CN110858192A - Log query method and system, log checking system and query terminal - Google Patents
Log query method and system, log checking system and query terminal Download PDFInfo
- Publication number
- CN110858192A CN110858192A CN201810964976.9A CN201810964976A CN110858192A CN 110858192 A CN110858192 A CN 110858192A CN 201810964976 A CN201810964976 A CN 201810964976A CN 110858192 A CN110858192 A CN 110858192A
- Authority
- CN
- China
- Prior art keywords
- log
- query
- data
- end devices
- log data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The application provides a log query method and system, a log checking system and a query terminal, wherein the method comprises the following steps: acquiring a log query request; responding to the log query request, and acquiring log data from a plurality of end devices; receiving log data returned by the plurality of end devices according to a uniform data format; and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying. In the above scheme, for a plurality of end devices, when log data are returned to the log troubleshooting system, the log data are returned according to a uniform data format, so that the log troubleshooting system is more convenient to process logs, is easy to perform cluster analysis, can effectively improve the efficiency of log query, and when log data are displayed at the query terminal, the log data are displayed in a natural language mode, so that the readability of a user on log files is improved, and the log troubleshooting can be simply and efficiently realized.
Description
Technical Field
The application belongs to the technical field of internet, and particularly relates to a log query method and system, a log checking system and a query terminal.
Background
The log is a file for recording events in the system, plays a very important role in the daily development process, no matter the client or the server, and can be used for performance analysis, problem location and troubleshooting and the like.
However, due to different habits of developers and different contents to be output, the contents of the log file are often very disordered and have poor expression capability, and if a very complex structure is output in a row of logs, the readability of the logs is very low. The realization difference between the client and the server is large, and the log difference of the same service and the same link is large, so that the client and the server are difficult to be checked together.
Due to the fact that the logs have the standard degree and the structuralization is not strong, when a developer positions the problems through the logs, the troubleshooting efficiency is low.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The application aims to provide a log query method and system, a log checking system and a query terminal so as to achieve the technical effect of simply and efficiently querying logs.
The application provides a log query method and system, a log checking system and a query terminal, which are realized as follows:
a method of log querying, the method comprising:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
receiving log data returned by the plurality of end devices according to a uniform data format;
and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying.
A method of log querying, the method comprising:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
converting the log data returned by the plurality of end devices into a uniform data format to obtain converted log data;
and pushing the data which belongs to the query range requested by the log query request in the converted log data to a request end for displaying.
A log query method, comprising:
acquiring query conditions input by a user through a log query interface;
generating a query request according to the query condition and sending the query request to a log query system;
receiving log data returned by the log query system, wherein the log data returned by the log query system is the log data uploaded to the log query system by a plurality of end devices according to a uniform data format;
and displaying the returned log data through the log query interface in a natural language mode.
A log query system, comprising:
the query terminal is used for initiating a query request and displaying a query result;
the log checking system is used for responding to the query request and requesting log data from the end equipment;
and the plurality of end devices are used for returning the log data to the log checking system according to a uniform data format.
A log querying system, comprising:
the query terminal is used for initiating a query request and displaying a query result;
the log checking system is used for responding to the query request and requesting log data from the end equipment;
the plurality of end devices are used for returning log data to the log troubleshooting system;
the log checking system is also used for converting the returned log data into a uniform data format and returning a query result to the query terminal.
A log reconciliation system comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor implementing the steps of:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
receiving log data returned by the plurality of end devices according to a uniform data format;
and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying.
A log reconciliation system comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor implementing the steps of:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
converting the log data returned by the plurality of end devices into a uniform data format to obtain converted log data;
and pushing the data which belongs to the query range requested by the log query request in the converted log data to a request end for displaying.
A query terminal comprising a processor and a memory for storing processor-executable instructions, the instructions when executed by the processor result in:
acquiring query conditions input by a user through a log query interface;
generating a query request according to the query condition and sending the query request to a log query system;
receiving log data returned by the log query system, wherein the log data returned by the log query system is the log data uploaded to the log query system by a plurality of end devices according to a uniform data format;
and displaying the returned log data through the log query interface in a natural language mode.
A computer readable storage medium having stored thereon computer instructions that, when executed, implement:
acquiring a log query request;
responding to the log query request, and acquiring log data from a plurality of end devices;
receiving log data returned by the plurality of end devices according to a uniform data format;
and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying.
A computer readable storage medium having stored thereon computer instructions that, when executed, implement:
acquiring query conditions input by a user through a log query interface;
generating a query request according to the query condition and sending the query request to a log query system;
receiving log data returned by the log query system, wherein the log data returned by the log query system is the log data uploaded to the log query system by a plurality of end devices according to a uniform data format;
and displaying the returned log data through the log query interface in a natural language mode.
According to the log query method and system, the log investigation system and the query terminal, for a plurality of end devices with different log formats, the end devices are finally converted into a unified data format, so that the log investigation system is convenient to process logs, easy to perform cluster analysis, and capable of effectively improving log query efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 is an architecture diagram of a log query system provided herein;
FIG. 2 is a schematic diagram of a log configuration background page provided herein;
FIG. 3 is a schematic flow chart of a log query provided herein;
FIG. 4 is a schematic structural diagram of a log crawling page provided by the present application;
fig. 5 is a schematic diagram of a full link check result of an IM message provided in the present application;
FIG. 6 is another architecture diagram of the log query system provided herein;
FIG. 7 is a flowchart of a method of a log query method provided herein;
FIG. 8 is a flow chart of another method of the log query method provided herein;
FIG. 9 is a schematic diagram of an architecture of a computer terminal provided herein;
FIG. 10 is a block diagram of a log query device provided in the present application;
fig. 11 is another block diagram of the log query device according to the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In view of the problems of low efficiency and high requirement on the expertise of inspectors in the conventional log inspection, the present application provides a log query system, as shown in fig. 1, including: the system comprises a checking system 101, a plurality of end devices 102 and a query end 103. Because the formats of the log data of the plurality of end devices are different, if the operations such as data clustering are complicated, the log data of different end devices can be converted into a uniform data format before the log data are processed.
The conversion operations may be implemented on the terminal side or the troubleshooting system side, for example, each end device may provide a log file to the troubleshooting system according to a uniform log format, or the log troubleshooting system may convert log data in different formats into a uniform data format after receiving the log data in different formats returned by the end device.
For each end device, when the log file is actually provided to the troubleshooting system according to the uniform log format, sdk for format conversion may be implanted at each end device side, or when the troubleshooting system requests log data from the end device, format information in the uniform data format may be carried in the request message. The specific adopted mode can be selected according to actual needs, and the method is not limited by the application as long as the checking system can finally obtain the log data in the uniform data format.
Through the above requirements of the log data in the unified data format, the query end 103 performs log query through the troubleshooting system, and the troubleshooting system 101 can finally obtain the log file in the unified format, so that the processing is simpler, the accuracy is higher, and the log troubleshooting efficiency is effectively improved.
The plurality of end devices 102 described above may include: client, server, etc., where the client and server may be of different operation types. For example, the client may be an ios client, a pc client, an android client, and the like, and the server may be a Linux server, a pc server, and the like. Any end device having a log file may be used as the end device in the present application, and the present application is not limited thereto.
When implemented, the log checking system may further include, as shown in fig. 1: a memory 104, wherein the memory may be located in the troubleshooting system or may be separately provided. For storing the log data obtained and processed by the troubleshooting system 101 from the end device 102.
To implement the query of the log, the following three aspects can be taken: presentation of a query presentation interface (namely, log presentation), log grabbing based on a query request (namely, log grabbing), and configuration of logs (namely, log configuration) for realizing effective grabbing of logs of a terminal and a server. The following three aspects are explained below:
1) log configuration:
in consideration of the difference of the existing log records of the client and the server and the habits of different developers, the log forms of different clients and different servers are different, so that the aggregation investigation is difficult to perform. Therefore, in this example, by uniformly configuring the recording format of the log file, different end devices can process the log into the log file with the uniform format, and then a troubleshooting system is provided, so that the log can be orderly and efficiently processed on the troubleshooting system side.
In a specific implementation, the format requirements of a uniform format may be carried when the checking system requests log data from the client and the server, or as shown in fig. 2, different sdk are generated according to the difference between the client and the server, sdk is integrated into the corresponding client or the server, and the log record formats limited in each sdk are the same. Sdk are generated based on configured log rules. For example: each log content includes specific contents: log name, key field, optional field, field name of key field, field type of key field, field name of optional field, field type of optional field, etc. may all be configured, and after configuring the rule, sdk corresponding to different end devices may be generated, and then the generated sdk may be integrated into the end devices.
Thus, when the troubleshooting system receives a query request from a user, log data can be requested from the client and the server, and for the client and the server, after receiving the log request, the log is converted into a log format defined by sdk through the integrated sdk and then returned to the troubleshooting system.
After the log files of the client and the server are received by the checking system, because the log files are in a uniform format, the log files can be automatically clustered, stored and indexed according to a certain format, so that subsequent inquiry is facilitated, or the log files are transmitted to the inquiring end to display the inquiry result.
In the log configuration interface, log configuration may be performed according to a configuration mode of the log configuration background page as shown in fig. 2, for example, a log name is set for a certain type of log: log1, for log1 such logs, its corresponding key fields can be set, for example: time, masgid, and can set a corresponding field type for each key field, for example: long, String, etc. Meanwhile, optional fields corresponding to the log may be set, that is, fields that may or may not be recorded may be recorded, which fields are optional fields if recorded, and field types of these optional fields. After configuration is complete, sdk may be automatically generated based on language, platform, log name needed to be supported, etc. Sdk is then integrated into the respective end device.
For example, these end devices may be: ios clients, pc clients, android clients, linux servers, and some other types of clients. The specific requirement for generating sdk corresponding to which end devices correspond may be determined according to actual requirements, which is not limited in this application.
The logs of the same type only need to be configured once, wherein the log name is used for uniquely identifying the logs of a certain type, a plurality of key fields can be set, and the key fields are set with priority for data aggregation. For the troubleshooting system, logs collected from different end devices can be regarded as log contents of the same link if key fields are the same, and finally the contents are shown together. The optional field is used for displaying the log, and various information of each event node when the event node occurs can be displayed through the optional field. Wherein, the key field and the optional field can be flexibly increased or decreased according to the requirement.
For a developer needing to integrate the log system, the instruction needing to be supported, the supported platform, the language and the like can be selected in the log instruction warehouse, and the platform can automatically generate sdk for the developer to integrate in the program of the developer. For the end device, after sdk is integrated, when the system requests the log, the API interface of sdk is called to convert the requested log into a log file with a uniform format and provide the log file to the troubleshooting system. For the end device, the log file of the end device itself may be stored in a local file, or may be stored in a database, and for this, the log file may be selected according to actual needs, and the present application is not limited.
2) Log capture:
as shown in fig. 3, when a user (e.g., a developer or a tester) needs to query logs of some objects or servers, an instruction may be issued through an instruction channel, as shown in fig. 4, query conditions (e.g., a log name, a start time, an end time, a key field, and the like) are set in the instruction, and are used to indicate a log and a query range corresponding to the query and a value of the key field. The client or the server queries corresponding data through the API of sdk according to the query condition, and then returns the data to the troubleshooting system through the data upload channel.
The command and the issuing channel may be set according to the requirement and the situation, for example, the command and the issuing channel may be set based on a custom protocol of a TCP long connection, an HTTP protocol, and the like.
When the data is fetched through sdk and returned to the troubleshooting system, either on-demand fetching, which is fetching only the data requested by the instruction, or full-scale fetching, which is returning all log data to the troubleshooting system, may be used.
When log capture is performed, for a client, a capture-on-demand mode can be adopted, which mainly considers that the number of users of the client is large, and storing logs of all users in real time consumes a lot of resources. Generally, only when problems occur, the log of the client needs to be checked, so that a mode of grabbing according to needs can be adopted, the log of data specified by a user can be obtained, and the transmission quantity and the storage quantity of the data can be reduced.
For the server, a full capture mode can be adopted, after the server inputs the investigation log of the full link locally, the log can be distributed to the investigation system through the log collection program of the server, and the investigation system performs operations such as data cleaning, filtering, analysis and storage.
3) Log display:
after the log is returned to the troubleshooting system at the side of the end device, the log file can be processed and stored in the memory. And then, according to the request of the query user on the query page, returning the log obtained by matching to the query page for displaying, so that the query user can query the log data in the specified query range through the query page.
For a troubleshooting system, when data is written into a memory, information such as keywords can be extracted to generate an index key, and event logs with the same keywords are aggregated together to indicate that the logs are logs of the same link. Based on the query request, the data presented back to the query page may be sorted by time.
For the query page, the presentation manner or the specific display during presentation may be set by the user as needed, that is, what manner each field is displayed is set, for example, each field item is set to display the field name and the text meaning of the corresponding field value, so that the readability of the content can be improved.
Taking IM messages as an example, as shown in fig. 5, a display interface diagram for IM message full link investigation is shown, where a full link of a message includes multiple services, and logs of the same message may be connected in series according to IDs of the messages and sorted according to occurrence times. If a specific log of a certain message in a certain service needs to be viewed, event nodes (e.g., uplink, route, downlink, data center gateway, etc.) on a message link can be clicked, i.e., information such as ip and log time of the corresponding event node can be viewed. For example: "transmission type", if in the log data, the field corresponding to the transmission type is field 10, field 10 may be set, if 0, then display: automatic behavior [0], if field 10 is 1, display: and manually operating [1], so that the readability of the log query result can be improved. The display mode can also be set in this manner for other field entries as well.
As shown in FIG. 5, the log information of 2018-02-22(11:00: 00-23: 59:59) is inquired by the inquiry user, and in the result displayed on the display interface, the event node occurring in the time period of 2018-02-22(11:00: 00-23: 59:59) has only the message read in the log content corresponding to 2018-02-2211: 00:07.262, and the others are as follows: the up, route, down and other event nodes occur before 2018-02-2211: 00:00, so that the queried log records have no event nodes. That is, log data returned by the display interface is returned and displayed based on the defined scope.
However, it should be noted that the above example is described by taking an IM message as an example, and in actual implementation, the example may also be order processing data, logistics data, interaction data, and the like, which is not specifically limited in this application, and these log data may be queried and displayed in a log query manner.
In the above example, the format of the log on the same link can be unified by a configuration mode, the upper layer service logic does not need to store the log pair, and the requirements such as increase and decrease of fields can be compatible, so as to support a more complex data structure. By means of the integration sdk, logs of the end devices can be unified, so that full-link troubleshooting of the end devices is facilitated. Through visual display, the inquiry user can be liberated from black and white logs, all events according to a specified time sequence on the whole link can be clearly seen, and the investigation information of each event node can be displayed.
The present application further provides a log query system, as shown in fig. 6, including: inquiry terminal 601, log checking system 602 and a plurality of end devices 603, wherein:
the query terminal 601 is used for initiating a query request and displaying a query result;
a log checking system 602, configured to request log data from an end device in response to the query request;
and the plurality of end devices 603 are configured to return log data to the log checking system according to a uniform data format.
In the log query system, the log data returned by the end devices are returned according to a uniform data format, so that the log query system can simply and efficiently integrate the logs to obtain the log information of the full link.
In order to enable each end device to form a uniform data format, sdk for converting log data into the uniform data format can be integrated for each end device, for a developer needing to integrate a log system, an instruction needing to be supported, a platform needing to be supported, a language and the like can be selected in a log instruction warehouse, and the platform can automatically generate sdk for the developer to integrate in own program. For the end device, after sdk is integrated, when the system requests the log, the API interface of sdk is called to convert the requested log into a log file with a uniform format and provide the log file to the troubleshooting system.
The plurality of end devices may include, but are not limited to, one or more of the following: the system comprises an IOS client, a PC client, an Android client and a Linux server.
In order to store and backup the log data in the log troubleshooting system, a memory may be provided, and the memory is used for storing the log data returned by the plurality of end devices in the log troubleshooting system. After receiving the log data returned by the end device, the log checking system can store the log data according to a certain format, and can establish an index so as to facilitate subsequent query or call.
Based on the log query system, a log query method based on a log check system is further provided, the log query method is based on a query terminal, and fig. 7 is a method flowchart of an embodiment of the log query method. Although the present application provides method operational steps or apparatus configurations as illustrated in the following examples or figures, more or fewer operational steps or modular units may be included in the methods or apparatus based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution sequence of the steps or the module structure of the apparatus is not limited to the execution sequence or the module structure described in the embodiments and shown in the drawings of the present application. When the described method or module structure is applied in an actual device or end product, the method or module structure according to the embodiments or shown in the drawings can be executed sequentially or executed in parallel (for example, in a parallel processor or multi-thread processing environment, or even in a distributed processing environment).
Specifically, as shown in fig. 7, a log query method provided in an embodiment of the present application based on a log checking system may include the following steps:
step 701: acquiring a log query request;
step 702: responding to the log query request, and requesting log data from a plurality of end devices;
step 703: receiving log data returned by the plurality of end devices according to a uniform data format;
when the data is fetched through sdk and returned to the troubleshooting system, a mode of fetching as required can be adopted, and a mode of fetching in full quantity can also be adopted, wherein the fetching as required is just fetching the data requested by the instruction, and the fetching in full quantity is returning all log data to the troubleshooting system. When log capture is performed, for a client, a capture-on-demand mode can be adopted, which mainly considers that the number of users of the client is large, and storing logs of all users in real time consumes a lot of resources. Generally, only when problems occur, the log of the client needs to be checked, so that a mode of grabbing according to needs can be adopted, the log of data specified by a user can be obtained, and the transmission quantity and the storage quantity of the data can be reduced. For the server, a full capture mode can be adopted, after the server inputs the investigation log of the full link locally, the log can be distributed to the investigation system through the log collection program of the server, and the investigation system performs operations such as data cleaning, filtering, analysis and storage. That is, the on-demand pulled log data returned by the client in the multiple pieces of end equipment can be received; and receiving the full-drawn log data returned by the server side in the plurality of pieces of end equipment.
Sdk for converting log data into a uniform data format can be integrated in the end device, and the log data transmitted to the log investigation system through the different end devices is in the same format through the sdk. Or when the troubleshooting system requests log data from a plurality of end devices, sending a data format to the plurality of end devices, so that the end devices can return the log data to the troubleshooting system according to the received data format and a unified data format, and specifically, which mode can be selected according to actual needs is adopted, which is not limited in the application.
The unified data format may include: the log type comprises key fields contained in each log type, optional fields contained in each log type, field types of the key fields and field types of the optional fields.
Step 704: and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying.
Because the log data are in a uniform data format, the values of the key fields of the log data of the same log type are the same, and for a log checking system, after receiving the log data returned by a plurality of end devices according to the uniform data format, the values of the key fields of each log record in the received log data can be extracted; and taking the log records with the same value of each key field as the log records of the same link.
In a specific implementation, the data channel between the end device and the log checking system may be a preset channel, and the preset channels may be based on one of the following protocols: TCP long connection protocol, HTTP protocol.
The application also provides a log query method, which converts the data format through a checking system, and based on the conversion, the method can comprise the following steps:
step 1: acquiring a log query request;
step 2: responding to the log query request, and requesting log data from a plurality of end devices;
and step 3: converting the log data returned by the plurality of end devices into a uniform data format to obtain converted log data;
the unified data format may include: the log type comprises key fields contained in each log type, optional fields contained in each log type, field types of the key fields and field types of the optional fields.
And 4, step 4: and pushing the data which belongs to the query range requested by the log query request in the converted log data to a request end for displaying.
After the converted log data is obtained, the data may be integrated, specifically, the troubleshooting system may perform data integration according to the following manner: extracting values of each key field of each log record in the converted log data; and taking the log records with the same value of each key field as the log records of the same link.
As shown in fig. 8, a log query method is provided, which may include the following steps based on a query terminal side:
step 801: acquiring query conditions input by a user through a log query interface;
step 802: generating a query request according to the query condition and sending the query request to a log query system;
step 803: receiving log data returned by the log query system, wherein the log data returned by the log query system is the log data uploaded to the log query system by a plurality of end devices according to a uniform data format;
step 804: and displaying the returned log data through the log query interface in a natural language mode.
In order to enable the inquirer to inquire the log information more efficiently or give more detailed log information to the inquirer, inquiry of detailed information of each event node can be provided, for example, after returned log data is displayed through the log inquiry interface in a natural language manner, a selection operation of a user on the event node can be received; and responding to the selection operation, and displaying the information of the selected event node.
The information of the event node may include, but is not limited to: key field, value of key field, optional field, value of optional field.
The method provided by the embodiment of the application can be executed in a mobile terminal, a computer terminal or a similar operation device. Taking the example of running on a computer terminal, fig. 9 is a hardware structure block diagram of a computer terminal of a log query method according to an embodiment of the present invention. As shown in fig. 9, the computer terminal 10 may include one or more (only one shown) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 104 for storing data, and a transmission module 106 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 9 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 9, or have a different configuration than shown in FIG. 9.
The memory 104 may be configured to store software programs and modules of application software, such as program instructions/modules corresponding to the log query method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, that is, implementing the log query method of the application program. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission module 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission module 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission module 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
At a software level, a log query apparatus is provided, which is located in a log checking system, as shown in fig. 10, and may include: an obtaining module 1001, a requesting module 1002, a receiving module 1003 and a pushing module 1004, wherein:
an obtaining module 1001, configured to obtain a log query request;
a request module 1002, configured to request log data from a plurality of end devices in response to the log query request;
a receiving module 1003, configured to receive log data returned by the multiple end devices according to a unified data format;
the pushing module 1004 is configured to push data, which belongs to a query range requested by the log query request, in the received log data to the requesting end for display.
In one embodiment, the receiving module 1003 may include: the first receiving unit is used for receiving the log data which is pulled as required and returned by the client side in the plurality of end devices; and the second receiving module is used for receiving the full-drawn log data returned by the server side in the plurality of pieces of end equipment.
In one embodiment, each of the plurality of end devices is integrated with sdk that converts log data into a unified data format.
In one embodiment, the unified data format may include: the log type comprises key fields contained in each log type, optional fields contained in each log type, field types of the key fields and field types of the optional fields.
In one embodiment, the log query apparatus may further include: the extraction module is used for extracting the values of each key field of each log record in the received log data after receiving the log data returned by the plurality of end devices according to the unified data format; and the generating module is used for taking the log records with the same values of all the key fields as the log records of the same link.
In one embodiment. The receiving module 1003 may specifically receive log data returned by the multiple end devices through a preset channel, where the preset channel is based on one of the following protocols: TCP long connection protocol, HTTP protocol.
In the software aspect, there is also provided a log query apparatus, located in a query terminal, as shown in fig. 11, which may include: an obtaining module 1101, a generating module 1102, a receiving module 1103 and a display module 1104, wherein:
an obtaining module 1101, configured to obtain a query condition input by a user through a log query interface;
a generating module 1102, configured to generate a query request according to the query condition and send the query request to a log query system;
a first receiving module 1103, configured to receive log data returned by the log query system, where the log data returned by the log query system is log data uploaded to the log query system by multiple end devices according to a uniform data format;
and the display module 1104 is used for displaying the returned log data through the log query interface in a natural language mode.
In one embodiment, the log query apparatus may further include: the second receiving module is used for receiving the selection operation of the user on the event node after the returned log data is displayed through the log query interface in a natural language mode; and responding to the selection operation, and displaying the information of the selected event node.
In one embodiment, the information of the event node may include: key field, value of key field, optional field, value of optional field.
According to the log query method and system, the log investigation system and the query terminal, for a plurality of end devices, when log data are returned to the log investigation system, the log data are returned according to a uniform data format, so that the log investigation system can process logs conveniently, cluster analysis is easy, log query efficiency can be effectively improved, when the query terminal displays the log data, readability of a user on log files is improved through display in a natural language mode, and log investigation can be simply and efficiently realized.
Although the present application provides method steps as described in an embodiment or flowchart, additional or fewer steps may be included based on conventional or non-inventive efforts. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The apparatuses or modules illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. The functionality of the modules may be implemented in the same one or more software and/or hardware implementations of the present application. Of course, a module that implements a certain function may be implemented by a plurality of sub-modules or sub-units in combination.
The methods, apparatus or modules described herein may be implemented in computer readable program code to a controller implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, Application Specific Integrated Circuits (ASICs), programmable logic controllers and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
Some of the modules in the apparatus described herein may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary hardware. Based on such understanding, the technical solutions of the present application may be embodied in the form of software products or in the implementation process of data migration, which essentially or partially contributes to the prior art. The computer software product may be stored in a storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, mobile terminal, server, or network device, etc.) to perform the methods described in the various embodiments or portions of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. All or portions of the present application are operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, mobile communication terminals, multiprocessor systems, microprocessor-based systems, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the present application has been described with examples, those of ordinary skill in the art will appreciate that there are numerous variations and permutations of the present application without departing from the spirit of the application, and it is intended that the appended claims encompass such variations and permutations without departing from the spirit of the application.
Claims (22)
1. A method of log querying, the method comprising:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
receiving log data returned by the plurality of end devices according to a uniform data format;
and pushing the data which belongs to the query range requested by the log query request in the received log data to a request end for displaying.
2. The method of claim 1, wherein receiving log data returned by the plurality of end devices in a unified data format comprises:
receiving log data which are pulled as required and returned by clients in the plurality of pieces of end equipment;
and/or receiving full-drawn log data returned by a server side in the plurality of end devices.
3. The method of claim 1, wherein each of the plurality of end devices is integrated with sdk that converts log data into a unified data format.
4. The method of claim 1, wherein the data format is sent to the plurality of end devices when log data is requested from the plurality of end devices.
5. The method of claim 1, wherein the unified data format comprises: the log type comprises key fields contained in each log type, optional fields contained in each log type, field types of the key fields and field types of the optional fields.
6. The method of claim 5, wherein after receiving log data returned by the plurality of end devices in the unified data format, the method further comprises:
extracting values of each key field of each log record in the received log data;
and taking the log records with the same value of each key field as the log records of the same link.
7. The method of claim 1, wherein receiving log data returned by the plurality of end devices in a unified data format comprises:
receiving log data returned by the plurality of end devices through a preset channel, wherein the preset channel is based on one of the following protocols: TCP long connection protocol, HTTP protocol.
8. A method of log querying, the method comprising:
acquiring a log query request;
responding to the log query request, and requesting log data from a plurality of end devices;
converting the log data returned by the plurality of end devices into a uniform data format to obtain converted log data;
and pushing the data which belongs to the query range requested by the log query request in the converted log data to a request end for displaying.
9. The method of claim 8, wherein the unified data format comprises: the log type comprises key fields contained in each log type, optional fields contained in each log type, field types of the key fields and field types of the optional fields.
10. The method of claim 9, wherein after converting the log data returned by the plurality of end devices into a unified data format, and obtaining the converted log data, the method further comprises:
extracting values of each key field of each log record in the converted log data;
and taking the log records with the same value of each key field as the log records of the same link.
11. A log query method, comprising:
acquiring query conditions input by a user through a log query interface;
generating a query request according to the query condition and sending the query request to a log query system;
receiving log data returned by the log query system, wherein the log data returned by the log query system is the log data uploaded to the log query system by a plurality of end devices according to a uniform data format;
and displaying the returned log data through the log query interface in a natural language mode.
12. The method of claim 11, wherein after displaying the returned log data through the log query interface in natural language, the method further comprises:
receiving selection operation of a user on an event node;
and responding to the selection operation, and displaying the information of the selected event node.
13. The method of claim 12, wherein the information of the event node comprises: key field, value of key field, optional field, value of optional field.
14. A log querying system, comprising:
the query terminal is used for initiating a query request and displaying a query result;
the log checking system is used for responding to the query request and requesting log data from the end equipment;
and the plurality of end devices are used for returning the log data to the log checking system according to a uniform data format.
15. The system of claim 14, wherein each of the plurality of end devices is integrated with sdk that converts log data into a unified data format.
16. The system of claim 14, further comprising:
and the memory is used for storing the log data returned by the plurality of end devices by the log checking system.
17. The system of claim 14, wherein the plurality of end devices are one or more of: the system comprises an IOS client, a PC client, an Android client and a Linux server.
18. A log querying system, comprising:
the query terminal is used for initiating a query request and displaying a query result;
the log checking system is used for responding to the query request and requesting log data from the end equipment;
the plurality of end devices are used for returning log data to the log troubleshooting system;
the log checking system is also used for converting the returned log data into a uniform data format and returning a query result to the query terminal.
19. A log-checking system comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 7.
20. A log-checking system comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 8 to 10.
21. A query terminal comprising a processor and a memory for storing processor-executable instructions that when executed by the processor implement the steps of the method of any one of claims 11 to 13.
22. A computer readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810964976.9A CN110858192A (en) | 2018-08-23 | 2018-08-23 | Log query method and system, log checking system and query terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810964976.9A CN110858192A (en) | 2018-08-23 | 2018-08-23 | Log query method and system, log checking system and query terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110858192A true CN110858192A (en) | 2020-03-03 |
Family
ID=69635135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810964976.9A Pending CN110858192A (en) | 2018-08-23 | 2018-08-23 | Log query method and system, log checking system and query terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110858192A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111240953A (en) * | 2020-03-05 | 2020-06-05 | 北京云族佳科技有限公司 | Log processing method and device and readable storage medium |
| CN111831513A (en) * | 2020-07-15 | 2020-10-27 | 北京达佳互联信息技术有限公司 | Log query method and device, electronic equipment and storage medium |
| CN112035424A (en) * | 2020-08-25 | 2020-12-04 | 北京金山云网络技术有限公司 | Data query method, device and system, electronic equipment and storage medium |
| CN112148700A (en) * | 2020-10-12 | 2020-12-29 | 平安科技(深圳)有限公司 | Log data processing method and device, computer equipment and storage medium |
| CN112181929A (en) * | 2020-09-24 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Cloud management platform log processing method and device, electronic device and storage medium |
| CN112364284A (en) * | 2020-11-23 | 2021-02-12 | 北京八分量信息科技有限公司 | Method, device and related product for detecting abnormity based on context |
| CN113326238A (en) * | 2021-06-25 | 2021-08-31 | 深信服科技股份有限公司 | Data processing method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801817A (en) * | 2005-12-21 | 2006-07-12 | 阿里巴巴公司 | Method and system for producing journal file |
| CN103593277A (en) * | 2012-08-15 | 2014-02-19 | 深圳市世纪光速信息技术有限公司 | Log processing method and system |
| CN105337748A (en) * | 2014-06-20 | 2016-02-17 | 北京奇虎科技有限公司 | Log file collection method and system, server, and service cluster controlling apparatus |
| CN105656694A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Device log processing method |
| CN106201848A (en) * | 2016-06-30 | 2016-12-07 | 北京奇虎科技有限公司 | The log processing method of a kind of real-time calculating platform and device |
| CN106294345A (en) * | 2015-05-13 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The treating method and apparatus of the log content of application program |
-
2018
- 2018-08-23 CN CN201810964976.9A patent/CN110858192A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1801817A (en) * | 2005-12-21 | 2006-07-12 | 阿里巴巴公司 | Method and system for producing journal file |
| CN103593277A (en) * | 2012-08-15 | 2014-02-19 | 深圳市世纪光速信息技术有限公司 | Log processing method and system |
| CN105337748A (en) * | 2014-06-20 | 2016-02-17 | 北京奇虎科技有限公司 | Log file collection method and system, server, and service cluster controlling apparatus |
| CN106294345A (en) * | 2015-05-13 | 2017-01-04 | 阿里巴巴集团控股有限公司 | The treating method and apparatus of the log content of application program |
| CN105656694A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Device log processing method |
| CN106201848A (en) * | 2016-06-30 | 2016-12-07 | 北京奇虎科技有限公司 | The log processing method of a kind of real-time calculating platform and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111240953A (en) * | 2020-03-05 | 2020-06-05 | 北京云族佳科技有限公司 | Log processing method and device and readable storage medium |
| CN111831513A (en) * | 2020-07-15 | 2020-10-27 | 北京达佳互联信息技术有限公司 | Log query method and device, electronic equipment and storage medium |
| CN112035424A (en) * | 2020-08-25 | 2020-12-04 | 北京金山云网络技术有限公司 | Data query method, device and system, electronic equipment and storage medium |
| CN112181929A (en) * | 2020-09-24 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Cloud management platform log processing method and device, electronic device and storage medium |
| CN112148700A (en) * | 2020-10-12 | 2020-12-29 | 平安科技(深圳)有限公司 | Log data processing method and device, computer equipment and storage medium |
| WO2021189953A1 (en) * | 2020-10-12 | 2021-09-30 | 平安科技(深圳)有限公司 | Log data processing method and apparatus, computer device, and storage medium |
| CN112364284A (en) * | 2020-11-23 | 2021-02-12 | 北京八分量信息科技有限公司 | Method, device and related product for detecting abnormity based on context |
| CN112364284B (en) * | 2020-11-23 | 2024-01-30 | 北京八分量信息科技有限公司 | Method and device for detecting abnormality based on context and related product |
| CN113326238A (en) * | 2021-06-25 | 2021-08-31 | 深信服科技股份有限公司 | Data processing method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110858192A (en) | Log query method and system, log checking system and query terminal | |
| WO2021169268A1 (en) | Data processing method, apparatus and device, and storage medium | |
| CN110457178A (en) | A kind of full link monitoring alarm method based on log collection analysis | |
| US11188443B2 (en) | Method, apparatus and system for processing log data | |
| CN109039817B (en) | Information processing method, device, equipment and medium for flow monitoring | |
| CN112765103B (en) | File analysis method, system, device and equipment | |
| CN103312544A (en) | Method, equipment and system for controlling terminals during log file reporting | |
| CN103546343A (en) | Network flow display method and system for network flow analyzing systems | |
| CN109151056B (en) | Method and system for pushing messages based on Canal | |
| US10489179B1 (en) | Virtual machine instance data aggregation based on work definition metadata | |
| CN112559296A (en) | Prometheus-based virtual machine monitoring method and tool, electronic device and storage medium | |
| CN113868248A (en) | Index data pre-polymerization method | |
| CN113051460A (en) | Elasticissearch-based data retrieval method and system, electronic device and storage medium | |
| CN112181678A (en) | Service data processing method, device and system, storage medium and electronic device | |
| CN102333114A (en) | Data processing scheme based on cloud service | |
| CN105099829B (en) | A kind of information resources service availability automatic monitoring method based on http protocol | |
| CN112579406B (en) | Log call chain generation method and device | |
| CN117271584A (en) | Data processing method and device, computer readable storage medium and electronic equipment | |
| KR20210000041A (en) | Method and apparatus for analyzing log data in real time | |
| CN112764988B (en) | Data segment acquisition method and device | |
| CN113141403B (en) | Log transmission method and device | |
| CN112788077B (en) | Data acquisition method and device, computer equipment and computer-readable storage medium | |
| CN114756301A (en) | Log processing method, device and system | |
| CN110611576B (en) | Data quality monitoring method, device, equipment and storage medium | |
| CN112181929A (en) | Cloud management platform log processing method and device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |