CN115129548A - Alarm analysis method, device, equipment and medium - Google Patents

Alarm analysis method, device, equipment and medium Download PDF

Info

Publication number
CN115129548A
CN115129548A CN202210753475.2A CN202210753475A CN115129548A CN 115129548 A CN115129548 A CN 115129548A CN 202210753475 A CN202210753475 A CN 202210753475A CN 115129548 A CN115129548 A CN 115129548A
Authority
CN
China
Prior art keywords
target
alarm
preset
determining
model
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210753475.2A
Other languages
Chinese (zh)
Inventor
董俊明
乔波波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Inspur Data Technology Co Ltd
Original Assignee
Jinan Inspur Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Inspur Data Technology Co Ltd filed Critical Jinan Inspur Data Technology Co Ltd
Priority to CN202210753475.2A priority Critical patent/CN115129548A/en
Publication of CN115129548A publication Critical patent/CN115129548A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3034Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a storage system, e.g. DASD based or network based
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3409Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3452Performance evaluation by statistical analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • G06F16/90348Query processing by searching ordered data, e.g. alpha-numerically ordered data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/80Database-specific techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/88Monitoring involving counting
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The application discloses an alarm analysis method, an alarm analysis device, alarm analysis equipment and an alarm analysis medium, which relate to the technical field of computers, and the method comprises the following steps: acquiring a target alarm, and determining a target model corresponding to the target alarm from a preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information. Therefore, the cause and the solution corresponding to the target alarm can be quickly, conveniently and accurately determined by utilizing the target model with the incidence relation between the target alarm and other alarms, the target performance standard and the out-of-limit information.

Description

Alarm analysis method, device, equipment and medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for alarm analysis.
Background
At present, in distributed storage cluster environment, report an emergency and ask for help or increased vigilance the information that the operation and maintenance engineer handled most often, when the cluster appears unusually, can appear a large amount of reports an emergency and asks for help or increased vigilance information that important is difficult to discerned often to the operation and maintenance personnel, simultaneously because lack sufficient information, the operation and maintenance personnel are difficult to fix a position the cause and the solution of reporting an emergency and asking for help or increased vigilance, have caused great influence for the maintenance work of operation and maintenance personnel and the healthy operation of cluster.
In summary, how to quickly, conveniently and accurately determine the cause and solution of an alarm is a problem to be solved urgently at present.
Disclosure of Invention
In view of this, an object of the present invention is to provide an alarm analysis method, apparatus, device and medium, which can quickly and conveniently determine a cause and a solution corresponding to an alarm. The specific scheme is as follows:
in a first aspect, the present application discloses an alarm analysis method, including:
acquiring a target alarm, and determining a target model corresponding to the target alarm from a preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms;
acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard;
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information.
Optionally, before obtaining the target alarm and determining the target model corresponding to the target alarm from the preset model library, the method further includes:
acquiring a plurality of original alarms, and determining original numbers corresponding to the original alarms respectively according to a first preset number rule;
compressing all the original alarms with the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number;
correspondingly, the obtaining of the target alarm and the determining of the target model corresponding to the target alarm from the preset model library include:
and determining a target model corresponding to the target alarm from a preset model library based on the target number.
Optionally, before obtaining the target alarm and determining the target model corresponding to the target alarm from the preset model library, the method further includes:
counting the original frequency of all the original alarms in the target alarm;
correspondingly, the determining the cause and the solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information includes:
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information.
Optionally, before obtaining the target alarm and determining the target model corresponding to the target alarm from the preset model library, the method further includes:
counting the target frequency of the target alarm within a preset time period;
correspondingly, the determining the cause and the solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information includes:
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information.
Optionally, the determining a target model corresponding to the target alarm from a preset model library includes:
and determining a plurality of original models corresponding to the target alarm from a preset model library, and acquiring the target model corresponding to the target alarm determined by the client from the original models.
Optionally, the out-of-limit information includes out-of-limit frequency, out-of-limit range value and out-of-limit time.
Optionally, the association relationship includes a dependency relationship, a derivation relationship, a homology relationship, a speculation relationship, and a complex alarm timing relationship.
In a second aspect, the present application discloses an alarm analysis device, comprising:
the target model determining module is used for acquiring a target alarm and determining a target model corresponding to the target alarm from a preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms;
the standard and information determining module is used for acquiring a target performance standard of the out-of-limit occurrence of the corresponding performance data determined from the preset performance standard and determining out-of-limit information corresponding to the target performance standard;
and the cause and solution determination module is used for determining the cause and solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information.
In a third aspect, the present application discloses an electronic device comprising a processor and a memory; wherein the processor implements the alarm analysis method disclosed above when executing the computer program stored in the memory.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the alarm analysis method disclosed above.
Therefore, the target alarm is obtained, and the target model corresponding to the target alarm is determined from the preset model library; the preset model library stores a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information. Therefore, the cause and the solution corresponding to the target alarm can be quickly, conveniently and accurately determined by utilizing the target model with the incidence relation between the target alarm and other alarms, the target performance standard and the out-of-limit information.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of an alarm analysis method provided in the present application;
fig. 2 is a flowchart of a specific alarm analysis method provided in the present application;
FIG. 3 is a flowchart of a specific alarm analysis method provided in the present application;
FIG. 4 is a schematic flow chart of an alarm analysis method provided in the present application;
FIG. 5 is a diagram of an alarm analysis device according to the present application;
fig. 6 is a block diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present in distributed storage cluster environment, report an emergency and ask for help or increased vigilance and be the information that operation and maintenance engineer handled most often, when the cluster appears unusually, can appear a large amount of reports an emergency and asks for help or increased vigilance information than difficult discernment often, and simultaneously because lack sufficient information, operation and maintenance personnel are difficult to fix a position the cause and the solution of reporting an emergency and asking for help or increased vigilance, have caused great influence for operation and maintenance personnel's maintenance work and the healthy operation of cluster.
In order to overcome the problems, the application provides an alarm analysis scheme, and the cause and the solution of the alarm can be quickly and conveniently determined.
Referring to fig. 1, an embodiment of the present application discloses an alarm analysis method, including:
step S11: acquiring a target alarm, and determining a target model corresponding to the target alarm from a preset model library; and the preset model library is stored with a plurality of models representing various incidence relations among different alarms.
In the embodiment of the present application, the determining, from a preset model library, a target model corresponding to the target alarm specifically includes: and determining a plurality of original models corresponding to the target alarm from a preset model library, and acquiring the target model corresponding to the target alarm determined by the client from the original models. It should be noted that for a target alarm, one or more corresponding original models may exist in the preset model library.
In the embodiment of the application, the relation among different alarms is established according to the relevant rules, a plurality of models representing various association relations among different alarms are stored in the preset model base, and the alarm association analysis model base is managed at the same time. It should be noted that the association relationship includes a dependency relationship, a derivation relationship, a homology relationship, a speculation relationship, and a complex alarm timing relationship, where the dependency relationship indicates that an alarm a occurs on the premise that an alarm B occurs; the derivative relation is expressed as that after the alarm A occurs, the alarm B occurs; the homologous relation indicates that AB alarms are all generated due to C faults; the said conjecture relation is expressed as other rules, the related associated alarm is added manually, the said complex alarm time sequence relation is expressed as the sequence and interval time between alarms.
Step S12: the method comprises the steps of obtaining a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard.
In this embodiment of the present application, a performance data analysis is performed on a distributed Storage cluster, and specifically, a target threshold of a preset performance standard, such as a bandwidth related to a cluster, a node, a Storage pool, an osd (Object-based Storage Device), an iops (Input/Output Operations Per Second), a memory and a cpu (central processing unit) utilization rate, is determined, extracting the current performance data of preset performance standards such as bandwidth, iops, memory and CPU utilization rate related to clusters, nodes, storage pools and osds of the clusters, comparing the relation between a target threshold and the performance data, taking the preset performance standard of which the performance data is out of limit as the target performance standard, and collecting abnormal (out-of-limit) information to form a record table containing a target threshold, out-of-limit time, out-of-limit frequency and out-of-limit range value, wherein the out-of-limit range value is a difference value between the target threshold and the performance data. It is noted that the violation includes being greater than a maximum threshold and being less than a minimum threshold.
Step S13: and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information.
In the embodiment of the application, a preset alarm knowledge base is firstly created in advance, the knowledge base needs to be maintained by developers, and alarms generated daily, conditions of alarm generation, alarm models (consistent with an alarm association analysis model base), alarm frequency, associated preset performance standards and target thresholds and alarm solutions or suggested strategies are stored in the knowledge base, so that the cause and the solution corresponding to the target alarm are determined from the preset alarm knowledge base based on the target models, the target performance standards and the out-of-limit information. In addition, the use of target performance criteria and out-of-limit information can improve the accuracy of determining causes and solutions.
It should be noted that, by using the preset alarm knowledge base, the cause and solution of the alarm can be quickly located by looking up the dictionary, wherein, the use of the target model representing the association improves the analysis degree of the alarm, the interference can be effectively eliminated, and the use of the target performance standard and the out-of-limit information improves the accuracy of determining the cause and solution of the alarm.
Therefore, the target alarm is obtained, and the target model corresponding to the target alarm is determined from the preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information. Therefore, the cause and the solution corresponding to the target alarm can be quickly and conveniently determined by using the target model with the incidence relation between the target alarm and other alarms, and the cause and the solution corresponding to the target alarm can be more accurately determined by using the target performance standard and the out-of-limit information.
Referring to fig. 2, an embodiment of the present application discloses a specific alarm analysis method, which includes:
step S21: acquiring a plurality of original alarms, and determining original numbers corresponding to the original alarms respectively according to a first preset number rule; compressing all the original alarms of the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number; and counting the original frequency of all the original alarms in the target alarm.
In the embodiment of the application, the acquired original alarm is preprocessed through the alarm preprocessing module, the alarm is coded and compressed according to the specified rule, and meanwhile, the alarm is counted; specifically, a plurality of original alarms are obtained, original numbers corresponding to the original alarms are determined according to a first preset number rule, all the original alarms of the same alarm type are compressed to obtain a target alarm, and a target number corresponding to the target alarm is obtained based on a second preset number rule and the original numbers; finally, counting the original frequency of all the original alarms in the target alarm; it should be noted that, performing alarm compression reduces redundant information in the alarm, and improves the efficiency of alarm retrieval.
It should be noted that, the alarms are numbered according to the specified rules, and specifically, the alarms can be numbered according to the alarm time, the alarm type, the alarm level, the alarm module and the like; the alarm compression is to compress a plurality of similar alarms into one alarm, perform alarm counting to obtain an original frequency, and specifically perform statistics on the frequency of one type of alarms.
Step S22: determining a target model corresponding to the target alarm from a preset model library based on the target number; and a plurality of models representing various incidence relations among different alarms are stored in the preset model library.
In the embodiment of the application, the target model corresponding to the target alarm is determined from the preset model library by using the target code, and the target alarm does not need to be directly used, so that the process of determining the target model is more convenient and quicker.
Step S23: the method comprises the steps of obtaining a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard.
In the embodiment of the application, performance data analysis is performed on a distributed storage cluster, specifically, a target threshold of preset performance standards such as bandwidths, iops, memory and cpu utilization rates related to a cluster, a node, a storage pool and an osd is determined, current performance data of the preset performance standards such as the bandwidths, iops, memory and cpu utilization rates related to the cluster, the node, the storage pool and the osd of the cluster are extracted, a relation between the target threshold and the performance data is compared, the preset performance standard of which the performance data is out of limit is used as the target performance standard, and abnormal (out of limit) information is collected to form a record table containing the target threshold, out of limit time, out of limit frequency and out of limit range values, wherein the out of limit range values are difference values of the target threshold and the performance data. It is noted that the violation includes being greater than a maximum threshold and being less than a minimum threshold.
Step S24: and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information.
In the embodiment of the application, the cause and the solution corresponding to the target alarm are determined from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information, wherein the original frequency is utilized more, so that the cause and the solution are determined more accurately.
Therefore, the method and the device for processing the alarm number obtain a plurality of original alarms, and determine original numbers corresponding to the original alarms respectively according to a first preset number rule; compressing all the original alarms with the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number; counting the original frequency of all the original alarms in the target alarm; determining a target model corresponding to the target alarm from a preset model library based on the target number; the preset model library is stored with a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information. According to the method, the target model is determined by using the target code, so that the determination process is more convenient and quicker; according to the method, the cause and the solution corresponding to the target alarm can be quickly, conveniently and accurately determined by using the target model with the incidence relation between the target alarm and other alarms, the original frequency, the target performance standard and the out-of-limit information; the present application utilizes the raw frequency to enable more accurate determination of cause and solution.
Referring to fig. 3, an embodiment of the present application discloses a specific alarm analysis method, which includes:
step S31: acquiring a plurality of original alarms, and determining original numbers corresponding to the original alarms respectively according to a first preset number rule; compressing all the original alarms of the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number; and counting the target frequency of the target alarm within a preset time period.
In the embodiment of the application, the obtained original alarm is preprocessed through the alarm preprocessing module, the alarm is coded and compressed according to the specified rule, and meanwhile, the alarm is counted; specifically, a plurality of original alarms are obtained, original numbers corresponding to the original alarms are determined according to a first preset number rule, all the original alarms of the same alarm type are compressed to obtain a target alarm, and a target number corresponding to the target alarm is obtained based on a second preset number rule and the original numbers; finally, counting the target frequency of the target alarm within a preset time period; it should be noted that, performing alarm compression reduces redundant information in the alarm, and improves the efficiency of alarm retrieval.
It should be noted that, the alarms are numbered according to the specified rules, and specifically, the alarms can be numbered according to the alarm time, the alarm type, the alarm level, the alarm module and the like; the alarm compression is to compress a plurality of similar alarms into one alarm, and perform alarm counting to obtain a target frequency, specifically, count the same alarm according to a certain rule (time range).
Step S32: determining a target model corresponding to the target alarm from a preset model library based on the target number; and a plurality of models representing various incidence relations among different alarms are stored in the preset model library.
In the embodiment of the application, the target model corresponding to the target alarm is determined from the preset model library by using the target code, and the target alarm does not need to be directly used, so that the process of determining the target model is more convenient and quicker.
Step S33: the method comprises the steps of obtaining a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard.
In the embodiment of the application, performance data analysis is performed on a distributed storage cluster, specifically, a target threshold of preset performance standards such as bandwidths, iops, memory and cpu utilization rates related to a cluster, a node, a storage pool and an osd is determined, current performance data of the preset performance standards such as the bandwidths, iops, memory and cpu utilization rates related to the cluster, the node, the storage pool and the osd of the cluster are extracted, a relation between the target threshold and the performance data is compared, the preset performance standard of which the performance data is out of limit is used as the target performance standard, and abnormal (out of limit) information is collected to form a record table containing the target threshold, out of limit time, out of limit frequency and out of limit range values, wherein the out of limit range values are difference values of the target threshold and the performance data. It is noted that the violation includes being greater than a maximum threshold and being less than a minimum threshold.
Step S34: and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information.
In the embodiment of the application, the cause and the solution corresponding to the target alarm are determined from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information, wherein the cause and the solution can be more accurately determined by increasing the utilization of the target frequency.
Therefore, the method and the device for processing the alarm obtain a plurality of original alarms, and determine original numbers corresponding to the original alarms respectively according to a first preset number rule; compressing all the original alarms with the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number; counting the target frequency of the target alarm within a preset time period; determining a target model corresponding to the target alarm from a preset model library based on the target number; the preset model library is stored with a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information. According to the method, the target model is determined by using the target code, so that the determination process is more convenient and quicker; according to the method, the cause and the solution corresponding to the target alarm can be quickly, conveniently and accurately determined by using the target model with the incidence relation between the target alarm and other alarms, the target frequency, the target performance standard and the out-of-limit information; the present application can more accurately determine causes and solutions using the target frequency.
Referring to fig. 4, the overall alarm analysis process is completed in the alarm analysis module. Acquiring original alarms from an alarm library, and preprocessing the original alarms, wherein the preprocessing comprises alarm numbers, alarm compression and alarm counting, and after preprocessing, acquiring target alarms, target numbers of the target alarms, original frequencies of the original alarms in the target alarms under the corresponding same alarm type or target frequencies of the target alarms within a preset time period; selecting a target model representing the association relation between a target alarm and other alarms from an association analysis model library (a preset model library) based on the target code; performing performance data analysis on a preset performance standard in the distributed storage cluster to obtain a performance data recording table containing out-of-limit information of a target performance standard; and determining the cause and the solution of the target alarm from a preset knowledge base by using the target model, the original frequency, the target performance standard and the out-of-limit information, or determining the cause and the solution of the target alarm from the preset knowledge base by using the target model, the target frequency, the target performance standard and the out-of-limit information.
It should be noted that the problem root cause can be located quickly and a problem solution provided. The alarm is preprocessed, so that the influence of redundant alarm is reduced, and the efficiency of alarm retrieval is improved; the mapping relation between alarms is correlated by constructing an alarm correlation analysis model base, so that the analysis of operation and maintenance on the alarm correlation problem is improved, and interference items can be effectively eliminated; constructing a preset alarm knowledge base, combining an alarm correlation analysis model, and quickly positioning the root cause of the alarm in a dictionary checking mode; the out-of-limit information in the target performance standard and the performance data recording table is used as a supplementary condition for positioning the alarm root cause, so that the accuracy of alarm positioning is improved.
Referring to fig. 5, an embodiment of the present application discloses an alarm analysis device, including:
the target model determining module 11 is configured to obtain a target alarm, and determine a target model corresponding to the target alarm from a preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms;
the standard and information determining module 12 is configured to obtain a target performance standard, which is determined from preset performance standards and in which corresponding performance data is out-of-limit, and determine out-of-limit information corresponding to the target performance standard;
and a cause and solution determination module 13, configured to determine a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard, and the out-of-limit information.
Therefore, the target alarm is obtained, and the target model corresponding to the target alarm is determined from the preset model library; the preset model library stores a plurality of models representing various incidence relations among different alarms; acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard; and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information. Therefore, the cause and the solution corresponding to the target alarm can be quickly and conveniently determined by using the target model with the incidence relation between the target alarm and other alarms, the target performance standard and the out-of-limit information.
In some embodiments, the alarm analysis device further comprises:
the first numbering unit is used for acquiring a plurality of original alarms and determining original numbers corresponding to the original alarms according to a first preset numbering rule;
the alarm compression unit is used for compressing all the original alarms with the same alarm type to obtain a target alarm;
the second numbering unit is used for obtaining a target number corresponding to the target alarm based on a second preset numbering rule and the original number;
accordingly, the object model determining module 11 includes:
the target model determining unit is used for determining a target model corresponding to the target alarm from a preset model library based on the target number;
in some embodiments, the alarm analysis device further comprises:
the original frequency counting module is used for counting the original frequencies of all the original alarms in the target alarm;
accordingly, the cause and solution determination module 13 includes:
determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information;
in some embodiments, the alarm analysis device further comprises:
the target frequency counting module is used for counting the target frequency of the target alarm in a preset time period;
accordingly, the cause and solution determination module 13 includes:
determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information;
in some embodiments, the object model determining module 11 includes:
and the target model determining unit is used for determining a plurality of original models corresponding to the target alarm from a preset model library and acquiring the target model corresponding to the target alarm determined by the client from the original models.
Further, an electronic device is provided in the embodiments of the present application, and fig. 6 is a block diagram of an electronic device 20 shown according to an exemplary embodiment, which should not be construed as limiting the scope of the application in any way.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present disclosure. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, an input output interface 24, a communication interface 25, and a communication bus 26. Wherein the memory 22 is used for storing a computer program, which is loaded and executed by the processor 21 to implement the relevant steps of the alarm analysis method disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is configured to provide a working voltage for each hardware device on the electronic device 20; the communication interface 25 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 24 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
In addition, the storage 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage 22 is used as a non-volatile storage that may include a random access memory as a running memory and a storage purpose for an external memory, and the storage resources on the storage include an operating system 221, a computer program 222, and the like, and the storage manner may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the electronic device 20 on the source host, and the operating system 221 may be Windows, Unix, Linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the alarm analysis method disclosed by any of the foregoing embodiments and executed by the electronic device 20.
In this embodiment, the input/output interface 24 may specifically include, but is not limited to, a USB interface, a hard disk reading interface, a serial interface, a voice input interface, a fingerprint input interface, and the like.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the alarm analysis method disclosed above.
For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
A computer-readable storage medium as referred to herein includes a Random Access Memory (RAM), a Memory, a Read-Only Memory (ROM), an electrically programmable ROM, an electrically erasable programmable ROM, a register, a hard disk, a magnetic or optical disk, or any other form of storage medium known in the art. Wherein the computer program when executed by a processor implements the aforementioned alarm analysis method. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For the device disclosed by the embodiment, the device corresponds to the alarm analysis method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the description of the method part.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The alarm analysis method, the alarm analysis device, the alarm analysis equipment and the alarm analysis medium provided by the invention are described in detail, specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the examples is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. An alarm analysis method, comprising:
acquiring a target alarm, and determining a target model corresponding to the target alarm from a preset model library; the preset model library stores a plurality of models representing various incidence relations among different alarms;
acquiring a target performance standard of which the corresponding performance data is out of limit determined from preset performance standards, and determining out-of-limit information corresponding to the target performance standard;
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information.
2. The alarm analysis method according to claim 1, wherein before the obtaining of the target alarm and the determining of the target model corresponding to the target alarm from the preset model library, the method further comprises:
acquiring a plurality of original alarms, and determining original numbers corresponding to the original alarms respectively according to a first preset number rule;
compressing all the original alarms of the same alarm type to obtain a target alarm, and obtaining a target number corresponding to the target alarm based on a second preset number rule and the original number;
correspondingly, the obtaining of the target alarm and the determining of the target model corresponding to the target alarm from the preset model library include:
and determining a target model corresponding to the target alarm from a preset model library based on the target number.
3. The alarm analysis method according to claim 2, wherein before the obtaining of the target alarm and the determining of the target model corresponding to the target alarm from the preset model library, the method further comprises:
counting the original frequency of all the original alarms in the target alarm;
correspondingly, the determining the cause and the solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information includes:
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the original frequency, the target performance standard and the out-of-limit information.
4. The alarm analysis method according to claim 2, wherein before the obtaining of the target alarm and the determining of the target model corresponding to the target alarm from the preset model library, the method further comprises:
counting the target frequency of the target alarm within a preset time period;
correspondingly, the determining the cause and the solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information includes:
and determining a cause and a solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target frequency, the target performance standard and the out-of-limit information.
5. The alarm analysis method of claim 1, wherein the determining the target model corresponding to the target alarm from a preset model library comprises:
and determining a plurality of original models corresponding to the target alarm from a preset model library, and acquiring the target model corresponding to the target alarm determined by the client from the original models.
6. The alarm analysis method of claim 1, wherein the out-of-limit information includes out-of-limit frequencies, out-of-limit range values, and out-of-limit times.
7. The alarm analysis method according to any one of claims 1 to 6, wherein the association relationship comprises a dependency relationship, a derivation relationship, a homology relationship, a speculative relationship, and a complex alarm timing relationship.
8. An alarm analysis apparatus, comprising:
the target model determining module is used for acquiring a target alarm and determining a target model corresponding to the target alarm from a preset model library; the preset model library is stored with a plurality of models representing various incidence relations among different alarms;
the standard and information determining module is used for acquiring a target performance standard of the out-of-limit occurrence of the corresponding performance data determined from the preset performance standard and determining out-of-limit information corresponding to the target performance standard;
and the cause and solution determination module is used for determining the cause and solution corresponding to the target alarm from a preset alarm knowledge base based on the target model, the target performance standard and the out-of-limit information.
9. An electronic device comprising a processor and a memory; wherein the processor, when executing the computer program stored in the memory, implements the alarm analysis method of any of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program, when executed by a processor, implements the alarm analysis method of any of claims 1 to 7.
CN202210753475.2A 2022-06-29 2022-06-29 Alarm analysis method, device, equipment and medium Pending CN115129548A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210753475.2A CN115129548A (en) 2022-06-29 2022-06-29 Alarm analysis method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210753475.2A CN115129548A (en) 2022-06-29 2022-06-29 Alarm analysis method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN115129548A true CN115129548A (en) 2022-09-30

Family

ID=83380124

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210753475.2A Pending CN115129548A (en) 2022-06-29 2022-06-29 Alarm analysis method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN115129548A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117155772A (en) * 2023-10-27 2023-12-01 广州嘉为科技有限公司 Alarm information enrichment method, device, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117155772A (en) * 2023-10-27 2023-12-01 广州嘉为科技有限公司 Alarm information enrichment method, device, equipment and storage medium
CN117155772B (en) * 2023-10-27 2024-01-30 广州嘉为科技有限公司 Alarm information enrichment method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
US11645293B2 (en) Anomaly detection in big data time series analysis
CN111241453B (en) Page access duration acquisition method and device, medium and electronic equipment
CN107609028B (en) Method and device for determining low-efficiency SQL statement
CN112702342B (en) Network event processing method and device, electronic equipment and readable storage medium
CN110569214A (en) Index construction method and device for log file and electronic equipment
CN110955550A (en) Cloud platform fault positioning method, device, equipment and storage medium
CN109450869B (en) Service safety protection method based on user feedback
CN110647456B (en) Fault prediction method, system and related device of storage equipment
CN113992340B (en) User abnormal behavior identification method, device, equipment and storage medium
CN113903389A (en) Slow disk detection method and device and computer readable and writable storage medium
CN110399268A (en) A kind of method, device and equipment of anomaly data detection
CN115129548A (en) Alarm analysis method, device, equipment and medium
CN113722134A (en) Cluster fault processing method, device and equipment and readable storage medium
CN114978877A (en) Exception handling method and device, electronic equipment and computer readable medium
CN109408556B (en) Abnormal user identification method and device based on big data, electronic equipment and medium
CN107330031B (en) Data storage method and device and electronic equipment
CN112800061A (en) Data storage method, device, server and storage medium
CN110347572B (en) Method, device, system, equipment and medium for outputting performance log
CN111767161A (en) Remote calling depth recognition method and device, computer equipment and readable storage medium
CN113535458B (en) Abnormal false alarm processing method and device, storage medium and terminal
CN113641567B (en) Database inspection method and device, electronic equipment and storage medium
CN114791914A (en) User behavior statistical method, device, equipment and medium based on Bitmap
CN113656391A (en) Data detection method and device, storage medium and electronic equipment
CN110674839B (en) Abnormal user identification method and device, storage medium and electronic equipment
CN114328662A (en) Abnormal data positioning method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination