CN112231192A - Log data analysis method and device - Google Patents
Log data analysis method and device Download PDFInfo
- Publication number
- CN112231192A CN112231192A CN202011172628.1A CN202011172628A CN112231192A CN 112231192 A CN112231192 A CN 112231192A CN 202011172628 A CN202011172628 A CN 202011172628A CN 112231192 A CN112231192 A CN 112231192A
- Authority
- CN
- China
- Prior art keywords
- log data
- log
- alarm
- target
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
Abstract
The invention discloses a log data analysis method and a device, wherein the log data analysis device comprises the following steps: the system comprises a log monitoring module, a log analysis module and a data processing module. According to the method and the device, the abnormal log data meeting the alarm condition in the log data alarm strategy is determined, the alarm information is generated according to the abnormal log data, the alarm information is stored in time and the preset target address is informed, so that a technician can check the application program according to the abnormal log data in time and find out the potential or occurred fault problem of the application program in time, the fault problem of the application degree can be solved in time, the stability of a system platform where the application program is located is guaranteed, and the user experience is improved.
Description
Technical Field
The invention relates to the technical field of log data processing, in particular to a log data analysis method and device.
Background
As the number of applications running on the cloud service center system platform increases, the number of log data generated by the applications running also increases.
When an application program fails, technicians need to check the reason of the failure of the application program in massive log data, so that the problem of the failure is solved according to the reason of the failure. Due to the fact that the number of the application programs running on the cloud service center system platform is increased continuously, the failure rate of the application programs is increased accordingly, a great burden is brought to technical staff for checking the reason that the application programs fail, the problem that the application programs fail is difficult to solve in time, and therefore user experience is reduced.
Disclosure of Invention
In view of the above problems, the present invention provides a log data analysis method and apparatus for overcoming the above problems or at least partially solving the above problems, and the technical solution is as follows:
a log data analysis method is applied to a log data analysis device, and the log data analysis device comprises: a log monitoring module, a log analysis module and a data processing module,
the log monitoring module obtains a log data alarm strategy;
the log monitoring module obtains at least one target log data according to the log data alarm strategy and sends the at least one target log data and the log data alarm strategy to the log analysis module;
the log analysis module determines whether the at least one target log data meets an alarm condition in the log data alarm strategy, and if so, determines at least one abnormal log data in the at least one target log data;
the log analysis module generates first alarm information according to the at least one abnormal log data, and sends the first alarm information, the at least one abnormal log data and the log data alarm strategy to the data processing module;
the data processing module formats the first alarm information into second alarm information according to a first format configuration item in the log data alarm strategy, and stores the second alarm information into a first database;
the data processing module formats the at least one abnormal log data into abnormal log information according to a second format configuration item configured in the log data alarm strategy;
and the data processing module sends the first alarm information and the abnormal log information to a preset target address.
Optionally, the log data alarm policy includes a target log data configuration item, and the log monitoring module obtains at least one target log data according to the log data alarm policy, including:
and the log monitoring module determines at least one target log data matched with the target log data configuration item in a second database in which log data are stored in advance.
Optionally, the target log data configuration item includes a target object and an alarm period, and the determining, by the log monitoring module, at least one target log data matched with the target log data configuration item in a second database in which log data is stored in advance includes:
the log monitoring module determines at least one log data matched with the target object in a second database in which the log data are stored in advance;
and the log monitoring module obtains at least one target log data matched with the alarm period from at least one log data matched with the target object.
Optionally, the alarm condition includes:
the occurrence frequency of the warning keyword in the at least one target log data is larger than a preset threshold value.
Optionally, the determining at least one abnormal log data in the target log data includes:
and determining at least one log data carrying the alarm keyword in the at least one target log data as abnormal log data.
Optionally, the preset target address includes a mail address, and the data processing module sends the first alarm information and the abnormal log information to the preset target address, including:
and the data processing module takes the first warning information as an attachment of the mail, edits the abnormal log information into a body of the mail, and sends the mail to the mail address.
A log data analysis apparatus comprising: a log monitoring module, a log analysis module and a data processing module,
the log monitoring module is configured to execute a log data alarm strategy, obtain at least one target log data according to the log data alarm strategy, and send the at least one target log data and the log data alarm strategy to the log analysis module;
the log analysis module is configured to determine whether the at least one target log data meets an alarm condition in the log data alarm policy, if so, determine at least one abnormal log data in the at least one target log data, generate first alarm information according to the at least one abnormal log data, and send the first alarm information, the at least one abnormal log data and the log data alarm policy to the data processing module;
the data processing module is configured to execute the steps of configuring a first format configuration item in the log data alarm strategy, formatting the first alarm information into second alarm information, storing the second alarm information into a first database, formatting the at least one abnormal log data into abnormal log information according to the second format configuration item configured in the log data alarm strategy, and sending the first alarm information and the abnormal log information to a preset target address.
Optionally, the log data alarm policy includes a target log data configuration item,
the log monitoring module is specifically configured to determine at least one target log data matched with the target log data configuration item in a second database in which log data are stored in advance.
Optionally, the target log data configuration item includes a target object and an alarm period,
the log monitoring module is specifically configured to determine at least one log data matched with the target object in a second database in which log data are stored in advance, and obtain at least one target log data matched with the alarm period from the at least one log data matched with the target object.
Optionally, the preset destination address includes a mail address,
the data processing module is specifically configured to execute the steps of using the first warning information as an attachment of the mail, editing the abnormal log information into a body of the mail, and sending the mail to the mail address.
By means of the technical scheme, the invention provides a log data analysis method and a device, wherein the log data analysis device comprises: the system comprises a log monitoring module, a log analysis module and a data processing module. According to the method and the device, the abnormal log data meeting the alarm condition in the log data alarm strategy is determined, the alarm information is generated according to the abnormal log data, the alarm information is stored in time and the preset target address is informed, so that a technician can check the application program according to the abnormal log data in time and find out the potential or occurred fault problem of the application program in time, the fault problem of the application degree can be solved in time, the stability of a system platform where the application program is located is guaranteed, and the user experience is improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a timing diagram illustrating a log data analysis method according to an embodiment of the present invention;
FIG. 2 is a timing diagram illustrating another log data analysis method provided by an embodiment of the invention;
FIG. 3 is a timing diagram illustrating another log data analysis method provided by an embodiment of the invention;
FIG. 4 is a timing diagram illustrating another log data analysis method provided by an embodiment of the invention;
FIG. 5 is a timing diagram illustrating another log data analysis method provided by an embodiment of the invention;
fig. 6 is a schematic structural diagram illustrating a log data analysis apparatus according to an embodiment of the present invention;
fig. 7 shows a schematic structural diagram of an apparatus provided in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, a log data analysis method provided in an embodiment of the present invention is applied to a log data analysis device, where the log data analysis device includes: the system comprises a log monitoring module, a log analysis module and a data processing module.
S100, the log monitoring module obtains a log data alarm strategy.
The log data alarm strategy can comprise a plurality of log data configuration items such as an alarm keyword, an alarm period, a preset threshold, a comparison rule and an operation mode. The embodiment of the invention can complete the configuration of the log data alarm strategy by setting each log data configuration item. Optionally, the user may log in a cloud service center console on the cloud service center system platform to set at least one log data configuration item in the log data alarm policy, and store the configured log data alarm policy in the policy storage database. The cloud service center system platform can be a paas platform developed based on kubernets. The cloud service center system platform can provide an environment where applications can be deployed for users, and the application life cycle is managed.
Optionally, the user may set the policy state of each log data alarm policy in the policy storage database. Optionally, the policy state may include at least one of an active state, a deactivated state, and an inactive state. The user can search the log data alarm strategy with the effective state in the strategy storage database through the application program server interface, and then the log data alarm strategy with the effective state is sent to the log monitoring module through the application program server interface, so that the log monitoring module obtains the log data alarm strategy.
S110, the log monitoring module obtains at least one target log data according to the log data alarm strategy.
Specifically, the log monitoring module may obtain at least one target log data matched with at least one log data configuration item according to the at least one log data configuration item in the log data alarm policy.
Optionally, the log data alarm policy includes a target log data configuration item, and based on the method shown in fig. 1, as shown in fig. 2, in another log data analysis method provided in the embodiment of the present invention, step S110 may include:
s111, the log monitoring module determines at least one target log data matched with the target log data configuration item in a second database in which log data are stored in advance.
It is understood that one or more log data configuration items can be set as target log data configuration items in at least one log data configuration item in the log data alarm policy. The log monitoring module can search and obtain target log data matched with the target log data configuration item according to the target log data configuration item.
Specifically, the target log data configuration item includes a target object and an alarm period, and based on the method shown in fig. 2, as shown in fig. 3, in another log data analysis method provided in the embodiment of the present invention, step S111 may include:
s111a, the log monitoring module determines at least one log data matched with the target object in a second database in which the log data are stored in advance.
The target object may be a target application. The log monitoring module may determine log data generated by the target application program at runtime in a second database in which the log data is stored in advance. For example: the target application is 'boring treasure', and the log monitoring module can determine at least one log data matched with 'boring treasure'.
Alternatively, the second database and the policy storage database may be the same database.
S111b, the log monitoring module obtains at least one target log data matched with the alarm period from at least one log data matched with the target object.
The alarm period may be a time period for the user to set the target log data to be obtained in the at least one log data matched with the target object. The user can set the alarm period according to the actual requirement. For example: the alarm periods may be 5 minutes, 30 minutes, and 1 hour. When the alarm period is 5 minutes, the log monitoring module may determine, as the target log data, log data within 5 minutes before the current time from among the at least one log data matched with the target object.
S120, the log monitoring module sends the at least one target log data and the log data alarm strategy to the log analysis module.
S130, the log analysis module determines whether the at least one target log data meets the alarm condition in the log data alarm strategy, and if so, the step S140 is executed.
Optionally, the alarm condition may be composed of an alarm keyword, a preset threshold, a comparison rule, and an operation mode. Optionally, the comparison rule may include at least one of "greater than", "less than", "equal to", "not less than", and "not greater than". Optionally, the operation manner may include at least one of "addition", "subtraction", "multiplication", and "division". Optionally, the alarm keyword may be "Exception". It can be understood that the alarm keyword and the preset threshold may be set according to the actual requirement of the user, and the embodiment of the present invention is not further limited herein.
Optionally, the alarm condition includes: the occurrence frequency of the warning keyword in the at least one target log data is larger than a preset threshold value.
Optionally, when the log analysis module determines that the at least one target log data does not satisfy the alarm condition in the log data alarm policy, no subsequent operation may be performed.
S140, the log analysis module determines at least one abnormal log data in the at least one target log data.
Optionally, based on the method shown in fig. 1, as shown in fig. 4, in another log data analysis method provided in the embodiment of the present invention, step S140 may include:
s141, the log analysis module determines at least one log data carrying the alarm keyword in the at least one target log data as abnormal log data.
S150, the log analysis module generates first alarm information according to the at least one abnormal log data.
Optionally, in the embodiment of the present invention, the target information may be extracted from the at least one abnormal log data, and the target information is input into a preset information template to generate the first warning information. Optionally, the first warning message may be at least one of text, image, and audio.
S160, the log analysis module sends the first alarm information, the at least one abnormal log data and the log data alarm strategy to the data processing module.
S170, the data processing module formats the first alarm information into second alarm information according to a first format configuration item in the log data alarm strategy.
And S180, the data processing module stores the second alarm information into a first database.
Wherein the first format configuration item may relate to a format type of the data stored in the first database. For example: when the format type of the data stored in the first database is a numeric format, the first format configuration item may be "convert data in a character string format into data in a numeric format". In general, the first alarm information is data in a JSON string format, and the data processing module may format the first alarm information in the JSON string format into second alarm information in a digital format according to the first format configuration item, and may further store the second alarm information in the digital format in the first database, thereby achieving the purpose of storing the alarm information.
Alternatively, the first database may be the same database as the second database.
S190, the data processing module formats the at least one abnormal log data into abnormal log information according to a second format configuration item configured in the log data alarm strategy.
S200, the data processing module sends the first alarm information and the abnormal log information to a preset target address.
In a general case, the format type of the exception log information is JSON character string format, and thus the second format configuration item may be configured to "convert data in character string format into data in text format". The data processing module can format the abnormal log information with the format type of JSON character string format into the abnormal log information with text format according to the second format configuration item.
Optionally, the preset destination address includes a mail address, and based on the method shown in fig. 1, as shown in fig. 5, in another log data analysis method provided in the embodiment of the present invention, step S200 may include:
s201, the data processing module takes the first warning information as an attachment of the mail, edits the abnormal log information into a body of the mail, and sends the mail to the mail address.
The log data analysis method provided by the embodiment of the invention is applied to a log data analysis device, and the log data analysis device comprises the following steps: the system comprises a log monitoring module, a log analysis module and a data processing module. According to the method and the device, the abnormal log data meeting the alarm condition in the log data alarm strategy is determined, the alarm information is generated according to the abnormal log data, the alarm information is stored in time and the preset target address is informed, so that a technician can check the application program according to the abnormal log data in time and find out the potential or occurred fault problem of the application program in time, the fault problem of the application degree can be solved in time, the stability of a system platform where the application program is located is guaranteed, and the user experience is improved.
Corresponding to the foregoing method embodiment, an embodiment of the present invention provides a log data analysis apparatus, whose structure is shown in fig. 6, including: a log monitoring module 100, a log analysis module 200 and a data processing module 300.
The log monitoring module 100 may be configured to execute a log data alarm policy, obtain at least one target log data according to the log data alarm policy, and send the at least one target log data and the log data alarm policy to the log analysis module 200.
Optionally, the log data alarm policy includes a target log data configuration item.
The log monitoring module 100 may be specifically configured to determine at least one target log data matching the target log data configuration item in a second database in which log data is stored in advance.
Optionally, the target log data configuration item includes a target object and an alarm period.
The log monitoring module 100 may be specifically configured to determine at least one log data matched with the target object in a second database in which log data are stored in advance, and obtain at least one target log data matched with the alarm period from the at least one log data matched with the target object.
The log analysis module 200 may be configured to perform determining whether the at least one target log data meets an alarm condition in the log data alarm policy, if so, determining at least one abnormal log data in the at least one target log data, generating first alarm information according to the at least one abnormal log data, and sending the first alarm information, the at least one abnormal log data, and the log data alarm policy to the data processing module 300.
Optionally, the alarm condition includes: the occurrence frequency of the warning keyword in the at least one target log data is larger than a preset threshold value.
Optionally, the log analysis module 200 may be specifically configured to determine at least one log data carrying the alarm keyword in the at least one target log data as abnormal log data.
The data processing module 300 may be configured to execute configuring, according to a first format configuration item in the log data alarm policy, formatting the first alarm information into second alarm information, store the second alarm information in a first database, format the at least one abnormal log data into abnormal log information according to a second format configuration item configured in the log data alarm policy, and send the first alarm information and the abnormal log information to a preset target address.
Optionally, the preset target address includes a mail address, and the data processing module 300 may be specifically configured to execute the steps of using the first warning information as an attachment of a mail, editing the abnormal log information into a body of the mail, and sending the mail to the mail address.
The embodiment of the invention provides a log data analysis device, which comprises: a log monitoring module 100, a log analysis module 200 and a data processing module 300. According to the method and the device, the abnormal log data meeting the alarm condition in the log data alarm strategy is determined, the alarm information is generated according to the abnormal log data, the alarm information is stored in time and the preset target address is informed, so that a technician can check the application program according to the abnormal log data in time and find out the potential or occurred fault problem of the application program in time, the fault problem of the application degree can be solved in time, the stability of a system platform where the application program is located is guaranteed, and the user experience is improved.
The log data analysis device comprises a processor and a memory, wherein the log monitoring module 100, the log analysis module 200, the data processing module 300 and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, abnormal log data meeting the alarm condition in the log data alarm strategy is determined by adjusting the kernel parameters, alarm information is generated according to the abnormal log data, and the alarm information is stored in time and is informed to a preset target address.
An embodiment of the present invention provides a storage medium having a program stored thereon, the program implementing the log data analysis method when executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the log data analysis method is executed when the program runs.
As shown in fig. 7, an embodiment of the present invention provides an apparatus 400, where the apparatus 400 includes at least one processor 401, and at least one memory 402 connected to the processor 401, a bus 403; the processor 401 and the memory 402 complete communication with each other through the bus 403; the processor 401 is configured to call program instructions in the memory 402 to perform the log data analysis method described above. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application also provides a computer program product adapted to perform a program initialized with the steps comprised by the log data analysis method described above, when executed on a data processing device.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a device includes one or more processors (CPUs), memory, and a bus. The device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A log data analysis method is applied to a log data analysis device, and the log data analysis device comprises: a log monitoring module, a log analysis module and a data processing module,
the log monitoring module obtains a log data alarm strategy;
the log monitoring module obtains at least one target log data according to the log data alarm strategy and sends the at least one target log data and the log data alarm strategy to the log analysis module;
the log analysis module determines whether the at least one target log data meets an alarm condition in the log data alarm strategy, and if so, determines at least one abnormal log data in the at least one target log data;
the log analysis module generates first alarm information according to the at least one abnormal log data, and sends the first alarm information, the at least one abnormal log data and the log data alarm strategy to the data processing module;
the data processing module formats the first alarm information into second alarm information according to a first format configuration item in the log data alarm strategy, and stores the second alarm information into a first database;
the data processing module formats the at least one abnormal log data into abnormal log information according to a second format configuration item configured in the log data alarm strategy;
and the data processing module sends the first alarm information and the abnormal log information to a preset target address.
2. The method of claim 1, wherein the log data alarm policy includes a target log data configuration item, and wherein the obtaining, by the log monitoring module, at least one target log data according to the log data alarm policy comprises:
and the log monitoring module determines at least one target log data matched with the target log data configuration item in a second database in which log data are stored in advance.
3. The method of claim 2, wherein the target log data configuration item comprises a target object and an alarm period, and the log monitoring module determines at least one target log data matching the target log data configuration item in a second database in which log data is stored in advance, comprising:
the log monitoring module determines at least one log data matched with the target object in a second database in which the log data are stored in advance;
and the log monitoring module obtains at least one target log data matched with the alarm period from at least one log data matched with the target object.
4. The method of claim 1, wherein the alarm condition comprises:
the occurrence frequency of the warning keyword in the at least one target log data is larger than a preset threshold value.
5. The method of claim 4, wherein the determining at least one anomalous log data in the target log data comprises:
and determining at least one log data carrying the alarm keyword in the at least one target log data as abnormal log data.
6. The method according to claim 1, wherein the preset destination address includes a mail address, and the sending, by the data processing module, the first warning information and the exception log information to the preset destination address includes:
and the data processing module takes the first warning information as an attachment of the mail, edits the abnormal log information into a body of the mail, and sends the mail to the mail address.
7. A log data analysis apparatus, comprising: a log monitoring module, a log analysis module and a data processing module,
the log monitoring module is configured to execute a log data alarm strategy, obtain at least one target log data according to the log data alarm strategy, and send the at least one target log data and the log data alarm strategy to the log analysis module;
the log analysis module is configured to determine whether the at least one target log data meets an alarm condition in the log data alarm policy, if so, determine at least one abnormal log data in the at least one target log data, generate first alarm information according to the at least one abnormal log data, and send the first alarm information, the at least one abnormal log data and the log data alarm policy to the data processing module;
the data processing module is configured to execute the steps of configuring a first format configuration item in the log data alarm strategy, formatting the first alarm information into second alarm information, storing the second alarm information into a first database, formatting the at least one abnormal log data into abnormal log information according to the second format configuration item configured in the log data alarm strategy, and sending the first alarm information and the abnormal log information to a preset target address.
8. The apparatus of claim 7, wherein the log data alarm policy comprises a target log data configuration item,
the log monitoring module is specifically configured to determine at least one target log data matched with the target log data configuration item in a second database in which log data are stored in advance.
9. The apparatus of claim 8, wherein the target log data configuration items comprise a target object and an alarm period,
the log monitoring module is specifically configured to determine at least one log data matched with the target object in a second database in which log data are stored in advance, and obtain at least one target log data matched with the alarm period from the at least one log data matched with the target object.
10. The apparatus of claim 7, wherein the preset destination address comprises a mail address,
the data processing module is specifically configured to execute the steps of using the first warning information as an attachment of the mail, editing the abnormal log information into a body of the mail, and sending the mail to the mail address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011172628.1A CN112231192A (en) | 2020-10-28 | 2020-10-28 | Log data analysis method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011172628.1A CN112231192A (en) | 2020-10-28 | 2020-10-28 | Log data analysis method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231192A true CN112231192A (en) | 2021-01-15 |
Family
ID=74109590
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011172628.1A Pending CN112231192A (en) | 2020-10-28 | 2020-10-28 | Log data analysis method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231192A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113391990A (en) * | 2021-06-30 | 2021-09-14 | 未鲲(上海)科技服务有限公司 | System log monitoring method, device, equipment and storage medium |
| CN114679397A (en) * | 2022-05-06 | 2022-06-28 | 苏州德姆斯信息技术有限公司 | Fault analysis system and method of embedded equipment |
-
2020
- 2020-10-28 CN CN202011172628.1A patent/CN112231192A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113391990A (en) * | 2021-06-30 | 2021-09-14 | 未鲲(上海)科技服务有限公司 | System log monitoring method, device, equipment and storage medium |
| CN114679397A (en) * | 2022-05-06 | 2022-06-28 | 苏州德姆斯信息技术有限公司 | Fault analysis system and method of embedded equipment |
| CN114679397B (en) * | 2022-05-06 | 2023-12-12 | 苏州德姆斯信息技术有限公司 | Fault analysis system and method for embedded equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9836346B2 (en) | Error troubleshooting using a correlated knowledge base | |
| JP2019517040A (en) | Cloud platform based client application information statistics method and apparatus | |
| CN111290866A (en) | Service processing method and device | |
| CN106897342B (en) | Data verification method and equipment | |
| CN112231192A (en) | Log data analysis method and device | |
| CN110798490B (en) | Method and device for accessing third-party system based on data center and data center | |
| CN114465870B (en) | Alarm information processing method and device, storage medium and electronic equipment | |
| CN113641526B (en) | Alarm root cause positioning method and device, electronic equipment and computer storage medium | |
| CN108289034A (en) | A kind of fault discovery method and apparatus | |
| CN112183039A (en) | Compliance verification method and device for business report | |
| CN106878365B (en) | data synchronization method and device | |
| CN110990456A (en) | Block chain-based information reading and converting method, device and medium | |
| CN113704117A (en) | Algorithm testing system, method and device | |
| CN112350890B (en) | Message processing method, device, server and storage medium | |
| CN110858166A (en) | Application exception processing method and device, storage medium and processor | |
| CN107301097B (en) | Method and device for storing calling java object and reference address information of java object | |
| CN109039695B (en) | Service fault processing method, device and equipment | |
| CN115756888A (en) | Data processing method, processor, device and storage medium | |
| CN114138615A (en) | Service alarm processing method, device, equipment and storage medium | |
| CN114328129A (en) | Message sending method, device, equipment and storage medium | |
| CN109062642B (en) | Control message notification method and device | |
| CN110020348B (en) | Early warning method and device for circled events | |
| CN115168489B (en) | Data certification method and device based on blockchain | |
| CN114629942B (en) | Fraud early warning task generation method, device, equipment and medium | |
| CN111552703A (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |