CN112631996A - Log searching method and device - Google Patents
Log searching method and device Download PDFInfo
- Publication number
- CN112631996A CN112631996A CN202011622703.XA CN202011622703A CN112631996A CN 112631996 A CN112631996 A CN 112631996A CN 202011622703 A CN202011622703 A CN 202011622703A CN 112631996 A CN112631996 A CN 112631996A
- Authority
- CN
- China
- Prior art keywords
- log
- query request
- target
- center
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
Abstract
The embodiment of the application discloses a log searching method and a log searching device, which are applied to a server, wherein the method comprises the following steps: receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list; determining at least one target log center sub-node corresponding to the first log query request based on the log list to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node to obtain at least one third log query request; determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe; and respectively searching corresponding target log files according to at least one third log query request based on at least one target log center probe to obtain at least one target log file. By adopting the embodiment of the application, the operation and maintenance cost is reduced.
Description
Technical Field
The application relates to the technical field of data processing, in particular to a log searching method and device.
Background
Logs are an important way to learn about computer programs. The log system is an important basis for checking specific problems, knowing system/application capacity, perceiving system bottleneck, monitoring/analyzing service data in real time, and providing real and accurate data for leaders, architects, development and operation and maintenance to make correct decisions. At present, some log query systems need a high-performance physical machine for each machine due to the complex architecture. And each computer room needs one cluster, which causes high operation and maintenance cost of the whole log query system.
Disclosure of Invention
The embodiment of the application provides a log searching method and device, which are beneficial to reducing operation and maintenance cost.
A first aspect of the embodiments of the present application provides a log search method, which is applied to a server, and includes:
receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information;
determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request;
determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe;
and respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
A second aspect of the embodiments of the present application provides a log search apparatus, which is applied to a server, and the apparatus includes: a sending unit, a determining unit, a distributing unit and a searching unit, wherein,
the sending unit is used for receiving a first log query request sent by a front end of a log center through a master node of the log center, wherein the first log query request carries a log list, and the log list is generated by the front end of the log center based on log query information;
the determining unit is configured to determine, based on the log list, at least one target log center sub-node corresponding to the first log query request, and generate a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
the distribution unit is used for distributing the at least one second log query request to the at least one target log center sub-node, generating a third log query request corresponding to each target log center sub-node, and obtaining at least one third log query request;
the determining unit is further configured to determine a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe;
and the searching unit is used for respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
A third aspect of embodiments of the present application provides a server, where the server includes a processor, an input device, an output device, and a memory, where the processor, the input device, the output device, and the memory are connected to each other, where the memory is used to store a computer program, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method according to the first aspect of embodiments of the present application.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program makes a computer perform part or all of the steps as described in the first aspect of embodiments of the present application.
A fifth aspect of embodiments of the present application provides a computer program product, wherein the computer program product comprises a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps as described in the first aspect of embodiments of the present application. The computer program product may be a software installation package.
The embodiment of the application has at least the following beneficial effects:
through the embodiment of the application, the method is applied to the server, and comprises the following steps: a first log query request sent by a log center front end can be received through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information; determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request; determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe; and respectively searching corresponding target log files according to at least one third log query request based on at least one target log center probe to obtain at least one target log file. Therefore, by deploying the log center sub-nodes of different network segments, the log search can be realized by distributing the first log query request to at least one target log center sub-node without reestablishing a network firewall, unnecessary network resource loss is reduced, and the operation and maintenance cost is favorably reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1A is a schematic architecture diagram of a log search system according to an embodiment of the present application;
fig. 1B is a schematic flowchart of a log search method according to an embodiment of the present application;
fig. 2A is a schematic flowchart of a log search method according to an embodiment of the present application;
fig. 2B is a schematic diagram of an architecture of a log search system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a log search apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
In order to better understand the embodiments of the present application, methods of applying the embodiments of the present application will be described below.
The servers mentioned in the embodiments of the present application may include, but are not limited to, a background server, a component server, a cloud server, a data distribution system server, or a data distribution software server, which are merely examples, and are not exhaustive, and include, but are not limited to, the above devices.
Referring to fig. 1A, fig. 1A is a schematic diagram of an architecture of a log search system according to an embodiment of the present disclosure, where as shown in the figure, the log search system may include a plurality of modules, such as a log center front end, a log center master node, a plurality of log center sub-nodes, and a plurality of log center probes, each module may correspond to one server, for example, each log center sub-node may correspond to one server, and each server may correspond to one offline machine room, that is, different servers may be deployed in each machine room, each server may correspond to one network segment, and service functions corresponding to each server may be different.
Furthermore, the virtual log center front-end module is used in a browser running and querying a personal computer of a user, the log center main node module is used for being deployed in a virtual machine in a virtualization platform and connected with a user office network and a service network to realize a unified log query entry, the log center sub-node module is used for being deployed in each service machine room and connected with the service server network, and the log center probe module is used for being deployed in the service server to realize the positioning and acquisition of log files through the log center probe module.
It can be seen that, by adopting the embodiment of the application, the log files do not need to be stored in a centralized manner, because the log storage is realized by deploying the log center sub-nodes of different network segments of each machine room without depending on hardware, the plurality of servers can be all virtual servers, the deployment work of the log center is completed by the virtual servers, the operation and maintenance cost can be reduced, meanwhile, when a user initiates the log query, the bandwidth is consumed, and the bandwidth consumption does not exist when the user does not query.
Referring to fig. 1B, fig. 1B is a schematic flowchart of a log search method provided in an embodiment of the present application, and the method is applied to a server, and the method includes the following steps:
101. receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information.
The embodiment of the present application may be applied to a log search system as shown in fig. 1A, where the server may manage the log search system, the log center master node may correspond to one server, and the server may be a virtual server.
The user can input the query requirement of the user into a page corresponding to the front end of the log center in the front end page, and a first log query request is generated through the front end of the log center; furthermore, the log center front-end page may send the first log query request to the log center master node, where the first log query request may carry a log list generated by the log center front end based on the log query information, and the log query information may be generated when the user initiates the log query request to the log center front end.
The log query information may include at least one of: client name, system type, component name, log name, query time, query range, query IP, etc., without limitation; the server may generate the log list based on the component name, the log name, the system type, and the like included in the log query information, where the log list may include at least one of the following: component, log name, query time, query scope, server IP, search key, hostname, etc., without limitation.
102. And determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request.
The log system comprises a plurality of log center sub-nodes, each log center sub-node can correspond to one virtual server, the log center sub-nodes can be deployed in different network segments of different machine rooms, each log center sub-node can correspond to one network segment, and the log center sub-nodes can be used as a request forwarding tool and used for shunting log query requests distributed by the log center main node.
For example, if a user needs to obtain a plurality of log files of a month, and the log files may be stored in a plurality of servers according to a time sequence, the server may determine at least one target log center sub-node according to query time included in the log list, and each target log center sub-node may correspond to a time period.
For another example, if the log list includes a host name and a server IP corresponding to a log file to be queried, and each log center sub-node may correspond to one server IP, at least one target log center sub-node corresponding to the first log query request may be determined based on the server IP.
The first log query request may include at least one query requirement, for example, log files corresponding to different application software in the same period may be queried, and each query requirement may be different; in addition, the service types corresponding to each log center sub-node are different, that is, the services of the virtual servers corresponding to the log center sub-node are different, after at least one target log center sub-node is determined, the log center main node can generate a second log query request for each target center sub-node, and the query requirements corresponding to each second log query request can be different.
In a possible example, the step 102 of determining at least one target log center sub-node corresponding to the first log query request based on the log list may include the following steps:
21. determining a service type corresponding to the first log query request based on the log list;
22. and determining at least one target log center sub-node corresponding to the service type.
The service type can be understood as a type of a service which can be provided by a virtual server corresponding to the node of the log center, and the service type may include at least one of the following: the server can classify the log center sub-nodes in advance according to service types, and each type can correspond to at least one log center sub-node; therefore, at least one target log center sub-node corresponding to the first log query request can be determined according to the service type corresponding to the first log query request. And distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request.
103. And distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request.
After determining at least one target log center sub-node to which a first log query request needs to be issued, a second log query request may be generated for each target log center sub-node, where second query information specifically carried in each second log query request may be different, and the second log query request may carry second log query information such as a host name, a server IP, a query range, and the like, which is not limited herein.
The at least one third log query request is generated after the at least one second log query request is forwarded and filtered by the at least one target log center node, and the third log query request can be sent to a subsequent target log center probe to be used for searching and acquiring the log file in the server.
In a possible example, the step 103 of generating a third log query request corresponding to each target log center node may include the following steps:
31. determining a second query time period corresponding to each second log query request to obtain at least one second query time period;
32. filtering the at least one second log query request based on the at least one second query time period to obtain at least one target second log query request;
33. determining a service type corresponding to the at least one target log center sub-node to obtain at least one service type;
34. and generating a third log query request corresponding to each target log center sub-node according to at least one target second log query request based on the at least one service type to obtain at least one third log query request.
The service type may refer to a service type corresponding to a log file that needs to be queried, and the service type may include at least one of the following: system logs, application logs, security logs, and the like, without limitation; the application log may include at least one of: shopping application logs, news application logs, browser application logs, and the like, without limitation.
The at least one target journal center sub-node receives at least one second journal query request sent by the virtual journal center main node, each second query request can carry second journal query information, and the second journal query information can correspond to the second journal query request one by one.
The target log center sub-node is used for forwarding at least one second log query request and filtering at least one second log query request when at least one third query request is generated so as to realize the firewall processing function of the log center sub-node on the second log query request.
In a specific implementation, each second log query request may include a second query time period, where the second log query time period may refer to a date of a log file to be queried, and further, based on at least one second query time period and a query time period preset by at least one log center sub-node, filtering of at least one second log query request is implemented through forwarding of at least one target log center sub-node to obtain at least one target log query request; because the corresponding service types of each target journal center sub-node are different when requesting to proxy the at least one second journal query request, after the distribution of the at least one second journal request is realized, at least one third journal query request that needs to be continuously issued by each target journal center sub-node to the at least one target journal center probe is generated based on the service type corresponding to each target journal center sub-node and after the request for the at least one target second journal query request is forwarded, and the third journal query request is used for acquiring a specific journal file by the at least one target journal center probe.
104. And determining target log center probes respectively corresponding to the at least one target log center sub-node to obtain at least one target log center probe.
The server can set a log center probe for each log center sub-node, and a plurality of log center probes can be correspondingly arranged corresponding to a plurality of log center sub-nodes included in the server, so that the target log center probe can be used for scheduling system resources to avoid excessive consumption of the service server resources and influence on the load capacity of the service system.
In a specific implementation, the target log center probe may query and search log information in a server where the target log center probe is located according to a service parameter carried in the third log query request, where the service parameter may include at least one of the following: traffic type, query time, log level, log type, etc., without limitation.
105. And respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
The target log center probe runs in a service application server, and the classification of service requirements is realized by using the computing resources of the service application server.
Optionally, after obtaining at least one target log file, in this embodiment of the application, the log search system shown in fig. 1A may return a result of a third log query request returned by a log center probe corresponding to each application server to the log center master node.
In one possible example, in step 105, the third log query request includes: a third query time period and query keywords; based on the at least one target log center probe, respectively searching and obtaining corresponding target log files according to the at least one third log query request to obtain at least one target log file, which may include the following steps:
51. obtaining a calling certificate corresponding to each target log center probe to obtain at least one calling certificate;
52. initializing the at least one target log-centric probe;
53. based on the at least one calling certificate, positioning to obtain at least one log block according to the at least one third query time period carried in the at least one third log query request, wherein each third log query request corresponds to one log block;
54. and searching the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file, wherein each third log query request corresponds to at least one target log file.
When the target log file is called through at least one target log center probe, the target log file can be called through a specific calling certificate, then the target log center probe can initialize a server instruction, then query instructions corresponding to a third query request are respectively input, log blocks are positioned according to a third query time period to obtain at least one log block, finally, specific log positioning can be achieved on the basis of query keywords, and finally the target log file is obtained to obtain at least one target log file.
In a possible example, in the step 53, locating at least one log block according to the at least one third query time period carried in the at least one third log query request may include the following steps:
determining a starting file position and an ending file position according to the third query time period i carried in the third log query request i to obtain a plurality of log files between the starting file position and the ending file position, wherein the plurality of log files form the log block i, the third log query request i is any one of the at least one third log query request, and the log block i is any one of the at least one log block.
The server can search and find the starting file position and the ending file position in the server through the corresponding target log probe based on any query time period i, and obtain a plurality of log files existing in the two file positions, so that the log blocks corresponding to at least one third log query request respectively can be obtained, and at least one log block can be obtained.
In a possible example, in step 54, the searching for at least one target log file in the at least one log block according to the at least one query keyword carried in the at least one third log query request may include the following steps:
and screening the plurality of log files according to the query keyword i carried in the third log query request i to obtain at least one target log file corresponding to the third log query request i.
After the log block is obtained, the log file to be obtained by the third log query request exists in the log block, and because the log block includes a plurality of log files, in order to accurately locate the position of the required target log file, at least one target log file corresponding to the third log query request i can be obtained by screening the plurality of log files based on the query keyword i carried in the third log query request i, so that at least one target log file corresponding to at least one third log query request can be obtained.
Optionally, in order to ensure the security and privacy of data, the log file may be stored in a block chain and stored in a node of the block chain, and it should be noted that the block chain in the embodiment of the present application is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The log searching method described in the embodiment of the application can be seen in a server, and can be used for receiving a first log query request sent by a front end of a log center through a master node of the log center, wherein the first log query request carries a log list, and the log list is generated by the front end of the log center based on log query information; determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request; determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe; and respectively searching corresponding target log files according to at least one third log query request based on at least one target log center probe to obtain at least one target log file. Therefore, by deploying the log center sub-nodes of different network segments, the log search can be realized by distributing the first log query request to at least one target log center sub-node without reestablishing a network firewall, unnecessary network resource loss is reduced, and the operation and maintenance cost is favorably reduced.
In accordance with the above, please refer to fig. 2A, fig. 2A is a flowchart illustrating a log search method disclosed in an embodiment of the present application, and the log search method is applied to a server, and the log search method may include the following steps:
201. receiving a fourth log query request initiated by a user through a page at the front end of the log center, where the fourth log query request carries log query information, and the log query information includes: a first query time period.
The fourth log query request may be initiated by a user through a front-end page of the log center, and the log query information may include at least one of: a first query time period, a server IP, a query scope, a client name, etc., without limitation.
202. And generating the log list based on the log query information, generating the first log query request through the front end of the log center, and sending the first log query request to the log center main node.
In order to facilitate subsequent log search, a log list which can be identified by the server can be generated based on the log query information, and the log list can include the log query information. The front end of the log center can generate a first log query request based on the log list and send the first log query request to the log center master node, so that the log center master node completes distribution of data according to the log query request based on the log list, and the target log file can be searched subsequently.
203. And determining the query type corresponding to the log query request based on the first query time period.
The server can preset a query type, and the query type can include at least one of the following types: history type, real-time type, etc., without limitation; the real-time type can be a query type corresponding to log query when a user performs system recovery or system diagnosis problem tracking; the history type may be a query type corresponding to a log file corresponding to a history time period queried by a user.
204. Receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information.
The log search method described in step 204 may specifically refer to corresponding step 101 in the log search method described in fig. 1B.
205. And if the query type is not a preset type, executing the step of determining at least one target log center sub-node corresponding to the first log query request based on the log list.
In this embodiment, the preset type may be a history type, and when it is determined that the query type corresponding to the first log query request is not the history type, the log center master node may send the first log query request to at least one target log center sub-node corresponding to a different network segment, and may perform a subsequent step of distributing the first log query request to the at least one log center sub-node.
206. And determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request.
207. And distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request.
208. And determining target log center probes respectively corresponding to the at least one target log center sub-node to obtain at least one target log center probe.
209. And respectively searching corresponding log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one log file.
The log search method described in the foregoing steps 206 to 209 may specifically refer to corresponding steps 102 to 105 in the log search method described in fig. 1B.
210. And if the query type is the preset type, sending the first log query request to a preset platform through the log center main node, and returning a processing result corresponding to the first log query request to the log center main node through the preset platform.
As shown in fig. 2B, the architecture diagram of a log search system may further include a preset platform based on the system architecture diagram shown in fig. 1A, where the preset platform may be a hive platform or a block chain, and may be used to store a history log file.
If the query type is a history type, the log center main node sends a first log query request to the hive platform, and the hive platform returns a processing result corresponding to the first log query request to the log center main node; the hive platform is a data warehouse tool based on Hadoop and used for data extraction, conversion and loading, and is a mechanism capable of storing, inquiring and analyzing large-scale data stored in Hadoop.
It can be seen that the log search method described in the embodiment of the present application is applied to a server, and receives a fourth log query request initiated by a user through a page at the front end of a log center, where the fourth log query request carries log query information, and the log query information includes: a first query time period. Generating a log list based on the log query information, generating a first log query request through the front end of a log center, and sending the first log query request to a log center main node; determining a query type corresponding to the log query request based on the first query time period; receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information; if the query type is not the preset type, executing a step of determining at least one target log center sub-node corresponding to the first log query request based on the log list; determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request; determining target log center probes respectively corresponding to at least one target log center sub-node to obtain at least one target log center probe; and if the query type is a preset type, sending the first log query request to a preset platform through the log center main node, and returning a processing result corresponding to the first log query request to the log center main node through the preset platform. Therefore, the log files can be respectively stored in different platforms based on the query types of the log files, and management of the log files is facilitated.
In accordance with the above, please refer to fig. 3, fig. 3 is a schematic structural diagram of a server according to an embodiment of the present application, and as shown in fig. 3, the server includes a processor, a communication interface, a memory and one or more programs, the processor, the communication interface and the memory are connected to each other, where the memory is used for storing a computer program, the computer program includes program instructions, the processor is configured to call the program instructions, and the one or more program programs include instructions for performing the following steps:
receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information;
determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request;
determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe;
and respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
It can be seen that, the server described in the embodiment of the present application may receive, by using the master node of the log center, a first log query request sent by the front end of the log center, where the first log query request carries a log list, and the log list is generated by the front end of the log center based on log query information; determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request; determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe; and respectively searching corresponding target log files according to at least one third log query request based on at least one target log center probe to obtain at least one target log file. Therefore, by deploying the log center sub-nodes of different network segments, the log search can be realized by distributing the first log query request to at least one target log center sub-node without reestablishing a network firewall, unnecessary network resource loss is reduced, and the operation and maintenance cost is favorably reduced.
In one possible example, the program is further for instructions to perform the steps of:
receiving a fourth log query request initiated by a user through a page at the front end of the log center, where the fourth log query request carries log query information, and the log query information includes: a first query time period;
generating the log list based on the log query information, generating the first log query request through the front end of the log center, and sending the first log query request to the log center main node;
determining a query type corresponding to the log query request based on the first query time period;
and if the query type is not a preset type, executing the step of determining at least one target log center sub-node corresponding to the first log query request based on the log list.
In one possible example, after the determining the query type corresponding to the log query request based on the first query time period, the program is further configured to execute the instructions of:
and if the query type is the preset type, sending the first log query request to a preset platform through the log center main node, and returning a processing result corresponding to the first log query request to the log center main node through the preset platform.
In one possible example, in the determining at least one target log central sub-node corresponding to the first log query request based on the log list, the program is to perform the instructions of:
determining a service type corresponding to the first log query request based on the log list;
and determining at least one target log center sub-node corresponding to the service type.
In one possible example, in generating a third log query request corresponding to each target log-centric sub-node, the program is for executing the instructions of:
determining a second query time period corresponding to each second log query request to obtain at least one second query time period;
filtering the at least one second log query request based on the at least one second query time period to obtain at least one target second log query request;
determining a service type corresponding to the at least one target log center sub-node to obtain at least one service type;
and generating a third log query request corresponding to each target log center sub-node according to at least one target second log query request based on the at least one service type to obtain at least one third log query request.
In one possible example, the third log query request includes: a third query time period and query keywords;
in the aspect that the target log file is obtained by respectively searching for corresponding target log files according to the at least one third log query request based on the at least one target log center probe, and obtaining at least one target log file, the program is used for executing the following steps:
obtaining a calling certificate corresponding to each target log center probe to obtain at least one calling certificate;
initializing the at least one target log-centric probe;
based on the at least one calling certificate, positioning to obtain at least one log block according to the at least one third query time period carried in the at least one third log query request, wherein each third log query request corresponds to one log block;
and searching the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file, wherein each third log query request corresponds to at least one target log file.
In one possible example, in the aspect of locating at least one log block according to the at least one third query time period carried in the at least one third log query request, the program is configured to execute the following instructions:
determining a starting file position and an ending file position according to a third query time period i carried in a third log query request i to obtain a plurality of log files between the starting file position and the ending file position, wherein the log files form a log block i, the third log query request i is any one of the at least one third log query request, and the log block i is any one of the at least one log block;
the searching in the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file includes:
and screening the plurality of log files according to the query keyword i carried in the third log query request i to obtain at least one target log file corresponding to the third log query request i.
The above description has introduced the solution of the embodiment of the present application mainly from the perspective of the method-side implementation process. It is understood that the server includes hardware structures and/or software modules for performing the respective functions in order to implement the above-described functions. Those of skill in the art will readily appreciate that the present application is capable of hardware or a combination of hardware and computer software implementing the various illustrative elements and algorithm steps described in connection with the embodiments provided herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the server may be divided into the functional units according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
In accordance with the above, please refer to fig. 4, fig. 4 is a schematic structural diagram of a log search apparatus disclosed in the embodiment of the present application, which is applied to a server, and the apparatus includes: a sending unit 401, a determining unit 402, a distributing unit 403, and a searching unit 404, wherein,
the sending unit 401 is configured to receive, by a log center master node, a first log query request sent by a log center front end, where the first log query request carries a log list, and the log list is generated by the log center front end based on log query information;
the determining unit 402 is configured to determine, based on the log list, at least one target log center sub-node corresponding to the first log query request, and generate a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
the distributing unit 403 is configured to distribute the at least one second log query request to the at least one target log central sub-node, and generate a third log query request corresponding to each target log central sub-node, so as to obtain at least one third log query request;
the determining unit 402 is further configured to determine a target log center probe corresponding to each target log center sub-node, so as to obtain at least one target log center probe;
the searching unit 404 is configured to search, based on the at least one target log center probe, corresponding target log files according to the at least one third log query request, respectively, so as to obtain at least one target log file.
The log search device described in the embodiment of the present application is applied to a server, and can receive a first log query request sent by a front end of a log center through a master node of the log center, where the first log query request carries a log list, and the log list is generated by the front end of the log center based on log query information; determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request; distributing at least one second log query request to at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request; determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe; and respectively searching corresponding target log files according to at least one third log query request based on at least one target log center probe to obtain at least one target log file. Therefore, by deploying the log center sub-nodes of different network segments, the log search can be realized by distributing the first log query request to at least one target log center sub-node without reestablishing a network firewall, unnecessary network resource loss is reduced, and the operation and maintenance cost is favorably reduced.
In a possible example, in the aspect of determining at least one target log center sub-node corresponding to the first log query request based on the log list, the determining unit 402 is specifically configured to:
determining a service type corresponding to the first log query request based on the log list;
and determining at least one target log center sub-node corresponding to the service type.
In a possible example, in the aspect of generating a third log query request corresponding to each target log center sub-node, the determining unit 402 is further specifically configured to:
determining a second query time period corresponding to each second log query request to obtain at least one second query time period;
filtering the at least one second log query request based on the at least one second query time period to obtain at least one target second log query request;
determining a service type corresponding to the at least one target log center sub-node to obtain at least one service type;
and generating a third log query request corresponding to each target log center sub-node according to at least one target second log query request based on the at least one service type to obtain at least one third log query request.
In one possible example, the third log query request includes: a third query time period and query keywords;
in the aspect that, based on the at least one target log center probe, corresponding target log files are respectively obtained by searching according to the at least one third log query request, so as to obtain at least one target log file, the searching unit 404 is specifically configured to:
obtaining a calling certificate corresponding to each target log center probe to obtain at least one calling certificate;
initializing the at least one target log-centric probe;
based on the at least one calling certificate, positioning to obtain at least one log block according to the at least one third query time period carried in the at least one third log query request, wherein each third log query request corresponds to one log block;
and searching the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file, wherein each third log query request corresponds to at least one target log file.
In a possible example, in the aspect that, based on the at least one target log center probe, corresponding target log files are respectively obtained by searching according to the at least one third log query request, so as to obtain at least one target log file, the searching unit 404 is specifically configured to:
determining a starting file position and an ending file position according to a third query time period i carried in a third log query request i to obtain a plurality of log files between the starting file position and the ending file position, wherein the log files form a log block i, the third log query request i is any one of the at least one third log query request, and the log block i is any one of the at least one log block;
the searching in the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file includes:
and screening the plurality of log files according to the query keyword i carried in the third log query request i to obtain at least one target log file corresponding to the third log query request i.
Embodiments of the present application also provide a computer-readable storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program enables a computer to execute part or all of the steps of any one of the log search methods as described in the above method embodiments.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer-readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any one of the log search methods as recited in the above method embodiments.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may be implemented in the form of a software program module.
The integrated units, if implemented in the form of software program modules and sold or used as stand-alone products, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned memory comprises: various media capable of storing program codes, such as a usb disk, a read-only memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and the like.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash disk, ROM, RAM, magnetic or optical disk, and the like.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A log searching method is applied to a server and comprises the following steps:
receiving a first log query request sent by a log center front end through a log center main node, wherein the first log query request carries a log list, and the log list is generated by the log center front end based on log query information;
determining at least one target log center sub-node corresponding to the first log query request based on the log list, and generating a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
distributing the at least one second log query request to the at least one target log center sub-node, and generating a third log query request corresponding to each target log center sub-node to obtain at least one third log query request;
determining a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe;
and respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
2. The method of claim 1, further comprising:
receiving a fourth log query request initiated by a user through a page at the front end of the log center, where the fourth log query request carries log query information, and the log query information includes: a first query time period;
generating the log list based on the log query information, generating the first log query request through the front end of the log center, and sending the first log query request to the log center main node;
determining a query type corresponding to the log query request based on the first query time period;
and if the query type is not a preset type, executing the step of determining at least one target log center sub-node corresponding to the first log query request based on the log list.
3. The method of claim 2, wherein after the determining the query type corresponding to the log query request based on the first query time period, the method further comprises:
and if the query type is the preset type, sending the first log query request to a preset platform through the log center main node, and returning a processing result corresponding to the first log query request to the log center main node through the preset platform.
4. The method according to claim 1, wherein the determining at least one target log center sub-node corresponding to the first log query request based on the log list comprises:
determining a service type corresponding to the first log query request based on the log list;
and determining at least one target log center sub-node corresponding to the service type.
5. The method according to claim 1 or 4, wherein the generating of the third log query request corresponding to each target log center subsection comprises:
determining a second query time period corresponding to each second log query request to obtain at least one second query time period;
filtering the at least one second log query request based on the at least one second query time period to obtain at least one target second log query request;
determining a service type corresponding to the at least one target log center sub-node to obtain at least one service type;
and generating a third log query request corresponding to each target log center sub-node according to at least one target second log query request based on the at least one service type to obtain at least one third log query request.
6. The method of claim 1, wherein the third log query request comprises: a third query time period and query keywords;
the step of respectively searching for corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file comprises:
obtaining a calling certificate corresponding to each target log center probe to obtain at least one calling certificate;
initializing the at least one target log-centric probe;
based on the at least one calling certificate, positioning to obtain at least one log block according to the at least one third query time period carried in the at least one third log query request, wherein each third log query request corresponds to one log block;
and searching the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file, wherein each third log query request corresponds to at least one target log file.
7. The method of claim 6, wherein the locating at least one log block according to the at least one third query time period carried in the at least one third log query request comprises:
determining a starting file position and an ending file position according to a third query time period i carried in a third log query request i to obtain a plurality of log files between the starting file position and the ending file position, wherein the log files form a log block i, the third log query request i is any one of the at least one third log query request, and the log block i is any one of the at least one log block;
the searching in the at least one log block according to the at least one query keyword carried in the at least one third log query request to obtain at least one target log file includes:
and screening the plurality of log files according to the query keyword i carried in the third log query request i to obtain at least one target log file corresponding to the third log query request i.
8. A log search device applied to a server, the device comprising: a sending unit, a determining unit, a distributing unit and a searching unit, wherein,
the sending unit is used for receiving a first log query request sent by a front end of a log center through a master node of the log center, wherein the first log query request carries a log list, and the log list is generated by the front end of the log center based on log query information;
the determining unit is configured to determine, based on the log list, at least one target log center sub-node corresponding to the first log query request, and generate a second log query request corresponding to each target log center sub-node to obtain at least one second log query request;
the distribution unit is used for distributing the at least one second log query request to the at least one target log center sub-node, generating a third log query request corresponding to each target log center sub-node, and obtaining at least one third log query request;
the determining unit is further configured to determine a target log center probe corresponding to each target log center sub-node to obtain at least one target log center probe;
and the searching unit is used for respectively searching corresponding target log files according to the at least one third log query request based on the at least one target log center probe to obtain at least one target log file.
9. A server comprising a processor, an input device, an output device, and a memory, the processor, the input device, the output device, and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any of claims 1-7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to carry out the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011622703.XA CN112631996A (en) | 2020-12-30 | 2020-12-30 | Log searching method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011622703.XA CN112631996A (en) | 2020-12-30 | 2020-12-30 | Log searching method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112631996A true CN112631996A (en) | 2021-04-09 |
Family
ID=75287361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011622703.XA Pending CN112631996A (en) | 2020-12-30 | 2020-12-30 | Log searching method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112631996A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116340296A (en) * | 2023-05-30 | 2023-06-27 | 南方电网数字电网研究院有限公司 | Multi-source data fusion and unified information model construction method based on data probes |
-
2020
- 2020-12-30 CN CN202011622703.XA patent/CN112631996A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116340296A (en) * | 2023-05-30 | 2023-06-27 | 南方电网数字电网研究院有限公司 | Multi-source data fusion and unified information model construction method based on data probes |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10560465B2 (en) | Real time anomaly detection for data streams | |
| WO2022022477A1 (en) | Management operation and maintenance platform and data processing method | |
| US9313281B1 (en) | Method and system for creating and dynamically deploying resource specific discovery agents for determining the state of a cloud computing environment | |
| CN109818934B (en) | Method and device for automatically processing logs and computing equipment | |
| EP3525422B1 (en) | Routing for large server deployments | |
| CN111258978B (en) | Data storage method | |
| US20130297803A1 (en) | Method for providing development and deployment services using a cloud-based platform and devices thereof | |
| US20150195143A1 (en) | Discovering resources of a distributed computing environment | |
| CN111338893A (en) | Process log processing method and device, computer equipment and storage medium | |
| US10182104B1 (en) | Automatic propagation of resource attributes in a provider network according to propagation criteria | |
| CN106547790B (en) | Relational database service system | |
| CN112948723A (en) | Interface calling method and device and related equipment | |
| CN109560940B (en) | Charging method and device for content delivery network CDN service | |
| CN112631996A (en) | Log searching method and device | |
| WO2018188607A1 (en) | Stream processing method and device | |
| CN111600755B (en) | Internet access behavior management system and method | |
| CN110928594A (en) | Service development method and platform | |
| CN117389830A (en) | Cluster log acquisition method and device, computer equipment and storage medium | |
| US20170270207A1 (en) | Providing modified protocol responses | |
| US10834070B1 (en) | Remote logging agent for accessing application server log data | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN115392501A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| US11258860B2 (en) | System and method for bot detection and classification | |
| JP2023538941A (en) | Intelligent backup and restore of containerized environments | |
| TW202315360A (en) | Microservice allocation method, electronic equipment, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |