CN113268399B - Alarm processing method and device and electronic equipment - Google Patents
Alarm processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN113268399B CN113268399B CN202110660246.1A CN202110660246A CN113268399B CN 113268399 B CN113268399 B CN 113268399B CN 202110660246 A CN202110660246 A CN 202110660246A CN 113268399 B CN113268399 B CN 113268399B
- Authority
- CN
- China
- Prior art keywords
- alarm
- alarm information
- convergence
- rule
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
Abstract
The embodiments of the present specification provide an alarm processing method, which obtains multiple pieces of original alarm information by constructing multiple convergence rules, performs convergence rule matching on the original alarm information, performs alarm information convergence processing according to the matched convergence rules, and performs alarm processing according to the converged alarm information. Through the automatic matching mode, the original alarm information is respectively matched with the adaptive convergence rules, the multiple convergence rules show multiple convergence directions, different association characteristics of different original alarm information are considered, the convergence effect is improved, and therefore the accuracy of alarm positioning can be improved.
Description
Technical Field
The present application relates to the field of computers, and in particular, to an alarm processing method and apparatus, and an electronic device.
Background
With the development of I T environments such as big data, cloud computing and the like, I T of enterprises and application environments thereof are increasingly large and complex, so that the quantity of alarm information generated continuously is huge, and the sources are various, and thus an 'alarm storm' can be caused frequently. The alarm storm means that a large amount of alarm messages are generated by a system in a short time, so that operation and maintenance personnel are tired, a large amount of time is consumed for troubleshooting and processing problems, and the operation and maintenance efficiency is greatly reduced.
However, some of these alarm messages are caused by some same factors and have a certain correlation with each other, so some applications eliminate irrelevant, repeated and not serious alarm interference by converging the alarm messages at present. However, these application systems often adopt a simple and single method for alarm convergence, and the positioning accuracy of the alarm is low.
There is a need to provide a new alarm processing method to improve the positioning accuracy of the alarm.
Disclosure of Invention
The embodiment of the specification provides an alarm processing method and device and electronic equipment, and is used for improving the positioning accuracy of an alarm.
An embodiment of the present specification provides an alarm processing method, including:
constructing a plurality of convergence rules;
acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information, and performing convergence processing on the alarm information according to the matched convergence rules;
and performing alarm processing according to the converged alarm information.
Optionally, the matching of the convergence rule to the original alarm information and the convergence processing of the alarm information according to the matched convergence rule include:
and judging whether the original alarm information is a multi-device multi-port alarm event or not, and if so, converging the original alarm information by using a convergence rule based on physical topology.
Optionally, the performing convergence processing on the alarm information according to the matched convergence rule further includes:
and delaying the plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
Optionally, the performing convergence processing on the alarm information according to the matched convergence rule further includes:
and carrying out attenuation conversion on the alarm information according to a preset periodic attenuation rule, and carrying out alarm processing by using the converted alarm information, or carrying out alarm processing by using the converted alarm information and combining the alarm processing to obtain the converged alarm information.
Optionally, the period decay rule has a plurality of periods, each period level decreasing stepwise.
Optionally, the method further comprises:
and deriving according to the original alarm information, and performing alarm processing by combining the derived alarm information.
Optionally, the deriving according to the original alarm information includes:
and generating missing alarm information by combining the original alarm information according to the association rule of the alarm.
Optionally, the method further comprises:
and performing multi-attribute detection on the alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule, and if so, generating original alarm information.
Optionally, the combination threshold rule has thresholds for a plurality of attributes, and an operation identifier that logically combines the thresholds for the plurality of attributes.
Optionally, the performing multi-attribute detection on the alarm object includes:
the state attribute information of the physical link is detected, and/or the state attribute information of the call link is detected.
An embodiment of the present specification further provides an alarm processing apparatus, including:
the rule module is used for constructing various convergence rules;
the convergence module is used for acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information and carrying out convergence processing on the alarm information according to the matched convergence rules;
and the alarm module is used for carrying out alarm processing according to the alarm information after convergence.
Optionally, the performing convergence processing on the alarm information according to the matched convergence rule further includes:
and delaying the plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
Optionally, the performing convergence processing on the alarm information according to the matched convergence rule further includes:
and carrying out attenuation conversion on the alarm information according to a preset periodic attenuation rule, and carrying out alarm processing by using the converted alarm information, or carrying out alarm processing by using the converted alarm information and combining the alarm processing to obtain the converged alarm information.
Optionally, the period decay rule has a plurality of periods, each period level decreasing stepwise.
Optionally, the method further comprises:
and deriving according to the original alarm information, and performing alarm processing by combining the derived alarm information.
Optionally, the deriving according to the original alarm information includes:
and generating missing alarm information by combining the original alarm information according to the association rule of the alarm.
Optionally, the method further comprises:
and performing multi-attribute detection on the alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule, and if so, generating original alarm information.
Optionally, the combination threshold rule has thresholds for a plurality of attributes, and an operation identifier that logically combines the thresholds for the plurality of attributes.
Optionally, the performing multi-attribute detection on the alarm object includes:
the state attribute information of the physical link is detected, and/or the state attribute information of the call link is detected.
An embodiment of the present specification further provides an electronic device, where the electronic device includes:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform any of the methods described above.
The present specification also provides a computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement any of the above methods.
In the various technical solutions provided in the embodiments of the present description, multiple pieces of original alarm information are obtained by constructing multiple convergence rules, the original alarm information is subjected to matching of the convergence rules, the alarm information is subjected to convergence processing according to the matched convergence rules, and the alarm processing is performed according to the converged alarm information. Through the automatic matching mode, the original alarm information is respectively matched with the adaptive convergence rules, the multiple convergence rules show multiple convergence directions, different association characteristics of different original alarm information are considered, the convergence effect is improved, and therefore the accuracy of alarm positioning can be improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram illustrating an alarm processing method according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of an alarm processing apparatus provided in an embodiment of the present specification;
fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
Detailed Description
Exemplary embodiments of the present invention will now be described more fully with reference to the accompanying drawings. The exemplary embodiments, however, may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the invention to those skilled in the art. The same reference numerals denote the same or similar elements, components, or parts in the drawings, and thus their repetitive description will be omitted.
Features, structures, characteristics or other details described in a particular embodiment do not preclude the fact that the features, structures, characteristics or other details may be combined in a suitable manner in one or more other embodiments in accordance with the technical idea of the invention.
In describing particular embodiments, the present invention has been described with reference to features, structures, characteristics or other details that are within the purview of one skilled in the art to provide a thorough understanding of the embodiments. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific features, structures, characteristics, or other details.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The term "and/or" and/or "includes all combinations of any one or more of the associated listed items.
Fig. 1 is a schematic diagram of an alarm processing method provided in an embodiment of the present disclosure, where the method may include:
s101: and constructing a plurality of convergence rules.
If the alarm convergence cannot be timely and accurately carried out and the irrelevant, repeated and non-serious alarm interference cannot be eliminated, operation and maintenance personnel face various large alarm messages with large quantity, and are difficult to find the root cause problem at the first time, so that the fault processing time is delayed, and further potential risks and loss are brought to business operation.
Wherein, constructing a plurality of convergence rules may include:
and constructing an alarm suppression rule, an alarm association rule and an alarm combination rule.
The alarm suppression rule is used for delaying, deleting and degrading alarm information.
The alert association rules may automatically identify associated alert information.
The alarm merging rule may merge similar alarm information into one piece of alarm information, such as a fault alarm of the access switch, and convert or derive the alarm information of the server and the application thereof directly connected to the port.
In addition, derivative rules can be constructed, including frequent pattern growth rules, causal rules, jitter and mutation anomaly detection rules, for processing alarm information.
S102: acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information, and performing convergence processing on the alarm information according to the matched convergence rules.
Alarm information is often captured or detected after penetrating through a plurality of paths or nodes, so that source location is often performed in a segmented mode, and if segmentation and path division detection and analysis can be performed according to information links and communication links, the fault point where a fault really occurs in the links can be accurately given, and therefore accurate alarm is achieved.
Therefore, the state of each node of each resource can be detected hop-by-hop and end-by-end based on the physical topology, and the availability and the time delay of the detection service can be tracked hop-by-hop and end-by-end based on the calling (logic) link.
In view of the fact that there are various conditions that may cause the occurrence of alarm jitter, in an embodiment of the present specification, the method may further include: and carrying out jitter monitoring.
Specifically, index values such as connectivity, delay, throughput, utilization rate, and the like may be monitored.
Therefore, the method can identify the on-off of the private line, the jitter of the private line flow, the abnormity of the network port, the alternate on-off of the connectivity check and the frequent change of the resource utilization rate above and below the threshold value.
Considering that the alarm of other uplink devices is caused by the failure of the physically connected access network device, and the monitoring system receives a plurality of related alarm information, but the plurality of alarms are all originated from one device failure and are related original alarm information, so the plurality of original alarm information can be merged into one original alarm information.
Therefore, in the embodiment of this specification, the matching of the convergence rule to the original alarm information and the convergence processing of the alarm information according to the matched convergence rule include:
and judging whether the original alarm information is a multi-device multi-port alarm event or not, and if so, converging the original alarm information by using a convergence rule based on physical topology.
The source alarm information can be identified according to the link subordination relation of a plurality of pieces of original alarm information.
However, the physical topology is not relied upon for single device multiport related event aggregation.
Considering that when some faults occur, a plurality of alarm messages are thrown out in sequence, and the alarm messages are received with a certain time difference due to network delay, monitoring system performance and other reasons, the monitoring system is required to receive the alarms in a delay manner so as to completely receive all the related alarm messages, and then the alarm messages are uniformly compressed and converged to form one alarm message.
Therefore, in this embodiment of this specification, the convergence processing of the alarm information is performed according to the matched convergence rule, and the method may further include:
and delaying the plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
In this embodiment of this specification, the method may further include, according to the matched convergence rule, performing convergence processing on the alarm information:
carrying out attenuation conversion on the alarm information according to a preset periodic attenuation rule;
and performing alarm processing by using the converted alarm information, or performing alarm processing by using the converted alarm information and combining to obtain the converged alarm information.
In the embodiment of the present specification, the period decay rule has a plurality of periods, and the level of each period is gradually decreased.
In specific implementation, a plurality of alarm levels may be set, such as: severe, primary, secondary, warning, unknown and normal events, automatically downgrade the alarm information.
In a practical scenario, the method can automatically step down the medium or low level alarms by one level within a specified time (typically defined as 10 minutes) until the alarm list is removed.
The performance management is an important component of monitoring management, and the threshold management is an important means of active alarm processing. Different from most other systems, the management of combination threshold is supported, and an unlimited combination threshold mechanism is supported, namely a threshold index value composed of a plurality of logic relations is calculated aiming at a batch of performance index values, and then threshold alarm information is given instead of single threshold breakthrough alarm; for example: only when the CPU utilization rate is more than 60 percent and the memory utilization rate is more than 70 percent, the serious alarm information is given.
The combination threshold rule may be constructed using operation identifiers, such as: and, or, greater than, less than, equal to, not equal to.
Therefore, in the embodiment of the present specification, the method may further include:
and performing multi-attribute detection on the alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule, and if so, generating original alarm information.
In an embodiment of the present specification, the combination threshold rule has thresholds for a plurality of attributes, and an operation identifier that logically combines the thresholds for the plurality of attributes.
In an embodiment of this specification, the performing multi-attribute detection on an alarm object includes:
the state attribute information of the physical link is detected, and/or the state attribute information of the call link is detected.
S103: and performing alarm processing according to the converged alarm information.
Multiple pieces of original alarm information are obtained by constructing multiple convergence rules, the convergence rules of the original alarm information are matched, the convergence processing of the alarm information is carried out according to the matched convergence rules, and the alarm processing is carried out according to the converged alarm information. Through the automatic matching mode, the original alarm information is respectively matched with the adaptive convergence rules, the multiple convergence rules show multiple convergence directions, different association characteristics of different original alarm information are considered, the convergence effect is improved, and therefore the accuracy of alarm positioning can be improved.
Considering that in practical application, the situation that an alarm is inaccurate or absent due to a fault may occur, and the state of the alarm progress is unknown or uncertain after convergence, as mentioned above, waiting (delaying) merging processing is performed, if no subsequent alarm information is received all the time, the subsequent alarm information cannot be ignored and only the received alarm information is processed, and at this time, a new alarm should be derived (derived) for the alarm absence situation to notify the occurrence of the alarm absence situation.
In an embodiment of the present specification, the method may further include:
and deriving according to the original alarm information, and performing alarm processing by combining the derived alarm information.
Specifically, the alarm derivation method may include: jitter derivation, missing derivation, topology merging derivation, tag merging derivation.
In an embodiment of this specification, the deriving according to the original alarm information includes:
and generating missing alarm information by combining the original alarm information according to the association rule of the alarm.
Wherein, according to the alarm information after convergence, the alarm processing comprises:
and carrying out exception positioning according to the converged alarm information, and processing the exception.
Therefore, massive warning information can be effectively converged and root-source positioned to help monitoring operation and maintenance personnel to quickly respond and handle the fault event, so that stable operation of the service and the system is guaranteed, and possible risks and losses caused by service operation are avoided or reduced.
In specific implementation, the method comprises the steps of firstly receiving original alarm information, obtaining topology data, judging whether an alarm node has a physical topology, if so, collecting the alarm information of the designated type of the uplink node and the downlink node collected in the designated time, merging the alarm information by taking the intermediate node as a root node, and finally carrying out alarm notification and filing.
And if the matched alarm convergence rule is a delay rule, collecting subsequent alarm information within the specified time, combining alarms by taking the initial time node as a root node, and finally carrying out alarm notification and archiving.
If the degradation convergence rule is matched, actively starting active degradation and a degradation time period, carrying out gradual degradation on the alarm information exceeding the period, and if the degradation is carried out to normal time, putting in historical alarm information.
Detecting and checking a network node according to a period for a certain network device, a server or an application which is critical, if a combination threshold rule is satisfied, sending the network node to an alarm center, and if the alarm center receives alarm information continuously for multiple times, deriving the alarm information: the probe to the network node fails.
Detecting the delay time of a transmission line of a node continuously according to a preset time interval, comparing the delay time with the delay time detected in the historical time interval, and if the delay time continuously exceeds a threshold value for multiple times, generating alarm information: the node experiences delay jitter.
And continuously detecting the utilization rate of various resources for the nodes according to preset time intervals according to preset performance data attribute parameters, if a combined threshold rule is met, generating multi-attribute alarm information, if the combined threshold rule is not met, continuing to detect, and if a single threshold rule is met, generating single-attribute alarm information.
In embodiments of the present specification, a network topology may have an access layer, a convergence layer, and a core layer. The access layer has an access layer switch, the convergence layer has a convergence switch, the core layer has a core switch, and the convergence switch communicates with the access layer switch and the core switch as an intermediary.
Therefore, the performance of the aggregation switch can be directly detected, and thus, when the access layer switch fails, the detection can still be carried out.
The above embodiments automatically match the alarm information with the constructed convergence rule by constructing various convergence rules and analyzing the correlation, and take different convergence dimensions into account, so that the embodiments can automatically adapt to the respective convergence characteristics of different alarm information in the manner of converging the alarm information. During specific analysis processing, automatic relevance combination, automatic alarm degradation, relevance alarm derivation, alarm jitter detection and link tracking are carried out, so that high convergence can be carried out on massive alarm information to the greatest extent, and root cause positioning can be carried out. Therefore, the centralized, rapid and effective convergence and accurate alarm can be carried out on the massive alarm information.
Fig. 2 is a schematic structural diagram of an alarm processing apparatus provided in an embodiment of this specification, where the apparatus may include:
a rule module 201, which constructs a plurality of convergence rules;
the convergence module 202 is used for acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information, and performing convergence processing on the alarm information according to the matched convergence rules;
and the alarm module 203 performs alarm processing according to the converged alarm information.
In this embodiment of the present specification, the matching of the convergence rule to the original alarm information and the convergence processing of the alarm information according to the matched convergence rule include:
and judging whether the original alarm information is a multi-device multi-port alarm event or not, and if so, converging the original alarm information by using a convergence rule based on physical topology.
In this embodiment of this specification, the method may further include, according to the matched convergence rule, performing convergence processing on the alarm information:
and delaying the plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
In this embodiment of this specification, the method may further include, according to the matched convergence rule, performing convergence processing on the alarm information:
and carrying out attenuation conversion on the alarm information according to a preset periodic attenuation rule, and carrying out alarm processing by using the converted alarm information, or carrying out alarm processing by using the converted alarm information and combining the alarm processing to obtain the converged alarm information.
In the embodiment of the present specification, the period decay rule has a plurality of periods, and the level of each period is gradually decreased.
In the embodiment of this specification, still include:
and performing derivation according to the original alarm information, and performing alarm processing by combining the derived alarm information.
In an embodiment of this specification, the deriving according to the original alarm information includes:
and generating missing alarm information by combining the original alarm information according to the association rule of the alarm.
In the embodiment of this specification, still include:
and performing multi-attribute detection on the alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule, and if so, generating original alarm information.
In an embodiment of the present specification, the combination threshold rule has thresholds for a plurality of attributes, and an operation identifier that logically combines the thresholds for the plurality of attributes.
In an embodiment of this specification, the performing multi-attribute detection on an alarm object includes:
the state attribute information of the physical link is detected, and/or the state attribute information of the call link is detected.
The device acquires a plurality of pieces of original alarm information by constructing a plurality of convergence rules, performs convergence rule matching on the original alarm information, performs convergence processing on the alarm information according to the matched convergence rules, and performs alarm processing according to the converged alarm information. Through the automatic matching mode, the original alarm information is respectively matched with the adaptive convergence rules, the multiple convergence rules show multiple convergence directions, different association characteristics of different original alarm information are considered, the convergence effect is improved, and therefore the accuracy of alarm positioning can be improved.
Based on the same inventive concept, the embodiment of the specification further provides the electronic equipment.
In the following, embodiments of the electronic device of the present invention are described, which may be regarded as specific physical implementations for the above-described embodiments of the method and apparatus of the present invention. Details described in the embodiments of the electronic device of the invention should be considered supplementary to the embodiments of the method or apparatus described above; for details which are not disclosed in embodiments of the electronic device of the invention, reference may be made to the above-described embodiments of the method or the apparatus.
Fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure. An electronic device 300 according to this embodiment of the invention is described below with reference to fig. 3. The electronic device 300 shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 3, electronic device 300 is embodied in the form of a general purpose computing device. The components of electronic device 300 may include, but are not limited to: at least one processing unit 310, at least one memory unit 320, a bus 330 connecting the various system components (including the memory unit 320 and the processing unit 310), a display unit 340, and the like.
Wherein the storage unit stores program code executable by the processing unit 310 to cause the processing unit 310 to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned processing method section of the present specification. For example, the processing unit 310 may perform the steps as shown in fig. 1.
The storage unit 320 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)3201 and/or a cache memory unit 3202, and may further include a read-only memory unit (ROM) 3203.
The storage unit 320 may also include a program/utility 3204 having a set (at least one) of program modules 3205, such program modules 3205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 300 may also communicate with one or more external devices 400 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 300, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 300 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 350. Also, the electronic device 300 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 360. Network adapter 360 may communicate with other modules of electronic device 300 via bus 330. It should be appreciated that although not shown in FIG. 3, other hardware and/or software modules may be used in conjunction with electronic device 300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RA id systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments of the present invention described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a computer-readable storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to make a computing device (which can be a personal computer, a server, or a network device, etc.) execute the above-mentioned method according to the present invention. The computer program, when executed by a data processing apparatus, enables the computer readable medium to implement the above-described method of the invention, namely: such as the method shown in fig. 1.
Fig. 4 is a schematic diagram of a computer-readable medium provided in an embodiment of the present specification.
A computer program implementing the method shown in fig. 1 may be stored on one or more computer readable media. The computer readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functionality of some or all of the components in embodiments in accordance with the invention may be implemented in practice using a general purpose data processing device such as a microprocessor or a Digital Signal Processor (DSP). The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website, or provided on a carrier signal, or provided in any other form.
While the foregoing embodiments have described the objects, aspects and advantages of the present invention in further detail, it should be understood that the present invention is not inherently related to any particular computer, virtual machine or electronic device, and various general-purpose machines may be used to implement the present invention. The invention is not to be considered as limited to the specific embodiments thereof, but is to be understood as being modified in all respects, all changes and equivalents that come within the spirit and scope of the invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (7)
1. An alarm processing method, comprising:
constructing a plurality of convergence rules;
performing multi-attribute detection on an alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule, if so, generating original alarm information, wherein the combined threshold rule has thresholds with various attributes, and an operation identifier for logically combining the thresholds with various attributes;
acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information, and performing convergence processing on the alarm information according to the matched convergence rules;
according to the association rule of the alarm, combining the original alarm information to derive and generate the missing alarm information;
performing alarm processing according to the converged alarm information and informing the occurrence of alarm missing condition;
the matching of the convergence rule to the original alarm information and the convergence processing of the alarm information according to the matched convergence rule include:
judging whether the original alarm information is a multi-device multi-port alarm event or not, and if so, converging the original alarm information by using a convergence rule based on physical topology;
and delaying a plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
2. The method according to claim 1, wherein the performing convergence processing of the alarm information according to the matched convergence rule further comprises:
and carrying out attenuation conversion on the alarm information according to a preset periodic attenuation rule, and carrying out alarm processing by using the converted alarm information, or carrying out alarm processing by using the converted alarm information and combining the alarm processing to obtain the converged alarm information.
3. The method of claim 2, wherein the period decay pattern has a plurality of periods, each period having a progressively decreasing level.
4. The method of claim 1, wherein the performing multi-attribute detection on the alarm object comprises:
the state attribute information of the physical link is detected, and/or the state attribute information of the call link is detected.
5. An alarm processing apparatus, comprising:
the rule module is used for constructing various convergence rules;
the convergence module is used for carrying out multi-attribute detection on the alarm object to obtain multi-attribute information, judging whether the multi-attribute information meets a combined threshold rule or not, if so, generating original alarm information, wherein the combined threshold rule has thresholds with various attributes, and an operation identifier for logically combining the thresholds with various attributes;
acquiring a plurality of pieces of original alarm information, matching convergence rules of the original alarm information, and performing convergence processing on the alarm information according to the matched convergence rules;
according to the association rule of the alarm, combining the original alarm information to derive and generate the missing alarm information;
the alarm module is used for carrying out alarm processing according to the alarm information after convergence and informing the occurrence of alarm missing conditions;
the matching of the convergence rule to the original alarm information and the convergence processing of the alarm information according to the matched convergence rule include:
judging whether the original alarm information is a multi-device multi-port alarm event or not, and if so, converging the original alarm information by using a convergence rule based on physical topology;
and delaying a plurality of pieces of alarm information, and combining the alarm information received in the delay period according to a combination rule to obtain the converged alarm information.
6. An electronic device, wherein the electronic device comprises:
a processor; and the number of the first and second groups,
a memory storing computer-executable instructions that, when executed, cause the processor to perform the method of any of claims 1-4.
7. A computer readable storage medium, wherein the computer readable storage medium stores one or more programs which, when executed by a processor, implement the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110660246.1A CN113268399B (en) | 2021-06-15 | 2021-06-15 | Alarm processing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110660246.1A CN113268399B (en) | 2021-06-15 | 2021-06-15 | Alarm processing method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113268399A CN113268399A (en) | 2021-08-17 |
| CN113268399B true CN113268399B (en) | 2022-06-14 |
Family
ID=77235048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110660246.1A Active CN113268399B (en) | 2021-06-15 | 2021-06-15 | Alarm processing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113268399B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113835976B (en) * | 2021-09-23 | 2024-03-29 | 阿里巴巴(中国)有限公司 | Method and device for carrying out alarm processing on Internet data center |
| CN113886182A (en) * | 2021-09-29 | 2022-01-04 | 深圳市金蝶天燕云计算股份有限公司 | Alarm convergence method and device, electronic equipment and storage medium |
| CN115225456A (en) * | 2022-06-15 | 2022-10-21 | 中国电信股份有限公司 | Alarm processing method, device, equipment and storage medium |
| CN115514618A (en) * | 2022-09-20 | 2022-12-23 | 建信金融科技有限责任公司 | Alarm event processing method and device, electronic equipment and medium |
| CN116846741B (en) * | 2023-08-31 | 2023-11-28 | 广州嘉为科技有限公司 | Alarm convergence method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1984170A (en) * | 2005-12-15 | 2007-06-20 | 中国移动通信集团公司 | Method for processing network alerting information |
| CN112532456A (en) * | 2020-12-04 | 2021-03-19 | 浪潮云信息技术股份公司 | Alarm monitoring method in cloud environment |
| CN112671560A (en) * | 2020-12-11 | 2021-04-16 | 广东电力通信科技有限公司 | High-availability distributed real-time alarm processing method and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8891525B2 (en) * | 2008-05-01 | 2014-11-18 | Honeywell International Inc. | Fixed mobile convergence techniques for redundant alarm reporting |
| CN103856339B (en) * | 2012-12-04 | 2017-11-21 | 中国移动通信集团广西有限公司 | A kind of method and apparatus being compressed to warning information |
| US9672724B2 (en) * | 2013-03-31 | 2017-06-06 | Schneider Electric USA, Inc. | Automatic configuration of alarm aggregations |
| CN106817237B (en) * | 2015-12-01 | 2019-11-22 | 普天信息技术有限公司 | It is a kind of to repeat alarming inhibiting method and device |
| US20200099570A1 (en) * | 2018-09-26 | 2020-03-26 | Ca, Inc. | Cross-domain topological alarm suppression |
-
2021
- 2021-06-15 CN CN202110660246.1A patent/CN113268399B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1984170A (en) * | 2005-12-15 | 2007-06-20 | 中国移动通信集团公司 | Method for processing network alerting information |
| CN112532456A (en) * | 2020-12-04 | 2021-03-19 | 浪潮云信息技术股份公司 | Alarm monitoring method in cloud environment |
| CN112671560A (en) * | 2020-12-11 | 2021-04-16 | 广东电力通信科技有限公司 | High-availability distributed real-time alarm processing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113268399A (en) | 2021-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113268399B (en) | Alarm processing method and device and electronic equipment | |
| US10284444B2 (en) | Visual representation of end user response time in a multi-tiered network application | |
| US20190018667A1 (en) | Systems and Methods of Constructing a Network Topology | |
| US8156378B1 (en) | System and method for determination of the root cause of an overall failure of a business application service | |
| CN107426022B (en) | Security event monitoring method and device, electronic equipment and storage medium | |
| CN110955575A (en) | Business system fault positioning method based on correlation analysis model | |
| US11818014B2 (en) | Multi-baseline unsupervised security-incident and network behavioral anomaly detection in cloud-based compute environments | |
| CN107204875B (en) | Data reporting link monitoring method and device, electronic equipment and storage medium | |
| Wang et al. | Efficient alarm behavior analytics for telecom networks | |
| US20200099570A1 (en) | Cross-domain topological alarm suppression | |
| WO2017080161A1 (en) | Alarm information processing method and device in cloud computing | |
| CN113328872A (en) | Fault repair method, device and storage medium | |
| CN115529595A (en) | Method, device, equipment and medium for detecting abnormity of log data | |
| CN111431754A (en) | Fault analysis method and system for power distribution and utilization communication network | |
| US20190250950A1 (en) | Dynamically configurable operation information collection | |
| Solmaz et al. | ALACA: A platform for dynamic alarm collection and alert notification in network management systems | |
| CN112350854A (en) | Flow fault positioning method, device, equipment and storage medium | |
| CN117041029A (en) | Network equipment fault processing method and device, electronic equipment and storage medium | |
| CN113656252A (en) | Fault positioning method and device, electronic equipment and storage medium | |
| CN110609761B (en) | Method and device for determining fault source, storage medium and electronic equipment | |
| CN109634808B (en) | Chain monitoring event root cause analysis method based on correlation analysis | |
| CN111162938A (en) | Data processing system and method | |
| CN115037597A (en) | Fault detection method and equipment | |
| CN104881354A (en) | Cloud disk monitoring method and device | |
| CN114756301A (en) | Log processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |