CN112579406B - Log call chain generation method and device - Google Patents
Log call chain generation method and device Download PDFInfo
- Publication number
- CN112579406B CN112579406B CN201910936077.2A CN201910936077A CN112579406B CN 112579406 B CN112579406 B CN 112579406B CN 201910936077 A CN201910936077 A CN 201910936077A CN 112579406 B CN112579406 B CN 112579406B
- Authority
- CN
- China
- Prior art keywords
- application
- module
- log
- identification
- application module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012544 monitoring process Methods 0.000 claims abstract description 39
- 230000005540 biological transmission Effects 0.000 claims abstract description 27
- 238000005516 engineering process Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 9
- 230000007613 environmental effect Effects 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 235000010627 Phaseolus vulgaris Nutrition 0.000 description 2
- 244000046052 Phaseolus vulgaris Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a log call chain generation method and device, and relates to the technical field of computers. One embodiment of the method comprises the following steps: generating an identification code according to the identification of the equipment where the application is located and the current time stamp; monitoring the transmission sequence of the identification codes among all application modules; extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain. According to the embodiment, the logs in each log server are automatically extracted by using the identification codes, and the logs are ordered according to the transmission sequence of the identification codes among the application modules, so that the automatic generation of a log call chain is realized, and a foundation is provided for centralized archiving of the logs and positioning of abnormal logs.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for generating a log call chain.
Background
The log mainly comprises a system log, an application program log and a security log. System operation and development personnel can know server software and hardware information through logs, check errors in the configuration process and reasons of the errors, and accordingly timely take measures to correct the errors.
The Internet adopts distributed application, and a system in the application is split into a plurality of different application modules. Thus, a complete operational flow (i.e., call chain) may involve calling a plurality of different application modules, and logs output by different application modules may be stored in different log servers in a decentralized manner.
In carrying out the present invention, the inventors have found that at least the following problems exist in the prior art:
1. under the current distributed application scene, logs in each application module are not subjected to centralized archiving treatment, so that query logs need to be carried out in different log servers, and a complete log calling link is difficult to form, thereby being not beneficial to tracking and querying abnormal logs;
2. when the number of log servers is large, if the traditional log logging and consulting mode is still adopted, the problems of complex operation and low efficiency exist.
Disclosure of Invention
In view of the above, the embodiments of the present invention provide a method and an apparatus for generating a log call chain, which at least can solve the problem that in the prior art, there is no scheme for effectively and centrally managing logs and automatically generating a log call chain.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a log call chain generation method including:
generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
monitoring the transmission sequence of the identification codes among all application modules;
extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
Optionally, the monitoring the transmission sequence of the identification code between the application modules further includes: when the application module comprises application sub-modules, monitoring the calling sequence of each application sub-module in the application module, and sequentially transmitting the identification codes among the application sub-modules according to the calling sequence.
Optionally, before the extracting the log corresponding to the identification code in each application module, the method further includes: respectively acquiring operation data of each application module to generate a log based on the acquired operation data; and obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module.
Optionally, the collecting operation data of each application module includes:
respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology; and
and respectively monitoring the environmental data of each application module in the operation process by using an index acquisition technology.
To achieve the above object, according to another aspect of the embodiments of the present invention, there is provided a log call chain generating apparatus including:
the identification code generation module is used for generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
the sequence monitoring module is used for monitoring the transmission sequence of the identification codes among the application modules;
and the call chain generation module is used for extracting the logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
Optionally, the sequential monitoring module is further configured to: when the application module comprises application sub-modules, monitoring the calling sequence of each application sub-module in the application module, and sequentially transmitting the identification codes among the application sub-modules according to the calling sequence.
Optionally, the system further comprises a data acquisition module for: respectively acquiring operation data of each application module to generate a log based on the acquired operation data; and obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module.
Optionally, the data acquisition module is configured to:
respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology; and
and respectively monitoring the environmental data of each application module in the operation process by using an index acquisition technology.
To achieve the above object, according to still another aspect of an embodiment of the present invention, there is provided a log call chain generating electronic device.
The electronic equipment of the embodiment of the invention comprises: one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are enabled to realize the log call chain generation method.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided a computer-readable medium having stored thereon a computer program which, when executed by a processor, implements any one of the above-described log call chain generation methods.
According to the solution provided by the present invention, one embodiment of the above invention has the following advantages or beneficial effects: setting an identification code for automatically marking the log when the user operates the application module; monitoring the transfer sequence of the identification codes among all application modules, and generating a log call chain by using the subsequent sequencing combination of logs so as to realize the archiving management of the logs; by adopting the byte code pile inserting technology to collect operation data, the intrusion to the application is avoided, and the use safety of the application is ensured.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic flow diagram of a method for generating a log call chain according to an embodiment of the invention;
FIG. 2 is a flow diagram of an alternative log call chain generation method according to an embodiment of the invention;
FIG. 3 is a schematic diagram of the main modules of a log call chain generating device according to an embodiment of the invention;
FIG. 4 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 5 is a schematic diagram of a computer system suitable for use in implementing a mobile device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The words related to the present invention are explained as follows:
security log: every time the power is turned on or off, a program is run, and the system reports errors, the information is recorded and stored in a log file.
Byte code instrumentation: monitoring instructions have been inserted using Javaagent and javaist to dynamically reconstruct Class bytes.
It should be noted that the embodiment of the invention is mainly suitable for log monitoring of distributed applications, so as to collect logs stored in different log servers together for centralized management, and make statistics and search on the logs, thereby generating a log call chain, and providing a foundation for subsequently improving log query efficiency, rapidly analyzing the logs and locating abnormal logs.
Referring to fig. 1, a main flowchart of a log call chain generating method provided by an embodiment of the present invention is shown, including the following steps:
s101: generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
s102: monitoring the transmission sequence of the identification codes among all application modules;
s103: extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
In the above embodiment, for step S101, after the user clicks into the application, the application automatically generates a UUID (Universally Unique Identifier, universal unique identifier) so that all elements in the distributed application can have unique identification information, without the need of specifying the identification information by the central control terminal. In this way, each operation in the application can create UUIDs that do not conflict with other operations, and the problem of name duplication during log creation is not required to be considered later.
UUID refers to a number generated on one device to ensure that it is unique to all machines in the same time slot. UUID consists of the following parts:
1) The first part of UUID is related to time, if the system generates a UUID after generating a UUID for a few seconds, the first part is different, and the rest parts are the same;
2) A clock sequence or a random number sequence, such as a random four-bit number;
3) The globally unique IEEE machine identification number, if any, is obtained from the network card MAC address (Media Access Control or Medium Access Control, medium access control or physical address) and not otherwise obtained.
For step S102, the user has a sequence of operations, e.g., 1-2-3, 1-3-2, on the application modules within the system. For the same application module, the operation sequences of different users are different. In order to facilitate the generation of a subsequent log call chain, the invention generates a branch, for example, 1.1- >1.1.1- > 1.1.2- >1.2, when an application module is called each time, similar to a directory structure, so as to record the clicking or operation sequence of the application module by a user.
To record the click/operation sequence of the application module by the user in more detail, the present invention selects to transmit the obtained identification code along with the operation sequence of the application module by the user, for example:
1) The user clicks the order module to operate, and the UUID is located in the order module;
2) Then, the user clicks the commodity module to check commodity information, and the UUID is transmitted to the commodity module through the order module;
3) Then, the user clicks the inventory module to check the inventory information of the commodity, and the UUID is transmitted to the inventory module through the commodity module;
4) The transfer sequence of UUIDs between application modules is an order module, a commodity module and an inventory module.
An application may include a plurality of application modules, but the user may only click on a part of the application modules to operate, and through the UUID transmission, it may be determined which application modules are operated by the user, so as to implement screening and sorting of the invoked application modules.
Further, an application module may include a plurality of application sub-modules, such as a commodity module including an inventory module and a price module. When a user clicks to view the commodity inventory, the transfer sequence of UUIDs is as follows: the UUID is transmitted to the commodity module first and then to the inventory module in the commodity module, similar to 1.1- >1.1.1 in the catalog.
For step S103, the log in the application module is stored in the log server corresponding to the application module. In order to facilitate the subsequent extraction and centralized archiving of the log, the invention selects to generate the identification of the log according to the identification code and the identification of the application module when generating the log, thereby obtaining the corresponding relation between the log and the identification code.
However, the same user may perform multiple operations on the same application module or application sub-module, for example, click the inventory module and then return to click the commodity module, that is, the number of operations performed on the commodity module by the user is two, and the operation data obtained by the two operations may be different, so that two logs may be generated.
If the log identifier is generated by using the identifier and the identifier of the application module, the execution sequence of the two logs may not be considered, so that the operation timestamp of the user on the application module needs to be considered on the basis of the original identifier and the identifier of the application module. For example 17:30 log 1, 18:00 log 2.
Specifically:
collecting operation data of each application module, and generating logs corresponding to each application module;
and obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module.
The log corresponds to the operation of the user on calling the application modules, and after the log is extracted according to the identification codes, the log generated in the whole transaction flow is recorded in an order according to the transmission order of the identification codes among the application modules, so that a log call chain is generated.
Problems that can be solved by the call chain are generally introduced:
1. quick positioning of which component the problem is in; each call chain generates a call chain ID through which subsequent queries can be made;
2. the request and the corresponding time difference (component performance optimization) can be accurately obtained for the performance of different services.
According to the method provided by the embodiment, the logs in each log server are automatically extracted by using the identification codes, and the logs are ordered according to the transmission sequence of the identification codes among the application modules, so that the automatic generation of a log call chain is realized.
Referring to fig. 2, an alternative log call chain generation method flow diagram is shown, comprising the steps of,
s201: generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
s202: respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology;
s203: monitoring environment data of each application module in the operation process by using an index acquisition technology;
s204: generating a plurality of logs based on the performance data and the environmental data collected for each application module;
s205: obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module;
s206: monitoring the transmission sequence of the identification codes among all application modules;
s207: extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
In the above embodiment, for the steps S201, S205 to S207, reference is made to the descriptions of the steps S101 to S103 shown in fig. 1, respectively, and the descriptions are omitted here.
In the above embodiment, for steps S202 to S204, the collection of the operation data of the user-invoked application module is divided into the internal performance collection and the external environment collection, so as to obtain the performance data and the environment data, respectively.
1. Internal performance data acquisition
The acquisition mode can be a byte code instrumentation technology or a hard coding mode, but the byte code instrumentation technology is mainly selected by considering that the hard coding mode and the application code have higher coupling degree and possibly cause application intrusion to a certain extent.
Application internal performance data such as http response time, service response, exceptions, SQL statements (Structured Query Language ), external interface responses are monitored by bytecode instrumentation. And the internal data of the application can be accurately monitored, and meanwhile, the application cannot be invaded, so that the application popularization cost is reduced.
In addition, for general monitoring, resource metrics can be easily obtained by invoking operating system commands. For example, the linux system command, the up time obtains the machine load condition, the free command obtains the available memory number of the system, and the si and so commands obtain the writing and reading numbers of the exchange area.
2. External environmental data acquisition
External environment data, such as CPU (Central processing Unit) utilization rate, memory, a file system, disk IO and network IO statistical data, of an application module in the operation process are acquired based on a metric bean (lightweight index collector), and the statistical data similar to a top command can be acquired for each process in the application. In addition, based on the plug-in provided in the meta-boot, state information such as mysql, redis, nginx can be actively collected.
Therefore, the operation data of each application module includes the performance data and the environment data, so as to generate a log of the current operation of the user in the application module.
The complete log has a very important role:
1) Searching information: locating the corresponding bug by searching the log information to find out a solution;
2) Service diagnosis: the load and service running state of the server are known through statistics and analysis of the log information, and time-consuming requests are found out for optimization and the like;
3) Data analysis: if the log is formatted, further data analysis, statistics and aggregation can be performed to obtain meaningful information.
The whole set of architecture is expanded and upgraded on the basis of an ELK (real-time log analysis platform), the ELK consists of ElasticSearch, logstash and Kiabana three open source tools, is generally applied to a log centralized collection scene and is mainly divided into four parts of log collection, transmission, storage and display.
For the generated logs, log collection is typically done with filebean, then exported to the elastic search for archival storage via logstack (beans, kafka may also be used), and then a log call chain is generated. The client is usually installed in a log server that needs to collect logs, and the server is responsible for filtering, modifying and other operations on the received logs of each node, and then sends the logs to the elastic search.
Kibana is an elastic search front-end presentation tool based on browser pages, and provides log analysis friendly Web interfaces for Logstar and elastic search to help users collect, analyze and search important logs.
Before log is transmitted to the elastic search by using the logstack, the invention can trigger alarm operation based on user-defined settings, such as performance alarm, CPU reaching 60%, memory usage reaching 70%, error occurrence log and the like.
If the basic index reaches the rule set by the user, the method can directly transmit data flow to an alarm center to trigger alarm based on a logstack-output-http plug-in the logstack; however, if the alarm condition is complex, for example, the calling frequency of a certain interface or a certain method reaches the upper limit or the performance index QPS called in a certain time can not meet the requirement, the data stream can be conveyed to the alarm center to trigger the alarm based on the logstack-output-zabbix.
The method solves the problem of difficulty in centralized archiving of the logs in the existing distributed application scene, and the logs are archived in a call chain mode by monitoring the transmission sequence of the identification codes among the application modules, so that the subsequent log inquiry and abnormal log positioning are facilitated; the operation data of the application module is collected through the byte code instrumentation technology, so that the intrusion of the application can be avoided.
Referring to fig. 3, a schematic diagram of main modules of a log call chain generating apparatus 300 according to an embodiment of the present invention is shown, including:
the identification code generating module 301 is configured to generate an identification code according to an identifier of an apparatus where the application is located and a current timestamp;
a sequence monitoring module 302, configured to monitor a transmission sequence of the identification code between each application module;
and the call chain generation module 303 is configured to extract the logs corresponding to the identification codes in each application module, and perform permutation and combination on the extracted logs according to the transmission sequence to obtain a log call chain.
In the embodiment of the present invention, the sequential monitoring module 302 is further configured to: when the application module comprises application sub-modules, monitoring the calling sequence of each application sub-module in the application module, and sequentially transmitting the identification codes among the application sub-modules according to the calling sequence.
The implementation device of the present invention further includes a data acquisition module 304 (not shown in the figure) for: respectively acquiring operation data of each application module to generate a log based on the acquired operation data; and obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module.
In the embodiment of the present invention, the data acquisition module 304 is configured to:
respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology; and
and respectively monitoring the environmental data of each application module in the operation process by using an index acquisition technology.
In addition, the implementation of the apparatus in the embodiments of the present invention has been described in detail in the above method, so that the description is not repeated here.
The device provided by the embodiment of the invention solves the problem of difficulty in centralized archiving of the logs in the existing distributed application scene, and the logs are archived in a call chain mode by monitoring the transmission sequence of the identification codes among the application modules, so that the subsequent log inquiry and abnormal log positioning are facilitated; the operation data of the application module is collected through the byte code instrumentation technology, so that the intrusion of the application can be avoided.
Fig. 4 illustrates an exemplary system architecture 400 in which embodiments of the present invention may be applied.
As shown in fig. 4, the system architecture 400 may include terminal devices 401, 402, 403, a network 404, and a server 405 (by way of example only). The network 404 is used as a medium to provide communication links between the terminal devices 401, 402, 403 and the server 405. The network 404 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 405 via the network 404 using the terminal devices 401, 402, 403 to receive or send messages or the like. Various communication client applications can be installed on the terminal devices 401, 402, 403.
The terminal devices 401, 402, 403 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 405 may be a server providing various services, such as a background management server (by way of example only) providing support for shopping-type websites browsed by users using the terminal devices 401, 402, 403.
It should be noted that the method provided by the embodiment of the present invention is generally performed by the server 405, and accordingly, the apparatus is generally disposed in the server 405.
It should be understood that the number of terminal devices, networks and servers in fig. 4 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 5, there is illustrated a schematic diagram of a computer system 500 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 5 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 5, the computer system 500 includes a Central Processing Unit (CPU) 501, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the system 500 are also stored. The CPU 501, ROM 502, and RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
The following components are connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 501.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor comprises an identification code generation module, a sequence monitoring module and a call chain generation module. Where the names of the modules do not constitute a limitation on the module itself in some cases, for example, call chain generation may also be described as "log call chain generation".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include:
generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
monitoring the transmission sequence of the identification codes among all application modules;
extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
According to the technical scheme of the embodiment of the invention, the problem of difficulty in centralized archiving of the logs in the existing distributed application scene is solved, and the archiving of the logs according to a call chain mode is realized by monitoring the transmission sequence of the identification codes among the application modules, so that the subsequent log inquiry and the abnormal log positioning are facilitated; the operation data of the application module is collected through the byte code instrumentation technology, so that the intrusion of the application can be avoided.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (8)
1. A log call chain generation method, comprising:
generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
monitoring the transmission sequence of the identification codes among all application modules; wherein, one or more operations are performed on the same application module;
respectively acquiring operation data of each application module to generate a log based on the acquired operation data; obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module; wherein the operation data includes internal performance data and external environment data;
extracting logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
2. The method of claim 1, wherein the listening for the order in which the identification codes are transferred between the application modules further comprises:
when the application module comprises application sub-modules, monitoring the calling sequence of each application sub-module in the application module, and sequentially transmitting the identification codes among the application sub-modules according to the calling sequence.
3. The method of claim 1, wherein the separately collecting operation data for each application module comprises:
respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology; and
and respectively monitoring the environmental data of each application module in the operation process by using an index acquisition technology.
4. A log call chain generating apparatus, comprising:
the identification code generation module is used for generating an identification code according to the identification of the equipment where the application is located and the current time stamp;
the sequence monitoring module is used for monitoring the transmission sequence of the identification codes among the application modules; wherein, one or more operations are performed on the same application module;
the data acquisition module is used for respectively acquiring the operation data of each application module so as to generate a log based on the acquired operation data; obtaining the identification of each log according to the identification code, the identification of each application module and the operation time stamp of each application module; wherein the operation data includes internal performance data and external environment data;
and the call chain generation module is used for extracting the logs corresponding to the identification codes in each application module, and arranging and combining the extracted logs according to the transmission sequence to obtain a log call chain.
5. The apparatus of claim 4, wherein the sequential listening module is further configured to:
when the application module comprises application sub-modules, monitoring the calling sequence of each application sub-module in the application module, and sequentially transmitting the identification codes among the application sub-modules according to the calling sequence.
6. The apparatus of claim 4, wherein the data acquisition module is configured to:
respectively monitoring performance data of each application module in the operation process by utilizing a byte code instrumentation technology; and
and respectively monitoring the environmental data of each application module in the operation process by using an index acquisition technology.
7. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-3.
8. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936077.2A CN112579406B (en) | 2019-09-29 | 2019-09-29 | Log call chain generation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910936077.2A CN112579406B (en) | 2019-09-29 | 2019-09-29 | Log call chain generation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112579406A CN112579406A (en) | 2021-03-30 |
| CN112579406B true CN112579406B (en) | 2024-04-05 |
Family
ID=75111252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910936077.2A Active CN112579406B (en) | 2019-09-29 | 2019-09-29 | Log call chain generation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112579406B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115270115B (en) * | 2022-09-27 | 2023-01-10 | 北京航空航天大学 | Edge application behavior information acquisition method and system |
| CN115294203A (en) * | 2022-10-09 | 2022-11-04 | 智道网联科技(北京)有限公司 | Log processing method, apparatus and computer-readable storage medium for electronic map |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107645562A (en) * | 2017-10-12 | 2018-01-30 | 广州爱九游信息技术有限公司 | Data transmission processing method, device, equipment and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9973521B2 (en) * | 2015-12-28 | 2018-05-15 | International Business Machines Corporation | System and method for field extraction of data contained within a log stream |
-
2019
- 2019-09-29 CN CN201910936077.2A patent/CN112579406B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107645562A (en) * | 2017-10-12 | 2018-01-30 | 广州爱九游信息技术有限公司 | Data transmission processing method, device, equipment and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112579406A (en) | 2021-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11934417B2 (en) | Dynamically monitoring an information technology networked entity | |
| US11106442B1 (en) | Information technology networked entity monitoring with metric selection prior to deployment | |
| CN111522922B (en) | Log information query method and device, storage medium and computer equipment | |
| CN109660397B (en) | System, method and device for collecting logs | |
| US20190095478A1 (en) | Information technology networked entity monitoring with automatic reliability scoring | |
| CN111190888A (en) | Method and device for managing graph database cluster | |
| US8024712B1 (en) | Collecting application logs | |
| CN107957940B (en) | Test log processing method, system and terminal | |
| CN109672722B (en) | Data deployment method and device, computer storage medium and electronic equipment | |
| CN111367760B (en) | Log collection method and device, computer equipment and storage medium | |
| CN112579406B (en) | Log call chain generation method and device | |
| CN110928934A (en) | Data processing method and device for business analysis | |
| CN112306851A (en) | Automatic testing method and device | |
| CN113760730A (en) | Automatic testing method and device | |
| CN109218041B (en) | Request processing method and device for server system | |
| CN110795332A (en) | Automatic testing method and device | |
| CN110351131B (en) | Monitoring method and device for distributed link and electronic equipment | |
| CN113570347A (en) | RPA operation and maintenance method for micro-service architecture system | |
| US20230376329A1 (en) | Systems and methods for automatically generating guided user interfaces (guis) for tracking and migrating legacy networked resources within an enterprise during a technical migration | |
| CN117076250A (en) | Data processing method and device | |
| CN108984221B (en) | Method and device for acquiring multi-platform user behavior logs | |
| CN111435326A (en) | Method and device for analyzing crash logs | |
| CN114579415A (en) | Method, device, equipment and medium for configuring and acquiring buried point data | |
| CN113760693A (en) | Method and apparatus for local debugging of microservice systems | |
| CN112988560A (en) | Method and device for testing system robustness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |