CN114465875A - Fault processing method and device - Google Patents
Fault processing method and device Download PDFInfo
- Publication number
- CN114465875A CN114465875A CN202210377008.4A CN202210377008A CN114465875A CN 114465875 A CN114465875 A CN 114465875A CN 202210377008 A CN202210377008 A CN 202210377008A CN 114465875 A CN114465875 A CN 114465875A
- Authority
- CN
- China
- Prior art keywords
- fault
- log
- characteristic information
- processing
- logs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Abstract
The application provides a fault processing method and a device, wherein the method comprises the following steps: acquiring fault information and extracting fault logs within a preset time range when a fault occurs; extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base; and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base. The fault processing method and the fault processing device are used for automatically analyzing and processing the fault when the fault occurs, and the fault processing efficiency is improved.
Description
Technical Field
The present application relates to the field of fault automation processing, and in particular, to a fault processing method and apparatus.
Background
In the intelligent operation and maintenance field of the mobile terminal, after a fault occurs, operation and maintenance personnel can analyze and process the fault so as to ensure the normal operation of the system.
A fault handling method in the related art includes: the operation and maintenance monitoring platform monitors a series of possible faults, automatically creates corresponding fault work orders, and then sends messages through various channels to inform relevant operation and maintenance personnel to track and solve the problems.
However, the fault processing method only performs visualization and centralized unified management on the network and the server, which reduces some repetitive work, but still performs fault processing manually by operation and maintenance personnel, and the fault processing efficiency is low.
Disclosure of Invention
The invention aims to provide a fault processing method and a fault processing device, which are used for automatically analyzing and processing faults when the faults occur, and improving the efficiency of fault processing.
The application provides a fault processing method, which comprises the following steps:
acquiring fault information and extracting fault logs within a preset time range when a fault occurs; extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base; and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base.
Optionally, the extracting first feature information of the fault log includes: carrying out structured processing on the fault log through at least one regular expression; the at least one regular expression is used for removing logs which are not matched with preset log events in the fault logs and/or logs which are not matched with preset fields; the at least one regular expression is further used for classifying the fault log.
Optionally, after the fault log is structured by at least one regular expression, the method further includes: dividing the fault log after structured processing into at least one log group, and constructing a log tree according to the at least one log group.
Optionally, the dividing the structured fault log into at least one log group, and constructing a log tree according to the at least one log group includes: under the condition that a target log in the fault logs is matched with a target expression in the at least one regular expression, determining the log length of the target log; distributing each log to a log group with the corresponding log length in the log tree according to the log length corresponding to each log in the fault logs; the log tree comprises at least one log group; under the condition that the log groups contain child nodes, classifying according to the similarity of each log in each log group and the regular expression corresponding to each log group; wherein the log length is: the number of tokens Token of the regular expression matching the log; the Token is used for matching the log with the regular expression; a log group corresponds to a child node of a root node in the log tree; the similarity is determined based on the matching degree of the Token of the log and the Token of the regular expression.
Optionally, after the structured fault log is divided into at least one log group and a log tree is constructed according to the at least one log group, the method further includes: and determining a target log group matched with the fault information from the at least one log group through a fault information matching model.
Optionally, the extracting first feature information of the fault log includes: and performing feature extraction on the logs in the target log group to obtain the first feature information.
Optionally, the method further comprises: under the condition that the characteristic information matched with the first characteristic information does not exist in the fault knowledge base, a target object is notified, the target object processes the fault corresponding to the fault information, and the processing flow of the target object is recorded; and storing the first characteristic information and the processing flow into the fault knowledge base in an associated manner.
The present application further provides a fault handling apparatus, including:
the acquisition module is used for acquiring fault information and extracting fault logs within a preset time range when a fault occurs; the characteristic extraction module is used for extracting first characteristic information of the fault log and matching the first characteristic information with characteristic information in a fault knowledge base; and the fault processing module is used for processing the fault according to a fault processing method corresponding to the second characteristic information matched with the first characteristic information in the fault knowledge base under the condition of successful matching.
Optionally, the apparatus further comprises: a classification module; the classification module is used for carrying out structured processing on the fault log through at least one regular expression; the at least one regular expression is used for removing logs which are not matched with preset log events in the fault logs and/or logs which are not matched with preset fields; the at least one regular expression is further used for classifying the fault log.
Optionally, the classification module is further configured to divide the structured fault log into at least one log group, and construct a log tree according to the at least one log group.
Optionally, the classification module is specifically configured to determine a log length of a target log in the fault log when the target log is matched with a target expression in the at least one regular expression; the classification module is specifically configured to allocate each log to a log group having a log length corresponding to the log tree according to the log length corresponding to each log in the fault logs; the log tree comprises at least one log group; the classification module is specifically configured to classify the logs according to similarity between each log in each log group and the regular expression corresponding to each log group when the log groups include child nodes; wherein the log length is: the number of tokens Token of the regular expression matching the log; the Token is used for matching the log with the regular expression; a log group corresponds to a child node of a root node in the log tree; the similarity is determined based on the matching degree of the Token of the log and the Token of the regular expression.
Optionally, the apparatus further comprises: a determination module; and the determining module is used for determining a target log group matched with the fault information from the at least one log group through a fault information matching model.
Optionally, the feature extraction module is specifically configured to perform feature extraction on the logs in the target log group to obtain the first feature information.
Optionally, the apparatus further comprises: a matching module and an updating module; the matching module is used for notifying a target object under the condition that the characteristic information matched with the first characteristic information does not exist in the fault knowledge base, processing the fault corresponding to the fault information by the target object, and recording the processing flow of the target object; and the updating module is used for storing the first characteristic information and the processing flow into the fault knowledge base in a correlation manner.
The present application also provides a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the fault handling method as described in any of the above.
The present application further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the fault handling method according to any one of the above methods when executing the computer program.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the fault handling method as described in any of the above.
According to the fault processing method and device, when a fault occurs, fault information is obtained, and fault logs in a preset time range when the fault occurs are extracted. And then extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base. And finally, under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base. When a fault occurs, the system can realize the automatic operation of fault analysis and processing, and the fault processing efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic flow chart diagram of a fault handling method provided herein;
FIG. 2 is a schematic diagram of a log tree structure provided in the present application;
FIG. 3 is a schematic diagram of a fault handling apparatus provided herein;
fig. 4 is a schematic structural diagram of an electronic device provided in the present application.
Detailed Description
To make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the present application will be clearly and completely described below with reference to the drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
In the field of intelligent operation and maintenance of mobile terminals, analysis and processing of faults play a particularly important role. The existing fault processing method mainly comprises the steps that an operation and maintenance monitoring platform monitors a series of possible faults, corresponding fault work orders are automatically created, and then messages are sent through various channels to inform relevant operation and maintenance personnel of tracking and solving problems. The operation and maintenance mode only performs data visualization and centralized unified management on the network and the server, reduces some repetitive work, but does not solve the monotony and the repeatability of manual operation, and does not effectively reduce the operation and maintenance management difficulty and the learning cost.
In order to improve the efficiency of fault processing and realize the automatic operation of fault processing, the application provides a fault processing method which adopts fault data acquisition, Artificial Intelligence (AI) analysis and intelligent optimization matching. The method can call information such as corresponding log records and the like by the AI aiming at the fault notification fed back by the monitoring platform, analyze fault data in the information, extract characteristic information, and optimally match a corresponding processing method in a fault knowledge base to process the fault. Moreover, when the system cannot process the fault, the fault can be processed manually, and the processing operation flow is updated into the fault knowledge base, so that the reliability and diversity of the knowledge base processing method are enhanced, the fault processing mechanism is effectively improved, and the monotonous and repetitive work and the manual complex difficulty of operation and maintenance personnel are reduced.
The following describes the fault handling method provided by the embodiment of the present application in detail through a specific embodiment and an application scenario thereof with reference to the accompanying drawings.
As shown in fig. 1, a fault handling method provided in an embodiment of the present application may include the following steps 101 to 103:
For example, the fault information may be generated by a monitoring platform in a process of monitoring a controlled system, the monitoring platform sends the fault information of the fault to a fault processing system after monitoring that the controlled system has an operation fault, and the fault processing system processes the fault according to the fault processing method provided in the embodiment of the present application after receiving the fault information.
When the fault processing system receives the fault information feedback of the monitoring platform, a fault analysis processing mechanism is automatically started, and the returned data are analyzed. And performing simulation operation to search fault points through the call chain according to the obtained information, locating the positions of the problems, and determining a fault generation module or function and the like.
It will be appreciated that a fault in the controlled system described above may result from some error prior to the fault, and that due to some redundancy in the controlled system, an operational fault will only occur when errors accumulate to some extent. Therefore, it is necessary to extract the system operation logs, i.e., the above-described fault logs, in a first preset time before the time point when the fault occurs and in a second preset time after the time point when the fault occurs.
And 102, extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base.
For example, after determining a module or function that generates a fault, a group of logs having the highest relevance to the fault needs to be extracted from the fault logs, and first feature information of the group of logs needs to be extracted.
For example, in order to extract a group of logs having the highest association with a fault from the fault logs, the fault logs need to be classified.
Specifically, the step 102 may include the following steps 102 a:
and 102a, carrying out structural processing on the fault log through at least one regular expression.
The at least one regular expression is used for removing logs which are not matched with preset log events in the fault logs and/or logs which are not matched with preset fields; the at least one regular expression is further used for classifying the fault log.
For example, in general, the log information of the acquired original log (i.e., the fault log) is unstructured information, and therefore, for convenience of subsequent classification processing, the log information of each log in the fault log needs to be structured.
For example, taking a certain log (081109204608 Receiving block blk _3587 src:/10.251.42.84:57069 dest:/10.251.42.84: 50010) in the fault log as an example, the log can be identified by a regular expression, which can be: blk _3587 Receiving block src and dest, wherein blk _3587, Receiving, block, src and dest are all fixed items and are used for matching a specific vocabulary, and wildcards are used for matching one or more real characters. Each fixed term and wildcard in the regular expression can be regarded as a Token.
After the structured processing is performed on the fault log, the step 102 may further include the following step 102 b:
and 102b, dividing the fault log after structured processing into at least one log group, and constructing a log tree according to the at least one log group.
For example, after the fault logs are processed by using the regular expression, the fault logs can be classified according to the log length of each fault log.
Specifically, the step 102b may include the following steps 102b1 to 102b 3:
step 102b1, determining the log length of a target log in the fault logs in case the target log matches a target expression in the at least one regular expression.
Step 102b2, according to the log length corresponding to each log in the fault log, allocating each log to the log group with the corresponding log length in the log tree,
wherein the log tree comprises at least one log group.
And step 102b3, when the log groups contain child nodes, classifying the logs according to the similarity between each log in each log group and the regular expression corresponding to each log group.
Wherein the log length is: the number of tokens Token of the regular expression matching the log; the Token is used for matching the log with the regular expression; a log group corresponds to a child node of a root node in the log tree; the similarity is determined based on the matching degree of the Token of the log and the Token of the regular expression.
It should be noted that the log length of the fault log is the number of matching terms of the regular expression which can be matched with the fault log, that is, the number of tokens of the regular expression.
Illustratively, in order to reduce the search complexity, the log tree is associated with a tree of a preset depth, which is usually 3, that is, the log tree includes: a root node, children of the root node, and leaf nodes of the children. As shown in fig. 2, a grouping situation of log trees provided in an embodiment of the present application includes: the first layer is a Root node Root, the second layer is a child node of the Root node (including three nodes, L =8, L =9, L =10, respectively), and the third layer is a leaf node.
For example, as shown in fig. 2, the second layer classifies the fault logs into three categories according to the number of tokens. The third layer further subdivides the logs in each node in the second layer. With the regular expression above: blk _3587 Receiving block src, dest, the number of regular expressions token is 8, and all logs matched by the regular expressions are divided into log groups corresponding to nodes with L = 8. Specifically, the node with L =8 may further divide the log, for example, by comparing with a regular expression: blk _3587 Sending block src, dest, wherein the matched logs are also classified into the log group corresponding to the node L =8, and based on this, the logs in the log group can be further subdivided into the groups containing the "Sending" keyword and the groups containing the "Receiving" keyword. Similarly, the node L =9 may contain leaf nodes of the "bundling" keyword, and the node L =10 may contain leaf nodes of the "Starting" and "Ending" keywords.
It should be noted that, the regular expressions are preset expressions, that is, the logs can be classified according to the wishes of the administrator, and the classification results obtained by using different regular expressions are not completely the same.
For example, after the fault logs are classified according to the method in the above steps 102b1 to 102b3, a target log group which can reflect the fault most needs to be determined from at least one obtained log group.
After the step 102b, the step 102 may further include the following step 102 c:
and 102c, determining a target log group matched with the fault information from the at least one log group through a fault information matching model.
Illustratively, the fault information matching model is obtained by training the model by using the collected fault information and the classification result corresponding to the fault information as training samples. By the fault information matching model, the target log group can be determined from the at least one log group according to the fault information.
After determining the target log group, the step 102 may further include the following step 102 d:
and 102d, performing feature extraction on the logs in the target log group to obtain the first feature information.
For example, after the target log group is determined, key information of logs included in the target log group may be extracted, and the first feature information may be further obtained. The first signature information may then be matched against signature information in a fault knowledge base.
And 103, under the condition of successful matching, processing the fault according to a fault processing method corresponding to the second characteristic information matched with the first characteristic information in the fault knowledge base.
For example, in the case where the second characteristic information matching the first characteristic information exists in the failure knowledge base, it indicates that a failure processing method capable of solving the failure is present in the failure knowledge base. The fault processing system can automatically process the fault according to the fault processing method without manual operation of operation and maintenance personnel.
Specifically, an (elastic search, ES) search engine may be used to search in the failure knowledge base, and according to a preset matching score threshold (for example, the score threshold is 90), the best matching result is selected to obtain the corresponding failure processing method. And if the characteristic information meeting the requirement of the preset grading threshold value is not searched, pushing the fault information to operation and maintenance personnel for processing, and recording a fault processing method of the operation and maintenance personnel.
For example, the fault handling method provided in the embodiment of the present application may further include the following steps 104 and 105:
and 104, under the condition that the characteristic information matched with the first characteristic information does not exist in the fault knowledge base, informing a target object, processing the fault corresponding to the fault information by the target object, and recording the processing flow of the target object.
And 105, storing the first characteristic information and the processing flow into the fault knowledge base in an associated manner.
For example, if the fault knowledge base does not store the processing method of the fault, the transfer maintenance personnel is required to process the fault, the fault processing system automatically records the fault processing method of the operation maintenance personnel, and stores the recorded fault processing method and the first characteristic information in the fault knowledge base in a correlated manner, so that the fault processing system can automatically process the fault when a similar fault occurs subsequently.
According to the fault processing method provided by the embodiment of the application, when a fault occurs, fault information is obtained, and a fault log in a preset time range when the fault occurs is extracted. And then extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base. And finally, under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base. When a fault occurs, the system can realize the automatic operation of fault analysis and processing, and the fault processing efficiency is improved.
It should be noted that, in the fault handling method provided in the embodiment of the present application, the execution main body may be a fault handling apparatus, or a control module in the fault handling apparatus for executing the fault handling method. In the embodiment of the present application, a fault processing apparatus executing a fault processing method is taken as an example, and the fault processing apparatus provided in the embodiment of the present application is described.
In the embodiments of the present application, the above-described methods are illustrated in the drawings. The fault handling method is exemplarily described with reference to one of the drawings in the embodiments of the present application. In specific implementation, the fault handling method shown in each method drawing may also be implemented by combining any other drawing that may be combined, which is illustrated in the foregoing embodiments, and is not described herein again.
The following describes the fault handling apparatus provided in the present application, and the fault handling methods described below and described above may be referred to correspondingly.
Fig. 3 is a schematic structural diagram of a fault handling apparatus according to an embodiment of the present application, and as shown in fig. 3, the fault handling apparatus specifically includes:
an obtaining module 301, configured to obtain fault information and extract a fault log within a preset time range when a fault occurs; a feature extraction module 302, configured to extract first feature information of the fault log, and match the first feature information with feature information in a fault knowledge base; and the fault processing module 303 is configured to, in the case that the matching is successful, process the fault according to a fault processing method corresponding to the second feature information matched with the first feature information in the fault knowledge base.
Optionally, the apparatus further comprises: a classification module; the classification module is used for carrying out structured processing on the fault log through at least one regular expression; the at least one regular expression is used for removing logs which are not matched with preset log events in the fault logs and/or logs which are not matched with preset fields; the at least one regular expression is further used for classifying the fault log.
Optionally, the classification module is further configured to divide the fault log after the structured processing into at least one log group, and construct a log tree according to the at least one log group.
Optionally, the classification module is specifically configured to determine a log length of a target log in the fault log when the target log is matched with a target expression in the at least one regular expression; the classification module is specifically configured to allocate each log to a log group having a log length corresponding to the log tree according to the log length corresponding to each log in the fault logs; the log tree comprises at least one log group; the classification module is specifically configured to classify the logs according to similarity between each log in each log group and the regular expression corresponding to each log group when the log groups include child nodes; wherein the log length is: the number of tokens Token of the regular expression matching the log; the Token is used for matching the log with the regular expression; a log group corresponds to a child node of a root node in the log tree; the similarity is determined based on the matching degree of the Token of the log and the Token of the regular expression.
Optionally, the apparatus further comprises: a determination module; and the determining module is used for determining a target log group matched with the fault information from the at least one log group through a fault information matching model.
Optionally, the feature extraction module 302 is specifically configured to perform feature extraction on the logs in the target log group to obtain the first feature information.
Optionally, the apparatus further comprises: a matching module and an updating module; the matching module is used for notifying a target object under the condition that the characteristic information matched with the first characteristic information does not exist in the fault knowledge base, processing the fault corresponding to the fault information by the target object, and recording the processing flow of the target object; and the updating module is used for storing the first characteristic information and the processing flow into the fault knowledge base in a correlation manner.
According to the fault processing device, when a fault occurs, fault information is obtained, and fault logs in a preset time range when the fault occurs are extracted. And then extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base. And finally, under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base. When a fault occurs, the system can realize the automatic operation of fault analysis and processing, and the fault processing efficiency is improved.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. Processor 410 may call logic instructions in memory 430 to perform a fault handling method comprising: acquiring fault information and extracting fault logs within a preset time range when a fault occurs; extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base; and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present application also provides a computer program product, including a computer program stored on a computer-readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer being capable of executing the fault handling method provided by the above methods, the method including: acquiring fault information and extracting fault logs within a preset time range when a fault occurs; extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base; and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base.
In yet another aspect, the present application further provides a computer-readable storage medium having a computer program stored thereon, the computer program being implemented by a processor to perform the fault handling method provided above, the method comprising: acquiring fault information and extracting fault logs within a preset time range when a fault occurs; extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base; and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method of fault handling, comprising:
acquiring fault information and extracting fault logs within a preset time range when a fault occurs;
extracting first characteristic information of the fault log, and matching the first characteristic information with characteristic information in a fault knowledge base;
and under the condition of successful matching, processing the fault according to a fault processing method corresponding to second characteristic information matched with the first characteristic information in the fault knowledge base.
2. The method of claim 1, wherein the extracting the first characteristic information of the fault log comprises:
carrying out structured processing on the fault log through at least one regular expression;
the at least one regular expression is used for removing logs which are not matched with preset log events in the fault logs and/or logs which are not matched with preset fields; the at least one regular expression is further used for classifying the fault log.
3. The method of claim 2, wherein after the structured processing of the fault log by at least one regular expression, the method further comprises:
dividing the fault log after structured processing into at least one log group, and constructing a log tree according to the at least one log group.
4. The method of claim 3, wherein the dividing the structured fault logs into at least one log group and constructing a log tree according to the at least one log group comprises:
under the condition that a target log in the fault logs is matched with a target expression in the at least one regular expression, determining the log length of the target log;
according to the log length corresponding to each log in the fault logs, distributing each log to a log group corresponding to the log length in the log tree; the log tree comprises at least one log group;
under the condition that the log groups contain child nodes, classifying according to the similarity of each log in each log group and the regular expression corresponding to each log group;
wherein the log length is: the number of tokens Token of the regular expression matching the log; the Token is used for matching the log with the regular expression; a log group corresponds to a child node of a root node in the log tree; the similarity is determined based on the matching degree of the Token of the log and the Token of the regular expression.
5. The method of claim 3, wherein after the structured fault log is divided into at least one log group and the log tree is constructed according to the at least one log group, the method further comprises:
and determining a target log group matched with the fault information from the at least one log group through a fault information matching model.
6. The method of claim 5, wherein the extracting the first characteristic information of the fault log comprises:
and performing feature extraction on the logs in the target log group to obtain the first feature information.
7. The method of claim 1, further comprising:
under the condition that the characteristic information matched with the first characteristic information does not exist in the fault knowledge base, a target object is notified, the target object processes the fault corresponding to the fault information, and the processing flow of the target object is recorded;
and storing the first characteristic information and the processing flow into the fault knowledge base in an associated manner.
8. A fault handling apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring fault information and extracting fault logs within a preset time range when a fault occurs;
the characteristic extraction module is used for extracting first characteristic information of the fault log and matching the first characteristic information with characteristic information in a fault knowledge base;
and the fault processing module is used for processing the fault according to a fault processing method corresponding to the second characteristic information matched with the first characteristic information in the fault knowledge base under the condition of successful matching.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the fault handling method according to any one of claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the fault handling method according to any of claims 1 to 7 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210377008.4A CN114465875B (en) | 2022-04-12 | 2022-04-12 | Fault processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210377008.4A CN114465875B (en) | 2022-04-12 | 2022-04-12 | Fault processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114465875A true CN114465875A (en) | 2022-05-10 |
| CN114465875B CN114465875B (en) | 2022-07-29 |
Family
ID=81417476
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210377008.4A Active CN114465875B (en) | 2022-04-12 | 2022-04-12 | Fault processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465875B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116882968A (en) * | 2023-06-29 | 2023-10-13 | 三峡科技有限责任公司 | Design and implementation method for fault defect overall process treatment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140324865A1 (en) * | 2013-04-26 | 2014-10-30 | International Business Machines Corporation | Method, program, and system for classification of system log |
| CN105468677A (en) * | 2015-11-13 | 2016-04-06 | 国家计算机网络与信息安全管理中心 | Log clustering method based on graph structure |
| CN109240895A (en) * | 2018-09-11 | 2019-01-18 | 北京北信源信息安全技术有限公司 | A kind of processing method and processing device for analyzing log failure |
| CN109271272A (en) * | 2018-10-15 | 2019-01-25 | 江苏物联网研究发展中心 | Big data component faults based on unstructured log assist repair system |
| CN112068981A (en) * | 2020-09-24 | 2020-12-11 | 中国人民解放军国防科技大学 | Knowledge base-based fault scanning recovery method and system in Linux operating system |
| CN112445775A (en) * | 2019-08-15 | 2021-03-05 | 上海微电子装备(集团)股份有限公司 | Fault analysis method, device, equipment and storage medium of photoetching machine |
| CN113626400A (en) * | 2021-07-11 | 2021-11-09 | 南京理工大学 | Log event extraction method and system based on log tree and analytic tree |
-
2022
- 2022-04-12 CN CN202210377008.4A patent/CN114465875B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140324865A1 (en) * | 2013-04-26 | 2014-10-30 | International Business Machines Corporation | Method, program, and system for classification of system log |
| CN105468677A (en) * | 2015-11-13 | 2016-04-06 | 国家计算机网络与信息安全管理中心 | Log clustering method based on graph structure |
| CN109240895A (en) * | 2018-09-11 | 2019-01-18 | 北京北信源信息安全技术有限公司 | A kind of processing method and processing device for analyzing log failure |
| CN109271272A (en) * | 2018-10-15 | 2019-01-25 | 江苏物联网研究发展中心 | Big data component faults based on unstructured log assist repair system |
| CN112445775A (en) * | 2019-08-15 | 2021-03-05 | 上海微电子装备(集团)股份有限公司 | Fault analysis method, device, equipment and storage medium of photoetching machine |
| CN112068981A (en) * | 2020-09-24 | 2020-12-11 | 中国人民解放军国防科技大学 | Knowledge base-based fault scanning recovery method and system in Linux operating system |
| CN113626400A (en) * | 2021-07-11 | 2021-11-09 | 南京理工大学 | Log event extraction method and system based on log tree and analytic tree |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116882968A (en) * | 2023-06-29 | 2023-10-13 | 三峡科技有限责任公司 | Design and implementation method for fault defect overall process treatment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114465875B (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110609759A (en) | Fault root cause analysis method and device | |
| CN111726248A (en) | Alarm root cause positioning method and device | |
| US10261967B2 (en) | Data extraction | |
| Kobayashi et al. | Towards an NLP-based log template generation algorithm for system log analysis | |
| CN110224850A (en) | Telecommunication network fault early warning method, device and terminal device | |
| CN110188196B (en) | Random forest based text increment dimension reduction method | |
| CN114818643B (en) | Log template extraction method and device for reserving specific service information | |
| CN108108445A (en) | A kind of data intelligence processing method and system | |
| CN111597550A (en) | Log information analysis method and related device | |
| CN114465875B (en) | Fault processing method and device | |
| CN110166289A (en) | A kind of method and device identifying target information assets | |
| CN113409016A (en) | Information processing method, server and medium applied to big data cloud office | |
| CN112506750A (en) | Big data processing system for mass log analysis and early warning | |
| CN114647558A (en) | Method and device for detecting log abnormity | |
| CN114385668A (en) | Cold data cleaning method, device, equipment and storage medium | |
| CN114328277A (en) | Software defect prediction and quality analysis method, device, equipment and medium | |
| CN110019762A (en) | A kind of positioning problems method, storage medium and server | |
| CN107688619A (en) | A kind of daily record data processing method and processing device | |
| CN115859191A (en) | Fault diagnosis method and device, computer readable storage medium and computer equipment | |
| Eken et al. | Predicting defects with latent and semantic features from commit logs in an industrial setting | |
| CN110262950A (en) | Abnormal movement detection method and device based on many index | |
| CN113032363A (en) | Chaos test optimization method and system based on k-means algorithm | |
| CN111339378A (en) | Character command auditing method and system in operation and maintenance management | |
| CN105930453A (en) | Repeatability analyzing method and device | |
| CN112765014A (en) | Automatic test system for multi-user simultaneous operation and working method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |