the event log according to the abnormal type of the event log;
and determining the final priority of the event log according to the priority included in the event log.
3. The method of generating alert content according to claim 2, wherein the step of determining the priority included by the event log includes:
determining the exception type with the largest occurrence number in the event logs based on the event log list;
traversing the event log list, and judging whether the abnormal type of the event log is the abnormal type with the largest occurrence frequency;
if so, determining that the event log comprises a first priority.
4. The method of generating alert content according to claim 2 or 3, wherein the plurality of event logs in the event log list are arranged in chronological order, and the step of determining the priority included in the event logs further comprises:
traversing the event log list, and judging whether the abnormal type of the event log is the abnormal type which appears for the first time in a preset time period;
and if so, determining that the event log comprises a second priority.
5. The method of generating alert content according to any of claims 2-4, wherein the step of determining the priority included by the event log further comprises:
judging whether the mark of the event log is delayed processing or not;
if so, determining that the event log comprises a third priority.
6. The method of generating alert content according to any of claims 2-5, wherein the step of determining the priority included by the event log further comprises:
judging whether the mark of the event log is not required to be processed;
if so, determining that the event log comprises a fourth priority.
7. The method of generating alert content according to any one of claims 3-6, wherein:
the one or more priorities include a first priority, a second priority, a third priority, a fourth priority;
the priority levels of the first priority level, the second priority level, the third priority level and the fourth priority level are sequentially reduced.
8. The method of generating alert content according to any of claims 1-7, further comprising the steps of:
receiving a plurality of previous client settings and a plurality of previous alert templates generated;
storing a plurality of previous alarm templates in a data storage device to generate an alarm template list;
the step of receiving the alarm template set by the client according to the type of the alarm content comprises the following steps:
providing the alarm template list to a client so that the client can select an alarm template from the alarm template list;
and acquiring the alarm template selected by the client from the data storage device.
9. A computing device, comprising:
at least one processor; and
a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the method of generating alert content according to any one of claims 1-8.
10. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911077510.8A CN110825592A (en) | 2019-11-06 | 2019-11-06 | Method and computing device for generating alarm content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911077510.8A CN110825592A (en) | 2019-11-06 | 2019-11-06 | Method and computing device for generating alarm content |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110825592A true CN110825592A (en) | 2020-02-21 |
Family
ID=69552916
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911077510.8A Pending CN110825592A (en) | 2019-11-06 | 2019-11-06 | Method and computing device for generating alarm content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110825592A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116527853A (en) * | 2023-06-20 | 2023-08-01 | 深圳比特微电子科技有限公司 | Electronic device, cloud device, client device and operation method of client device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108170580A (en) * | 2017-11-22 | 2018-06-15 | 链家网(北京)科技有限公司 | A kind of rule-based log alarming method, apparatus and system |
| CN109408331A (en) * | 2018-10-15 | 2019-03-01 | 四川长虹电器股份有限公司 | Log alarming system based on user individual feature |
| CN109634589A (en) * | 2018-12-07 | 2019-04-16 | 上海上实龙创智慧能源科技股份有限公司 | A kind of processing method for the automatic Realtime Alerts task of sewage treatment process |
| CN110134659A (en) * | 2019-05-08 | 2019-08-16 | 厦门欢乐逛科技股份有限公司 | Run log monitoring system, method, medium and the equipment of program |
-
2019
- 2019-11-06 CN CN201911077510.8A patent/CN110825592A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108170580A (en) * | 2017-11-22 | 2018-06-15 | 链家网(北京)科技有限公司 | A kind of rule-based log alarming method, apparatus and system |
| CN109408331A (en) * | 2018-10-15 | 2019-03-01 | 四川长虹电器股份有限公司 | Log alarming system based on user individual feature |
| CN109634589A (en) * | 2018-12-07 | 2019-04-16 | 上海上实龙创智慧能源科技股份有限公司 | A kind of processing method for the automatic Realtime Alerts task of sewage treatment process |
| CN110134659A (en) * | 2019-05-08 | 2019-08-16 | 厦门欢乐逛科技股份有限公司 | Run log monitoring system, method, medium and the equipment of program |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116527853A (en) * | 2023-06-20 | 2023-08-01 | 深圳比特微电子科技有限公司 | Electronic device, cloud device, client device and operation method of client device |
| CN116527853B (en) * | 2023-06-20 | 2023-10-13 | 深圳比特微电子科技有限公司 | Electronic device, cloud device, client device and operation method of client device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110224858B (en) | Log-based alarm method and related device | |
| CN104836701B (en) | Order monitoring method and device | |
| US11449488B2 (en) | System and method for processing logs | |
| CN112054915B (en) | Processing method, device and system for client exception pre-warning and computing equipment | |
| US20160260280A1 (en) | Information Prompting Method and Device for Prompting Ticket Drawing Result | |
| CN115190047B (en) | Method, system and computing device for monitoring server health | |
| US11144930B2 (en) | System and method for managing service requests | |
| CN108509313A (en) | A kind of business monitoring method, platform and storage medium | |
| US20220222266A1 (en) | Monitoring and alerting platform for extract, transform, and load jobs | |
| CN108241744A (en) | A kind of log read method and apparatus | |
| US11373004B2 (en) | Report comprising a masked value | |
| CN108665235B (en) | Resource processing node operation method, terminal device and medium | |
| CN113114490A (en) | API call abnormity warning method, device, equipment and medium | |
| CN110222107B (en) | Data transmission method and related equipment | |
| US8856140B2 (en) | Querying dialog prompts using hash values | |
| CN108804574B (en) | Alarm prompting method and device, computer readable storage medium and electronic equipment | |
| US20180275980A1 (en) | Optimizing feature deployment based on usage pattern | |
| CN110825592A (en) | Method and computing device for generating alarm content | |
| KR20110037969A (en) | Targeted user notification of messages in a monitoring system | |
| CN111142863B (en) | Page generation method and device | |
| CN113986494A (en) | Interface processing method and device, electronic equipment and storage medium | |
| CN113076112A (en) | Database deployment method and device and electronic equipment | |
| CN112749164A (en) | Data quality analysis method and device and electronic equipment | |
| CN114503109A (en) | Maintaining system security | |
| CN111191234A (en) | Method and device for detecting virus information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |