CN114756441A - Method, device, equipment and medium for processing logs of host system - Google Patents

Method, device, equipment and medium for processing logs of host system Download PDF

Info

Publication number
CN114756441A
CN114756441A CN202210432825.5A CN202210432825A CN114756441A CN 114756441 A CN114756441 A CN 114756441A CN 202210432825 A CN202210432825 A CN 202210432825A CN 114756441 A CN114756441 A CN 114756441A
Authority
CN
China
Prior art keywords
log message
log
message
host system
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210432825.5A
Other languages
Chinese (zh)
Inventor
吴哲琼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210432825.5A priority Critical patent/CN114756441A/en
Publication of CN114756441A publication Critical patent/CN114756441A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3452Performance evaluation by statistical analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0483Interaction with page-structured environments, e.g. book metaphor

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Evolutionary Biology (AREA)
  • Computer Hardware Design (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Quality & Reliability (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The disclosure provides a log processing method for a host system, which can be applied to the technical fields of computers and internet of things. The host system log processing method comprises the following steps: analyzing a first log message from a host system to obtain attribute information of the first log message; according to the attribute information, adding an attribute identifier corresponding to the attribute information to the first log message to obtain a second log message with the attribute identifier; and generating a first message statistical image corresponding to the attribute identifier in the first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in the first historical duration. The present disclosure also provides a host system log processing apparatus, device, storage medium, and program product.

Description

Method, device, equipment and medium for processing logs of host system
Technical Field
The present disclosure relates to the field of computers and internet of things, and in particular, to a method, an apparatus, a device, a medium, and a program product for processing logs of a host system.
Background
A mainframe (mainframe computer) generally refers to a computer that is used to process large-capacity data, and unlike a general computer, a mainframe can simultaneously run multiple operating systems, and has reliability, security, backward compatibility, and efficient data I/O processing performance. Because a large-scale host needs to process large-scale data in the operation process, a large amount of system logs are generated, and system operation and maintenance personnel complete relevant system operation and maintenance work by checking the system logs.
In the process of implementing the inventive concept disclosed by the present disclosure, the inventor finds that due to the large quantity and scale of the system logs, the large-scale system logs of the operation and maintenance personnel are difficult to effectively analyze the log messages, and great troubles are caused to the operation and maintenance work of the system.
Disclosure of Invention
In view of the foregoing, the present disclosure provides host system log processing methods, apparatuses, devices, media, and program products.
According to a first aspect of the present disclosure, there is provided a host system log processing method, including:
analyzing a first log message from a host system to obtain attribute information of the first log message;
adding an attribute identifier corresponding to the attribute information to the first log message according to the attribute information to obtain a second log message with the attribute identifier; and
and generating a first message statistical image corresponding to the attribute identifier in a first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in a first historical duration.
According to an embodiment of the present disclosure, the method for processing the log of the host system further includes:
And generating a second message statistical image in a second interactive page in response to the query operation aiming at the statistical sub-image of the first message statistical image, wherein the second message statistical image is characterized in a second historical duration and is the statistical characteristic of the second log message, and the first historical duration comprises at least one second historical duration.
According to an embodiment of the present disclosure, generating, according to the second log message, a first message statistical image corresponding to the attribute identifier in the first interactive page includes:
according to the attribute identification of the second log message, a log message set corresponding to the attribute identification is constructed, wherein the log message set comprises at least one second log message;
and generating a first message statistical image corresponding to the attribute identification in the first interactive page according to the log message set and the attribute identification.
According to an embodiment of the present disclosure, parsing a first log message from a host system to obtain attribute information of the first log message includes:
analyzing a first log message from a host system to obtain message header data of the first log message;
And obtaining the attribute information of the first log message based on the target matching result of the target attribute information in the target attribute information table and the message header data.
According to an embodiment of the present disclosure, the method for processing the log of the host system further includes:
displaying an operation object for comparing second log messages in two different preset time periods in a third interactive page, wherein the two different preset time periods comprise a reference historical time period and a comparison historical time period;
responding to the query operation aiming at the operation object, and acquiring a reference second log message set in the reference historical time period and a comparison second log message set in the comparison historical time period;
matching the comparison second log message set with the reference second log message set, and determining a reference second log message from the comparison second log message set, wherein the reference second log message is a second log message which is matched with a second log message in the reference second log message set in the comparison second log message set;
deleting the reference second log message in the comparison second log message set to obtain a target second log message; and
And adding the target second log message to a target log message pool.
According to an embodiment of the present disclosure, the attribute information includes subsystem attribute information and log message type information, and the attribute identifier includes a subsystem identifier and a log message type identifier.
According to an embodiment of the present disclosure, the method for processing the log of the host system further includes:
and downloading the first log message from the host system according to a preset time rule.
A second aspect of the present disclosure provides a host system log processing apparatus, including:
the analysis module is used for analyzing a first log message from a host system to obtain attribute information of the first log message;
an identifier adding module, configured to add an attribute identifier corresponding to the attribute information to the first log message according to the attribute information, so as to obtain a second log message with the attribute identifier; and
and the generating module is used for generating a first message statistical image corresponding to the attribute identifier in a first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in a first historical duration.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described host system log processing method.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described host system log processing method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described host system log processing method.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a host system log processing method and apparatus according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a host system log processing method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart for parsing a first log message from a host system to obtain attribute information of the first log message according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow diagram for generating a first message statistical image corresponding to an attribute identification in a first interaction page from a second log message according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates an application scenario diagram of a host system log processing method according to an embodiment of the present disclosure;
FIG. 6 schematically shows a flow diagram of a host system log processing method according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates an application scenario diagram of a host system log processing method according to another embodiment of the present disclosure;
fig. 8 schematically shows a block diagram of a host system log processing apparatus according to an embodiment of the present disclosure; and
FIG. 9 schematically illustrates a block diagram of an electronic device adapted to implement a host system log processing method in accordance with an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that these descriptions are illustrative only and are not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
With the rapid development of internet technology, more and more enterprises adopt a large-scale host (mainframe computer) as a main management system for data processing, background program management and other operation activities. During the operation of the host system of the large host, a large amount of system log messages are generated every day, and relevant operation and maintenance personnel perform relevant maintenance work on the host system according to the log messages. However, the log messages generated by the host system are usually stored in the host system, and the number of the log messages is large, so that operation and maintenance personnel cannot find important log messages such as alarm messages and error messages in time by checking the log messages, and the problems generated in the operation process of the host system cannot be found in time, which causes great trouble to the daily maintenance work of the host system for the operation and maintenance personnel.
The embodiment of the disclosure provides a host system log processing method, which includes:
analyzing a first log message from a host system to obtain attribute information of the first log message; according to the attribute information, adding an attribute identifier corresponding to the attribute information to the first log message to obtain a second log message with the attribute identifier; and generating a first message statistical image corresponding to the attribute identifier in the first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in the first historical duration.
According to the embodiment of the disclosure, the problem that log messages of a host system are difficult to classify in the related art can be solved by analyzing the first log message from the host system to obtain the attribute information, and adding the corresponding attribute identifier to the first log message according to the attribute information to obtain the second log message with the attribute identifier; meanwhile, according to the attribute identification of the second log message, the statistical characteristics of the second log message with the same attribute identification are counted, the first message statistical image representing the statistical characteristics is displayed in the first interactive page, the logs generated by the host system can be further classified, the statistical characteristics such as the quantity, the proportion and the like of the second log message corresponding to the attribute identification are clearly and visually displayed to the operation and maintenance personnel, the operation and maintenance personnel can be helped to find the log events in the host system in time according to the first message statistical image, and the problems existing in the host system are found in time by analyzing the statistical characteristics of the second log message, so that the efficiency of the operation and maintenance personnel in solving the problems of the host system is improved.
In the technical scheme of the disclosure, the processes of collecting, storing, using, processing, transmitting, providing, disclosing and applying the personal information of the related users are all in accordance with the regulations of related laws and regulations, necessary security measures are taken, and the customs of public sequences is not violated.
In the technical scheme of the disclosure, before the personal information of the user is obtained or collected, the authorization or the consent of the user is obtained.
Fig. 1 schematically shows an application scenario diagram of a host system log processing method and apparatus according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, a server 105, and a mainframe 106. Network 104 is the medium used to provide communication links between terminal devices 101, 102, 103 and server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others. Mainframe 106 may include a computer that is used to process large volumes of data.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The backend management server may analyze and process the received data such as the user request, and feed back a processing result (for example, a web page, information, or data obtained or generated according to the user request) to the terminal device. Server 105 may obtain the first log message from mainframe 106.
It should be noted that the host system log processing method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the host system log processing apparatus provided by the embodiments of the present disclosure may be generally disposed in the server 105. The host system log processing method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the host system log processing apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, servers, and mainframes in fig. 1 are merely illustrative. There may be any number of terminal devices, networks, servers, and mainframes, as desired for an implementation.
The host system log processing method of the disclosed embodiment will be described in detail below with fig. 2 to 7 based on the scenario described in fig. 1.
FIG. 2 schematically shows a flow diagram of a host system log processing method according to an embodiment of the disclosure.
As shown in fig. 2, the host system log processing method of this embodiment may include operations S210 to S230.
In operation S210, a first log message from the host system is parsed to obtain attribute information of the first log message.
According to an embodiment of the present disclosure, a host system may include a large-scale host (main frame computer), and the host system may include a plurality of subsystems (i.e., program execution environments) for large-scale data processing. The first log message may include operation information and time record information of operating conditions recorded during the operation of each subsystem of the host system, and may be composed of a subsystem name, a generation time, a log identifier, a message header and a log message content.
According to an embodiment of the present disclosure, the attribute information of the first log message may include a subsystem that generated the log message, a log message type, and the like. The log message type may include, for example, the type INFO, ERROR, WARNING, etc. of the log message.
The attribute information of the first log message may be recorded in a field of a message header, or may be recorded in the log message content of the first log message, and the attribute information of the first log message may be obtained by analyzing the first log message.
In operation S220, an attribute identifier corresponding to the attribute information is added to the first log message according to the attribute information, resulting in a second log message having the attribute identifier.
In operation S230, a first message statistical image corresponding to the attribute identifier is generated in the first interactive page according to the second log message, where the first message statistical image represents statistical characteristics of the second log message having the same attribute identifier within the first historical duration.
According to the embodiment of the present disclosure, the second log message may include a log message having an attribute identifier, so that the second log message may be classified and counted by using the attribute identifier, to obtain a statistical number of the second log messages having the same attribute identifier, and a log message set formed by the second log messages having the attribute identifier. The first message statistics image may comprise an image, such as a bar graph, a line graph, a pie graph, etc., that visually reflects a second log message statistics amount having the same attribute identification.
According to an embodiment of the present disclosure, the statistical characteristics may include a statistical number, but is not limited thereto, and may also include a statistical number ratio and the like.
It should be noted that the first message statistical image may represent statistical characteristics of the second log message of any first historical duration, and a person skilled in the art may set a specific time period of the first historical duration according to actual needs, for example, the historical time period may be set to be 1/202 x year to 1/2/202 x year.
According to the embodiment of the disclosure, since the first log message generated by the host system is not classified according to the subsystem or the log message type to which the first log message belongs, and there is no specific identifier that can clearly distinguish the first log messages, the field for classification needs to be read from the first log message by the maintenance personnel to perform subsequent analysis on the first log message. Therefore, the workload of operation and maintenance personnel is increased, and the efficiency of operation and maintenance work is reduced.
According to the embodiment of the disclosure, the problem that log messages of a host system are difficult to classify in the related art can be solved by analyzing the first log message from the host system to obtain the attribute information, and adding the corresponding attribute identifier to the first log message according to the attribute information to obtain the second log message with the attribute identifier; meanwhile, according to the attribute identification of the second log message, the statistical characteristics of the second log message with the same attribute identification are counted, the first message statistical image representing the statistical characteristics is displayed in the first interactive page, the logs generated by the host system can be further classified, the statistical characteristics such as the quantity, the proportion and the like of the second log message corresponding to the attribute identification are clearly and visually displayed to the operation and maintenance personnel, the operation and maintenance personnel can be helped to find the log events in the host system in time according to the first message statistical image, and the problems existing in the host system are found in time by analyzing the statistical characteristics of the second log message, so that the efficiency of the operation and maintenance personnel in solving the problems of the host system is improved.
According to an embodiment of the present disclosure, the host system log processing method may further include the following operations.
And downloading the first log message from the host system according to a preset time rule.
According to an embodiment of the present disclosure, the preset time rule may include a preset time interval, such as 1 second, 1 minute, and the like. Those skilled in the art can set specific preset time rules according to actual requirements to ensure timely query of log messages of the host system.
According to the embodiment of the disclosure, by downloading the first log message from the host system, the relevant operation and maintenance personnel can view the log message of the host system from other background servers, so that the operation steps of viewing the first log message after logging in the host system in the relevant technology are saved, the operation flow of querying the log message is simplified, and the influence on the operation of the host system in the process of querying the log message is reduced.
According to the embodiment of the disclosure, the attribute information includes subsystem attribute information and log message type information, and the attribute identifier includes a subsystem identifier and a log message type identifier.
According to embodiments of the present disclosure, since the host system may include a plurality of subsystems, such as a database subsystem or the like. The operation and maintenance personnel can quickly analyze the operation condition of each subsystem by determining the name of the subsystem generated by the log message, so as to formulate an operation and maintenance scheme and quickly solve the operation problem of the host system.
According to the embodiment of the present disclosure, the log message type may include a type characterizing the recorded event, for example, the type may be an ERROR type (ERROR), an alarm type (WARNING), a general type (INFO), and the like, but is not limited thereto, and may also include a type of interest (notify), and the like, and the log message type may be designed by those skilled in the art according to actual requirements.
It should be understood that the log type identifier may include an error type identifier, an alarm type identifier, a general type identifier, and the like, and those skilled in the art may specifically set the log message type identifier according to actual requirements.
According to the embodiment of the disclosure, the same second log message may have both the subsystem identifier and the log message type identifier, and further, a log message set corresponding to the subsystem identifier may be obtained by counting the number of second log messages having the same subsystem identifier, and the proportion occupied by the second log message of each log message type in the subsystem is obtained according to the log message type identifier of the second log message in the log message set. Therefore, operation and maintenance personnel can inquire the log message according to the subsystem of the host system, and can visually display the statistical characteristics of the second log message in the following process.
FIG. 3 schematically shows a flowchart for parsing a first log message from a host system to obtain attribute information of the first log message according to an embodiment of the disclosure.
As shown in fig. 3, the parsing of the first log message from the host system to obtain the attribute information of the first log message in operation S210 may include operations S310 to S320.
In operation S310, a first log message from the host system is parsed to obtain header data of the first log message.
In operation S320, attribute information of the first log message is obtained based on a target matching result of the target attribute information and the header data in the target attribute information table.
According to an embodiment of the present disclosure, the header data may include data information located in a first field of the first log message, the target attribute information table may be constructed according to the target attribute information, and the target attribute information may include data information for characterizing attribute information of the first log message, for example, a subsystem field for characterizing a subsystem name, a type field for characterizing a type of the log message, and the like.
And under the condition that the target attribute information is matched with the message header data, determining the attribute information represented by the target attribute information as the attribute information of the first log message. For example, in the case where the header data matches the target attribute information "WARNING", it may be determined that the attribute information of the first log message includes alarm type attribute information.
It should be noted that, in the embodiment of the present disclosure, a specific matching method is not limited, for example, the specific matching method may include a forward maximum matching algorithm, a regular expression matching algorithm, and the like.
In the embodiment of the present disclosure, a python web framework flash may be used as a backend, a first log message is downloaded from a host system at a time interval of every 1 minute, the received first log message is subjected to data cleaning and then stored in an elastic search (ES search engine) at a platform end, and a backend program reads the first log message in the elastic search in real time by calling an interface, so as to implement the method for processing the log of the host system provided in the embodiment of the present disclosure.
Fig. 4 schematically shows a flowchart of generating a first message statistical image corresponding to an attribute identification in a first interactive page according to a second log message according to an embodiment of the present disclosure.
As shown in fig. 4, the operation S230 of generating the first message statistical image corresponding to the attribute identification in the first interactive page according to the second log message may include operations S410 to S420.
In operation S410, a log message set corresponding to the attribute identifier is constructed according to the attribute identifier of the second log message, where the log message set includes at least one second log message.
In operation S420, a first message statistical image corresponding to the attribute identifier is generated in the first interactive page according to the log message set and the attribute identifier.
According to the embodiment of the disclosure, the first message statistical image may visually represent the statistical characteristics of the second log messages in the log message set having the attribute identifier, so that an operation and maintenance person may conveniently analyze the operation condition of the host system according to the attribute identifier and the corresponding first message statistical image, for example, for the log message set corresponding to the subsystem identifier, the first message statistical image may be constructed for different subsystem identifiers, the first message statistical image may include a histogram, and the statistical number of the second log messages having the corresponding subsystem identifier is represented by each histogram object in the histogram.
According to an embodiment of the present disclosure, the host system log processing method may further include the following operations.
And generating a second message statistical image in the second interactive page in response to the query operation aiming at the statistical sub-image of the first message statistical image, wherein the second message statistical image is characterized in a second historical duration and the statistical characteristics of a second log message, and the first historical duration comprises at least one second historical duration.
According to an embodiment of the present disclosure, the statistical subimage may be a graphical object in the first message statistical image, e.g. in case the first message statistical image is a histogram, the statistical subimage may be a histogram graphical object in the histogram. The query operation for the statistical sub-image may include any operation type, such as a single-click operation and a double-click operation, but is not limited thereto, and in the case that the statistical sub-image is displayed in the second interactive page of the terminal device with the touch display screen, the query operation for the statistical sub-image may further include a touch gesture operation such as a long-press operation.
According to the embodiment of the disclosure, the second historical duration may be a historical time period in the first historical duration, and by displaying the second message statistical image representing the statistical characteristic of the second log message in the second historical duration, the operation and maintenance staff may be helped to analyze the log message for the historical time period of fine granularity, so that the problem in the operation of the host system may be found according to the analysis result.
Fig. 5 schematically shows an application scenario diagram of a host system log processing method according to an embodiment of the present disclosure.
As shown in FIG. 5, in the initial interaction page 510, 4 query images of "log message statistics", "alarm log message" T511 "," TOP10 log message "," today alarm info "may be included. In response to detecting a click operation for "alarm log message" T511, a jump may be made to the first interaction page 520.
In the first interactive page 520, a first message statistical image T520 may be included, where the first message statistical image T520 is a histogram, and a vertical axis of the histogram is a statistical number of second log messages with alarm type identifiers; the horizontal axis of the bar graph may represent that the first history duration is seven days before the current date, and D1, D2, D3, D4, D5, D6, and D7 may represent the date names of each of the seven days before the current date, i.e., the second history duration is 1 day.
The first message statistical image T520 may include a plurality of statistical subimages, i.e., a plurality of columnar graphic objects, and may jump to the second interactive page 530 upon detection of a query operation for the columnar graphic objects 521.
Second message statistical images T531 and T532 may be generated in the second interactive page 530. The second message statistical image T531 may represent a statistical number of second log messages with alarm type identification generated by subsystems in the host system within D2 date, wherein a1, a2, A3, a4, a5, a6, a7 may represent names of subsystems in the host system, and a vertical axis of the second message statistical image T531 is the statistical number of second log messages.
The second message statistical image T532 is a pie chart and may represent a statistical quantity ratio of the second log messages having attribute identification information of alarm type identification, error type identification, normal type identification and attention type identification, respectively, in the sub-system a1 within the date D2. The statistical sub-image T532 represents the proportion of the number of the second log messages with the alarm type identifier to the number of all the second log messages.
It should be noted that the user may also perform a query operation on the second message statistical images T531 and T532 in the second interactive page 530 to query the detailed information of all the second log messages corresponding to the second message statistical images, that is, may query the detailed information of the subsystem names, the generation time, the log identifiers, the message headers, the log message contents, and the like, to which the second log messages belong.
According to the embodiment of the disclosure, in the case that the statistical image of the second message is a pie chart, the statistical quantity ratio of the second log messages with different message header data in the selected subsystem and the selected historical time duration can be further represented, so that the operation and maintenance personnel can analyze the log messages of the host system according to the message header data.
According to an embodiment of the present disclosure, when a query operation is detected for a query image "log message statistics" in the initial interaction page 510, a plurality of first message statistics images may be generated in the first interaction page 520, where each of the first message statistics images may respectively represent a statistical number of second log messages identified by each log message type within a first historical duration.
According to an embodiment of the present disclosure, upon detecting a query operation with respect to a query image "TOP 10 log message" in the initial interaction page 510, a first message statistical image characterizing a second log message with a TOP-10-ordered number of log messages generated by the host system within a first historical duration may be generated in the first interaction page 520, and each statistical sub-image of the first message statistical image may represent a message header data or a log message name of the second log message, respectively.
According to an embodiment of the present disclosure, when a query operation for the query image "TOP 10 log message" in the initial interactive page 510 is detected, a jump may be directly made to the second interactive page 530 in fig. 5.
FIG. 6 schematically shows a flow diagram of a host system log processing method according to another embodiment of the present disclosure.
As shown in fig. 6, the host system log processing method may further include operations S610 to S650.
In operation S610, an operation object for comparing the second log messages in two different preset time periods is displayed in the third interactive page, where the two different preset time periods include a reference historical time period and a comparison historical time period;
in operation S620, in response to a query operation for an operation object, a reference second log message set within a reference history time period and a comparison second log message set within a comparison history time period are acquired;
in operation S630, matching the comparison second log message set with a reference second log message set, and determining a reference second log message from the comparison second log message set, where the reference second log message is a second log message in the comparison second log message set that matches a second log message in the reference second log message set;
in operation S640, deleting the reference second log message in the second log message set to obtain a target second log message; and
in operation S650, the target second log message is added to the target log message pool.
According to the embodiment of the disclosure, the header data of the second log message in the second log message set can be compared with the header data of the second log message in the reference second log message set to determine the second log message in the second log message set, which is matched with the second log message in the reference second log message set, so as to obtain the new target log message occurring in the comparison historical time period.
According to an embodiment of the present disclosure, the reference history time period may be earlier than the comparison history time period, and the comparison of the reference second log message in the second log message set may be a comparison of the second log message in the second log message set, which has occurred within the reference history time period. Therefore, the reference second log message in the second log message set is deleted, the obtained target second log message can represent a new log message appearing in the host system in the comparison historical time period, the new message can be classified and stored by adding the target second log message to the target log message pool, and the operation and maintenance personnel can avoid interference caused by repeated log messages by analyzing the target log message in the target log message pool, analyze the new log message in time, discover problems existing in the operation process of the host system and improve the operation and maintenance efficiency of the host system.
Fig. 7 schematically shows an application scenario diagram of a host system log processing method according to another embodiment of the present disclosure.
As shown in fig. 7, the third interactive page 610 has operation objects T611 and T612 displayed therein. The operation target T611 indicates an operation target for performing parameter selection for the second log message in the reference history time period, and the operation target T612 indicates an operation target for performing parameter selection for the second log message in the comparison history time period.
When the query operation for the operation objects T611, T612 is detected, the time menus T6111, T6121 and the subsystem menus T6112, T6122 may be displayed. The operation and maintenance personnel can determine a reference history time period and a comparison history time period through the selection operation aiming at the time menus T6111 and T6121, and determine the name of the subsystem required to be queried through the selection operation aiming at the subsystem menus T6112 and T6122, so that a reference second log message set in the reference history time period and a comparison second log message set in the comparison history time period are determined.
And determining a reference second log message from the comparison second log message set by matching the message header data of the reference second log message set with the message header data of the second log message in the comparison second log message set, and deleting the reference second log message in the comparison second log message set to obtain a target second log message.
In the interaction page T620, a display image of the target log message pool T620 may be displayed, which may include the target second log message 621, 622, 623. Each target second log message may include at least header data X1, X2, X3, and log message content M1, M2, M3.
According to the embodiment of the disclosure, the operation and maintenance personnel can avoid the interference caused by the repeated log messages by checking the target second log message, analyze the new log message in time, discover the problems existing in the operation process of the host system in time and improve the operation and maintenance efficiency of the host system.
Based on the host system log processing method, the disclosure also provides a host system log processing device. The apparatus will be described in detail below with reference to fig. 8.
Fig. 8 schematically shows a block diagram of a host system log processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 8, the host system log processing apparatus 800 of this embodiment includes a parsing module 810, an identification adding module 820, and a generating module 830.
The parsing module 810 is configured to parse the first log message from the host system to obtain attribute information of the first log message.
The identifier adding module 820 is configured to add an attribute identifier corresponding to the attribute information to the first log message according to the attribute information, so as to obtain a second log message with the attribute identifier.
The generating module 830 is configured to generate a first message statistical image corresponding to the attribute identifier in the first interactive page according to the second log message, where the first message statistical image represents statistical characteristics of the second log message with the same attribute identifier in the first historical duration.
According to an embodiment of the present disclosure, the host system log processing apparatus may further include a second generation module.
The second generation module is used for responding to query operation of the statistical sub-image of the first message statistical image and generating a second message statistical image in the second interactive page, wherein the second message statistical image represents the statistical characteristics of second log messages within a second historical duration, and the first historical duration comprises at least one second historical duration.
According to an embodiment of the disclosure, the generating module may include: the device comprises a first building unit and a first generating unit.
The first constructing unit is used for constructing a log message set corresponding to the attribute identification according to the attribute identification of the second log message, wherein the log message set comprises at least one second log message.
The first generation unit is used for generating a first message statistical image corresponding to the attribute identification in the first interactive page according to the log message set and the attribute identification.
According to an embodiment of the present disclosure, the parsing module may include: the device comprises an analysis unit and a first matching unit.
The analysis unit is used for analyzing the first log message from the host system to obtain the message header data of the first log message.
The first matching unit is used for obtaining the attribute information of the first log message based on the target matching result of the target attribute information and the message header data in the target attribute information table.
According to an embodiment of the present disclosure, the host system log processing apparatus may further include:
the display module is used for displaying an operation object used for comparing second log messages in two different preset time periods in a third interactive page, wherein the two different preset time periods comprise a reference historical time period and a comparison historical time period.
The first obtaining module is used for responding to the query operation aiming at the operation object, obtaining a reference second log message set in a reference historical time period and a comparison second log message set in a comparison historical time period.
The first matching module is used for matching the comparison second log message set with a reference second log message set and determining a reference second log message from the comparison second log message set, wherein the reference second log message is a second log message which is matched with a second log message in the reference second log message set in the comparison second log message set.
The deleting module is used for deleting the reference second log message in the second log message set to obtain the target second log message.
The adding module is used for adding the target second log message to the target log message pool.
According to the embodiment of the disclosure, the attribute information includes subsystem attribute information and log message type information, and the attribute identifier includes a subsystem identifier and a log message type identifier.
According to an embodiment of the present disclosure, the host system log processing apparatus may further include a download module.
The downloading module is used for downloading the first log message from the host system according to a preset time rule.
According to an embodiment of the present disclosure, any plurality of the parsing module 810, the identification adding module 820 and the generating module 830 may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the parsing module 810, the identification adding module 820 and the generating module 830 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware by any other reasonable manner of integrating or packaging a circuit, or may be implemented in any one of or a suitable combination of software, hardware and firmware. Alternatively, at least one of the parsing module 810, the identity adding module 820 and the generating module 830 may be at least partially implemented as a computer program module, which when executed may perform the respective functions.
FIG. 9 schematically illustrates a block diagram of an electronic device adapted to implement a host system log processing method in accordance with an embodiment of the present disclosure.
As shown in fig. 9, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 can include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or related chipset(s) and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, ROM 902, and RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 900 may also include input/output (I/O) interface 905, input/output (I/O) interface 905 also connected to bus 904, according to an embodiment of the present disclosure. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. A drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the device/apparatus/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or RAM 903 described above and/or one or more memories other than the ROM 902 and RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated by the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (11)

1. A host system log processing method comprises the following steps:
analyzing a first log message from a host system to obtain attribute information of the first log message;
Adding an attribute identifier corresponding to the attribute information to the first log message according to the attribute information to obtain a second log message with the attribute identifier; and
and generating a first message statistical image corresponding to the attribute identifier in a first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in a first historical duration.
2. The host system log processing method of claim 1, further comprising:
and generating a second message statistical image in a second interactive page in response to the query operation aiming at the statistical sub-image of the first message statistical image, wherein the second message statistical image is characterized in a second historical duration and the statistical characteristics of the second log message, and the first historical duration comprises at least one second historical duration.
3. The host system log processing method of claim 1, wherein generating, in accordance with the second log message, a first message statistics image corresponding to the attribute identification in a first interaction page comprises:
according to the attribute identification of the second log message, constructing a log message set corresponding to the attribute identification, wherein the log message set comprises at least one second log message;
And generating a first message statistical image corresponding to the attribute identification in the first interactive page according to the log message set and the attribute identification.
4. The host system log processing method of claim 1, wherein parsing a first log message from a host system to obtain attribute information of the first log message comprises:
analyzing a first log message from a host system to obtain message header data of the first log message;
and obtaining the attribute information of the first log message based on the target matching result of the target attribute information and the message header data in the target attribute information table.
5. The host system log processing method of claim 4, further comprising:
displaying an operation object for comparing second log messages in two different preset time periods in a third interactive page, wherein the two different preset time periods comprise a reference historical time period and a comparison historical time period;
responding to the query operation aiming at the operation object, acquiring a reference second log message set in the reference historical time period and a comparison second log message set in the comparison historical time period;
Matching the comparison second log message set with the reference second log message set, and determining a reference second log message from the comparison second log message set, wherein the reference second log message is a second log message which is matched with a second log message in the reference second log message set in the comparison second log message set;
deleting the reference second log message in the comparison second log message set to obtain a target second log message; and
adding the target second log message to a target log message pool.
6. The host system log processing method of claim 1, wherein the attribute information comprises subsystem attribute information and log message type information, and the attribute identification comprises a subsystem identification and a log message type identification.
7. The host system log processing method of claim 1, further comprising:
downloading the first log message from the host system according to a preset time rule.
8. A host system log processing apparatus, comprising:
the analysis module is used for analyzing a first log message from a host system to obtain attribute information of the first log message;
The identifier adding module is used for adding an attribute identifier corresponding to the attribute information to the first log message according to the attribute information to obtain a second log message with the attribute identifier; and
and the generating module is used for generating a first message statistical image corresponding to the attribute identifier in a first interactive page according to the second log message, wherein the first message statistical image represents the statistical characteristics of the second log message with the same attribute identifier in a first historical duration.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 7.
CN202210432825.5A 2022-04-22 2022-04-22 Method, device, equipment and medium for processing logs of host system Pending CN114756441A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210432825.5A CN114756441A (en) 2022-04-22 2022-04-22 Method, device, equipment and medium for processing logs of host system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210432825.5A CN114756441A (en) 2022-04-22 2022-04-22 Method, device, equipment and medium for processing logs of host system

Publications (1)

Publication Number Publication Date
CN114756441A true CN114756441A (en) 2022-07-15

Family

ID=82333176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210432825.5A Pending CN114756441A (en) 2022-04-22 2022-04-22 Method, device, equipment and medium for processing logs of host system

Country Status (1)

Country Link
CN (1) CN114756441A (en)

Similar Documents

Publication Publication Date Title
CN110196790A (en) The method and apparatus of abnormal monitoring
CN113760641A (en) Service monitoring method, device, computer system and computer readable storage medium
CN113342619A (en) Log monitoring method and system, electronic device and readable medium
US8566345B2 (en) Enterprise intelligence (‘EI’) reporting in an EI framework
CN116594683A (en) Code annotation information generation method, device, equipment and storage medium
CN114218283A (en) Abnormality detection method, apparatus, device, and medium
CN114153703A (en) Micro-service exception positioning method and device, electronic equipment and program product
US9659266B2 (en) Enterprise intelligence (‘EI’) management in an EI framework
US9639815B2 (en) Managing processes in an enterprise intelligence (‘EI’) assembly of an EI framework
US20130018695A1 (en) Enterprise Intelligence ('EI') Assembly Analysis In An EI Framework
US20130019246A1 (en) Managing A Collection Of Assemblies In An Enterprise Intelligence ('EI') Framework
US9646278B2 (en) Decomposing a process model in an enterprise intelligence (‘EI’) framework
CN115033634A (en) Data acquisition method, data acquisition device, electronic equipment and medium
CN114756441A (en) Method, device, equipment and medium for processing logs of host system
CN113961441A (en) Alarm event processing method, auditing method, device, equipment, medium and product
CN114443663A (en) Data table processing method, device, equipment and medium
CN114911479A (en) Interface generation method, device, equipment and storage medium based on configuration
CN114201508A (en) Data processing method, data processing apparatus, electronic device, and storage medium
CN116401138B (en) Operating system running state detection method and device, electronic equipment and medium
CN113419887B (en) Method and device for processing online transaction exception of host
CN115312208B (en) Method, device, equipment and medium for displaying treatment data
CN118260294B (en) Manufacturing pain signal summarizing method, system, medium and equipment based on AI
CN115687284A (en) Information processing method, device, equipment and storage medium
CN117573478A (en) Performance monitoring method, device, apparatus, medium and program product
CN115757349A (en) Alarm method, device, electronic equipment and medium for data migration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination