CN115357469B - Abnormal alarm log analysis method and device, electronic equipment and computer medium - Google Patents

Abnormal alarm log analysis method and device, electronic equipment and computer medium Download PDF

Info

Publication number
CN115357469B
CN115357469B CN202211290483.4A CN202211290483A CN115357469B CN 115357469 B CN115357469 B CN 115357469B CN 202211290483 A CN202211290483 A CN 202211290483A CN 115357469 B CN115357469 B CN 115357469B
Authority
CN
China
Prior art keywords
log
target
analyzed
vector
similarity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211290483.4A
Other languages
Chinese (zh)
Other versions
CN115357469A (en
Inventor
高翔
李深山
陈曦
张海超
张晓波
马明明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Siji Location Service Co ltd
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, Beijing Guodiantong Network Technology Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202211290483.4A priority Critical patent/CN115357469B/en
Publication of CN115357469A publication Critical patent/CN115357469A/en
Application granted granted Critical
Publication of CN115357469B publication Critical patent/CN115357469B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/366Software debugging using diagnostics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/186Templates

Abstract

The embodiment of the disclosure discloses an abnormal alarm log analysis method, an abnormal alarm log analysis device, electronic equipment and a computer medium. One embodiment of the method comprises: according to the log types included in the log set to be analyzed, clustering the log set to be analyzed to generate a log group set to be analyzed; for each log group to be analyzed in the log group set to be analyzed, the following processing steps are executed: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in at least one target analysis log to a target log report text template to generate a target log report text; and in response to the text type of the at least one target log report text being an abnormal text type, sending the at least one target log report text to the associated alarm equipment for alarm operation. The implementation mode avoids repeated screening of the bid documents and shortens the time for screening the documents.

Description

Abnormal alarm log analysis method and device, electronic equipment and computer medium
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to an abnormal alarm log analysis method and device, electronic equipment and a computer medium.
Background
With the increasing of power equipment, the scale of power data is continuously enlarged, the analysis dimension is rapidly increased, and the data breadth is also continuously increased. In the operation process of each different power equipment, if a fault occurs, more alarm logs can appear. At present, when the alarm logs are screened, the commonly adopted method is as follows: and performing keyword search to determine the alarm log needing to be processed.
However, the following technical problems are generally encountered with the above screening method:
firstly, the alarm logs are not classified, so that maintenance personnel cannot be informed to maintain the equipment with faults in time;
secondly, the maintenance logs needing to be processed (for example, equipment corresponding to the maintenance logs needs to be maintained) cannot be accurately searched by searching the keywords, so that the maintenance time of the equipment is delayed;
thirdly, the alarm logs to be processed cannot be displayed in order, so that the fault type corresponding to each alarm log cannot be judged quickly, and the equipment maintenance time is delayed.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose an anomaly alarm log parsing method, apparatus, electronic device, computer readable medium and program product to solve one or more of the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide an exception alarm log parsing method, including: responding to the fact that the current time is the target time, and obtaining a log set to be analyzed from a target database, wherein the log to be analyzed in the log set to be analyzed comprises a log type; according to the log types included in the log set to be analyzed, clustering the log set to be analyzed to generate a log group set to be analyzed; for each log group to be analyzed in the log group set to be analyzed, executing the following processing steps: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in the at least one target analysis log into a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log; and in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation.
In a second aspect, some embodiments of the present disclosure provide an exception alarm log parsing apparatus, including: the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is configured to respond that the current time is a target time and acquire a log set to be analyzed from a target database, and the log to be analyzed in the log set to be analyzed comprises a log type; the clustering unit is configured to perform clustering processing on the log set to be analyzed according to each log type included in the log set to be analyzed so as to generate a log group set to be analyzed; a log processing unit configured to execute the following processing steps for each log group to be analyzed in the log group set to be analyzed: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in the at least one target analysis log into a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log; and in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation.
In a third aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method described in any of the implementations of the first aspect.
In a fourth aspect, some embodiments of the disclosure provide a computer readable medium on which a computer program is stored, wherein the program when executed by a processor implements the method described in any implementation of the first aspect.
In a fifth aspect, some embodiments of the present disclosure provide a computer program product comprising a computer program that, when executed by a processor, implements the method described in any of the implementations of the first aspect above.
The above embodiments of the present disclosure have the following beneficial effects: through the abnormal alarm log analysis method of some embodiments of the disclosure, maintenance personnel can be informed to maintain the failed equipment in time, and the delay of equipment maintenance time is avoided. Specifically, the reason why the maintenance personnel cannot be notified in time to maintain the faulty equipment is that: the alarm logs are not classified, so that maintenance personnel cannot be informed to maintain the equipment with the fault in time. Based on this, in the method for analyzing the abnormal alarm log according to some embodiments of the present disclosure, first, a log set to be analyzed is obtained from a target database in response to that the current time is the target time. And the log to be analyzed in the log set to be analyzed comprises log types. Therefore, data support is provided for screening out the alarm logs. Secondly, according to the log types included in the log set to be analyzed, clustering processing is carried out on the log set to be analyzed so as to generate a log group set to be analyzed. Therefore, the alarm logs can be classified, and different maintenance personnel can be timely notified to maintain the failed equipment according to different alarm logs. For each log group to be analyzed in the log group set to be analyzed, executing the following processing steps: firstly, at least one target analysis log is generated according to the log group to be analyzed. Therefore, the maintenance logs needing to be processed can be screened out. And then, adding each target analysis log in the at least one target analysis log to a target log report text template to generate a target log report text and obtain at least one target log report text. Therefore, maintenance personnel can conveniently and quickly browse the log information. And finally, in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation. Therefore, maintenance personnel can be informed to maintain the failed equipment in time, and the delay of the equipment maintenance time is avoided.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale.
FIG. 1 is a flow diagram of some embodiments of an exception alarm log resolution method according to the present disclosure;
FIG. 2 is a schematic block diagram of some embodiments of an exception alarm log resolution mechanism according to the present disclosure;
FIG. 3 is a schematic block diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a flow diagram of some embodiments of an abnormal alarm log resolution method according to the present disclosure, showing a flow 100 of some embodiments of an abnormal alarm log resolution method according to the present disclosure. The abnormal alarm log analysis method comprises the following steps:
step 101, responding to the current time as the target time, and acquiring a log set to be analyzed from a target database.
In some embodiments, an executing agent (e.g., a computing device or server) of the abnormal alarm log parsing method may retrieve a set of logs to be parsed from a target database in response to a current time being a target time. The log to be analyzed in the log set to be analyzed comprises a log type. Here, the to-be-resolved log in the to-be-resolved log set may represent an operation log of the electric power equipment. Here, the log type may indicate a type of the power device. Here, the log types of different power devices are different. Here, the log to be parsed may include parameter information of a certain attribute when a certain device is running. For example, when the motor is running, the parameter information such as the motor temperature and the motor speed may be included, and the log to be analyzed only includes one parameter information. Here, the target time may be a preset detection time. For example, it may be the start time of each hour of the day, 1 point, 2 points, 3 points, etc. Here, the target database may refer to a database of a computing device that monitors operation of the power device.
Optionally, before step 101, the method further includes:
the method comprises the steps of firstly, obtaining a historical to-be-analyzed log set in a preset time period. The log to be analyzed in the log set to be analyzed includes log types, field names and field attribute values corresponding to the field names. In practice, a historical to-be-analyzed log set in a preset time period can be acquired from a database of the device monitoring terminal. Here, the preset time period may be a preset history time period.
And secondly, clustering the historical to-be-analyzed log set according to the log types included in the historical to-be-analyzed log set to obtain a historical to-be-analyzed log group set. In practice, the history to-be-analyzed logs with the same log type in the history to-be-analyzed log set can be grouped into one type to generate a history to-be-analyzed log group, so as to obtain a history to-be-analyzed log group set.
And thirdly, generating a historical analysis log group set according to the historical to-be-analyzed log group set. In practice, for each history to-be-analyzed log group in the history to-be-analyzed log group set, performing duplicate removal processing on each history to-be-analyzed log in the history to-be-analyzed log group to generate a duplicate-removed history to-be-analyzed log group as the history analysis log group.
Fourthly, for each history analysis log group in the history analysis log group set, executing the following processing steps:
the first processing step, vectorizing each history analysis log in the history analysis log group to generate a history analysis log vector, so as to obtain a history analysis log vector group. Here, the vectorization process may be a one-hot encoding process.
And a second processing step of associating, for each historical analysis log vector in the historical analysis log vector group, the historical analysis log vector with a target vector tag to generate log vector information. The target vector label is used for representing the data state of the history analysis log. Here, the data state may include an abnormal state and a standard state. Here, the abnormal state may indicate that the data fluctuation is not within a preset data fluctuation range. Here, the standard state may mean that the data is corresponding standard operation data. Here, the target vector tag may be evaluation information of the history resolution log by a technician.
And a third processing step of determining log vector information satisfying a first preset condition in the generated log vector information as first target vector information to obtain a first target vector information group. Wherein the first preset condition is as follows: the data state represented by the target vector label included in the log vector information is an abnormal state.
And a fourth processing step of determining log vector information satisfying a second preset condition in the generated log vector information as second target vector information to obtain a second target vector information group. Wherein the second preset condition is: the data state represented by the target vector label included in the log vector information is a standard state.
And fifthly, generating a log report text template set according to the historical analysis log group set. In practice, for each historical analysis log in the historical analysis log group set, the log type and the field name included in the historical analysis log to be analyzed can be extracted, and the log type and the field name extracted can be respectively used as template attribute names to construct a log report text template. The log report text template further comprises a label template attribute name. For example, the target journal report text template may be "journal type: a generator; field name: \\ u _; field attribute name: \\ u _; labeling: \\ is used. Here, the tag is an abnormal tag or a reference tag. Here, the tag template attribute name may refer to an attribute name for characterizing a tag to be filled in. For example, the "tag: \__.
Optionally, the related content is used as an invention point of the disclosure, thereby solving the technical problems mentioned in the background art, namely, the alarm logs needing to be processed cannot be orderly displayed, so that the fault type corresponding to each alarm log cannot be quickly judged, and the maintenance time of the equipment is delayed. The factors that delay the time for equipment maintenance are often as follows: the alarm logs to be processed cannot be displayed in order, so that the fault type corresponding to each alarm log cannot be judged quickly, and the maintenance time of equipment is delayed. If the above factors are solved, the effect of reducing the delay time of the equipment maintenance time can be achieved. In order to achieve this effect, in the present disclosure, first, a historical to-be-analyzed log set in a preset time period is obtained. Therefore, data reference is provided for subsequent analysis of the log needing maintenance processing. And secondly, clustering the historical to-be-analyzed log set according to the log types included in the historical to-be-analyzed log set to obtain a historical to-be-analyzed log group set. Next, for each history analysis log group in the history analysis log group set, the following processing steps are executed: firstly, vectorizing each historical analysis log in the historical analysis log group to generate a historical analysis log vector, so as to obtain a historical analysis log vector group. Therefore, the subsequent log and the historical log can be conveniently compared. Next, for each history analysis log vector in the history analysis log vector group, the history analysis log vector and the target vector tag are associated to generate log vector information. Thus, a corresponding service tag (target vector tag) can be associated with each history resolution log. Then, determining the log vector information meeting a first preset condition in the generated log vector information as first target vector information to obtain a first target vector information group. Therefore, reference basis is provided for searching out the maintenance log needing maintenance treatment accurately and quickly in the follow-up process. And finally, for each historical analysis log in the historical analysis log group set, extracting the log type and the field name included in the historical analysis log to be analyzed, and respectively using the extracted log type and the field name as template attribute names to construct a log report text template. Therefore, the alarm logs needing to be processed can be displayed through the template, so that maintenance personnel can browse quickly. In addition, by associating the target vector labels, maintenance personnel can quickly judge the fault type corresponding to each alarm log. Thus, the delay of the maintenance time of the apparatus is avoided.
And 102, clustering the log set to be analyzed according to the log types included in the log set to be analyzed to generate a log group set to be analyzed.
In some embodiments, the executing body may perform clustering processing on the log set to be analyzed according to each log type included in the log set to be analyzed, so as to generate a log group set to be analyzed. In practice, the executing body may group the logs to be analyzed, which have the same log type in the log set to be analyzed, into one group to generate a log group to be analyzed, so as to obtain a log group set to be analyzed.
Step 103, for each to-be-analyzed log group in the to-be-analyzed log group set, executing the following processing steps:
and step 1031, generating at least one target analysis log according to the log group to be analyzed.
In some embodiments, according to the to-be-parsed log group, the executing entity may generate at least one target parse log by:
firstly, each log to be analyzed in the log group to be analyzed is subjected to vectorization processing to generate a log vector to be analyzed, and a log vector group to be analyzed is obtained. In practice, the executing body may perform unique hot encoding processing on each log to be analyzed in the log group to be analyzed to generate a log vector to be analyzed, so as to obtain a log vector group to be analyzed.
Secondly, for each log vector to be analyzed in the log vector group to be analyzed, executing the following log determining steps:
the method comprises the steps of firstly, determining first vector similarity between a first target vector included by each first target vector information in a first target vector information set and the log vector to be analyzed to obtain a first vector similarity set. The first target vector information in the first target vector information set includes a first target vector and an exception tag corresponding to the first target vector. In practice, the executing entity may determine a first vector similarity between a first target vector included in each first target vector information in the first target vector information set and the log vector to be analyzed through a similarity formula (e.g., a cosine similarity formula), so as to obtain the first vector similarity set. Here, the abnormal label may be alarm information corresponding to the first target vector set in advance. For example, the exception tag may be "a device voltage is unstable, requiring maintenance". Here, the first target vector may refer to a vector converted by the alarm log.
And a second step of performing descending processing on the first vector similarity set to obtain a first vector similarity sequence.
And a third step of determining the first vector similarity in the first vector similarity sequence as a first candidate vector similarity.
And a fourth step of determining the log to be analyzed corresponding to the log vector to be analyzed as a target log to be analyzed in response to the fact that the similarity of the first candidate vector is greater than or equal to a first preset similarity. Here, the setting of the first preset similarity is not limited. For example, the first preset similarity may be 0.95.
And a fifth step of performing association processing on the target log to be analyzed and the abnormal label corresponding to the similarity of the first candidate vector to generate a target analysis log. Here, the association process may refer to a merging or splicing process.
Optionally, the log determining step may further include:
and a sixth step of determining a second vector similarity between a second target vector included in each second target vector information in a second target vector information set and the log vector to be analyzed in response to determining that the similarity of the first candidate vector is smaller than the first preset similarity, so as to obtain a second vector similarity set. Wherein the second target vector information in the second target vector information set further includes a reference tag. Here, the reference tag may be data reference information corresponding to the second target vector set in advance. For example, the reference label may be "voltage of device a is stable, please refer to the operation mode of device a". Here, the second target vector information in the second target vector information set may represent vector information in which the device parameter is stable. In practice, a second vector similarity between a second target vector included in each second target vector information in the second target vector information set and the log vector to be analyzed can be determined through a similarity formula (cosine similarity formula), so that a second vector similarity set is obtained.
And seventhly, performing descending processing on the second vector similarity set to obtain a second vector similarity sequence.
And an eighth step of determining the first second vector similarity in the second vector similarity sequence as a second candidate vector similarity.
And a ninth step of combining the to-be-analyzed log corresponding to the to-be-analyzed log vector and the reference label corresponding to the similarity of the second candidate vector into a target analysis log in response to the fact that the similarity of the second candidate vector is greater than or equal to a second preset similarity. Here, the setting of the second preset similarity is not limited. For example, the second preset similarity may be 0.95. Here, the reference label corresponding to the similarity of the second candidate vector is a reference label corresponding to a second target vector corresponding to the similarity of the second candidate vector.
The related content in step 1031 serves as an invention point of the present disclosure, thereby solving the technical problem two mentioned in the background art that the keyword search cannot accurately search the maintenance log to be processed (for example, the equipment corresponding to the maintenance log needs to be maintained), and the equipment maintenance time is delayed. The factors that delay the maintenance time of the equipment are often as follows: and the maintenance logs needing to be processed cannot be accurately searched by searching the keywords, so that the equipment maintenance time is delayed. If the above factors are solved, the effect of reducing the delay of the equipment maintenance time can be achieved. In order to achieve this effect, according to the present disclosure, first, a first vector similarity between a first target vector included in each first target vector information in the first target vector information set and the log vector to be analyzed is determined, so as to obtain a first vector similarity set. Therefore, whether the log to be analyzed corresponding to the log vector to be analyzed is a maintenance log needing to be processed can be judged directly according to the similarity between the first target vector and the log vector to be analyzed. And secondly, performing descending processing on the first vector similarity set to obtain a first vector similarity sequence. Then, the first vector similarity in the first vector similarity sequence is determined as a first candidate vector similarity. And then, in response to the fact that the similarity of the first candidate vector is larger than or equal to a first preset similarity, determining the log to be analyzed corresponding to the log vector to be analyzed as a target log to be analyzed. Therefore, whether the log to be analyzed is the maintenance log needing to be processed can be determined directly through the similarity. And finally, performing association processing on the target log to be analyzed and the abnormal label corresponding to the similarity of the first candidate vector to generate a target analysis log. Therefore, the abnormal features (abnormal labels) corresponding to the maintenance logs can be noted while the maintenance logs needing to be processed are quickly searched, and subsequent maintenance personnel can conveniently and quickly detect and maintain the equipment.
Step 1032, adding each target analysis log in the at least one target analysis log to a target log report text template to generate a target log report text, and obtaining at least one target log report text.
In some embodiments, the executing agent may add each target parsing log of the at least one target parsing log to a target log report text template to generate a target log report text, resulting in at least one target log report text. And the log type corresponding to the target log report text template is the same as the log type included in the target analysis log. Here, the specific field name and the specific field attribute value included in the target parsing log may be extracted and added to blank positions of the target log report text template corresponding to the field name and the field attribute value, respectively, to generate a target log report text. Here, the target log report text template may be a template set in advance for filling out a field name, a field attribute value, and a tag of a certain log type. For example, the target journal report text template may be "journal type: a generator; field name: \\ u _; field attribute name: \\ u _; labeling: \__. Here, the tag is an abnormal tag or a reference tag.
Optionally, before each target parsing log in the at least one target parsing log is added to a target log report text template to generate a target log report text and obtain at least one target log report text, the method further includes: and selecting a log report text template meeting the target condition from a preset log report text template set as a target log report text template.
In some embodiments, the execution subject may select a log report text template satisfying the target condition from a preset set of log report text templates as the target log report text template. Wherein the target conditions are: the log type corresponding to the target log report text template is the same as the log type included in the target analysis log.
And step 1033, in response to that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to an associated alarm device for alarm operation.
In some embodiments, the executing body may send the at least one target log report text to an associated alarm device for an alarm operation in response to that the text type of the at least one target log report text is an abnormal text type. Here, the text type may represent a type of a tag in the target log report text. The text type may include an exception text type and a reference text type. The exception text type may represent an exception tag. The reference text type may represent a reference tag. Here, the log alarm type corresponding to the associated alarm device is the same as the log type corresponding to the at least one target log report text. In practice, the executing body may send the at least one target log report text to an associated alarm device for an alarm operation (such as sounding an alarm) in response to the text type of the at least one target log report text being both abnormal text types. Therefore, maintenance personnel can be informed to maintain the failed equipment conveniently and timely.
Optionally, in response to that the text types of the at least one target log report text are not all abnormal text types, determining a target log report text which is an abnormal text type in the at least one target log report text as an abnormal log report text, and obtaining an abnormal log report text group.
In some embodiments, the executing body may determine, in response to that the text types of the at least one target log report text are not all abnormal text types, a target log report text that is an abnormal text type in the at least one target log report text as an abnormal log report text, and obtain an abnormal log report text group.
Optionally, the target log report text which is not of the abnormal text type in the at least one target log report text is determined as the log report text to be displayed, so as to obtain a log report text group to be displayed.
In some embodiments, the executing body may determine, as the log report text to be presented, a target log report text that is not of the abnormal text type in the at least one target log report text, so as to obtain a log report text group to be presented.
Optionally, the abnormality log report text group is sent to the alarm device to perform an alarm operation.
In some embodiments, the execution subject may send the abnormality log report text group to the alarm device to perform an alarm operation.
Optionally, the log report text group to be presented is sent to the associated target display device for display.
In some embodiments, the execution subject may send the to-be-presented log report text group to an associated target display device for display. Here, the associated target display device may refer to a display screen for a serviceman to view a text group of a log report to be presented. Therefore, maintenance personnel can be reminded to inquire the operation mode and the environment of the power equipment corresponding to the log report text group to be displayed, so that other power equipment can be operated according to the operation mode and the environment.
The above embodiments of the present disclosure have the following beneficial effects: through the abnormal alarm log analysis method of some embodiments of the disclosure, maintenance personnel can be informed to maintain the failed equipment in time, and the delay of equipment maintenance time is avoided. Specifically, the reason why the maintenance personnel cannot be notified in time to maintain the faulty equipment is that: the alarm logs are not classified, so that maintenance personnel cannot be informed to maintain the equipment with the fault in time. Based on this, in the method for analyzing the abnormal alarm log according to some embodiments of the present disclosure, first, a log set to be analyzed is obtained from a target database in response to that the current time is the target time. And the log to be analyzed in the log set to be analyzed comprises log types. Therefore, data support is provided for screening out the alarm logs. Secondly, according to the log types included in the log set to be analyzed, clustering processing is carried out on the log set to be analyzed so as to generate a log group set to be analyzed. Therefore, the alarm logs can be classified, and different maintenance personnel can be timely notified to maintain the failed equipment according to different alarm logs. For each log group to be analyzed in the log group set to be analyzed, executing the following processing steps: firstly, at least one target analysis log is generated according to the log group to be analyzed. Therefore, the maintenance logs needing to be processed can be screened out. And then, adding each target analysis log in the at least one target analysis log to a target log report text template to generate a target log report text and obtain at least one target log report text. Therefore, maintenance personnel can conveniently and quickly browse the log information. And finally, in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation. Therefore, maintenance personnel can be informed to maintain the failed equipment in time, and the delay of equipment maintenance time is avoided.
With further reference to fig. 2, as an implementation of the methods shown in the above-mentioned figures, the present disclosure provides some embodiments of an abnormal alarm log parsing apparatus, which correspond to those of the method embodiments described above in fig. 1, and which can be applied in various electronic devices.
As shown in fig. 2, the abnormal alarm log parsing apparatus 200 of some embodiments includes: an acquisition unit 201, a clustering unit 202, and a log processing unit 203. The obtaining unit 201 is configured to obtain a log set to be analyzed from a target database in response to that the current time is a target time, wherein the log set to be analyzed in the log set to be analyzed includes a log type; a clustering unit 202, configured to perform clustering processing on the log set to be analyzed according to each log type included in the log set to be analyzed, so as to generate a log group set to be analyzed; a log processing unit 203 configured to execute the following processing steps for each log group to be analyzed in the log group set to be analyzed: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in the at least one target analysis log into a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log; and in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation.
It is to be understood that the units described in the abnormality alarm log parsing apparatus 200 correspond to the respective steps in the method described with reference to fig. 1. Therefore, the operations, features and beneficial effects of the method described above are also applicable to the exception alarm log parsing apparatus 200 and the units included therein, and are not described herein again.
Referring now to FIG. 3, a block diagram of an electronic device 300 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage means 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Generally, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 308 including, for example, magnetic tape, hard disk, etc.; and a communication device 309. The communication means 309 may allow the electronic device 300 to communicate with other devices, wireless or wired, to exchange data. While fig. 3 illustrates an electronic device 300 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 3 may represent one device or may represent multiple devices, as desired.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In some such embodiments, the computer program may be downloaded and installed from a network through the communication device 309, or installed from the storage device 308, or installed from the ROM 302. The computer program, when executed by the processing apparatus 301, performs the above-described functions defined in the methods of some embodiments of the present disclosure.
It should be noted that the computer readable medium described above in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the apparatus described above; or may be separate and not incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: responding to the current time as the target time, and acquiring a log set to be analyzed from a target database, wherein the log to be analyzed in the log set to be analyzed comprises a log type; according to the log types included in the log set to be analyzed, clustering the log set to be analyzed to generate a log group set to be analyzed; for each log group to be analyzed in the log group set to be analyzed, executing the following processing steps: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in the at least one target analysis log into a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log; and in response to the fact that the text types of the at least one target log report text are all abnormal text types, sending the at least one target log report text to the associated alarm equipment for alarm operation.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. The described units may also be provided in a processor, which may be described as: a processor includes an acquisition unit, a clustering unit, and a log processing unit. The names of these units do not form a limitation on the unit itself in some cases, for example, the clustering unit may also be described as "a unit that performs clustering processing on the log set to be analyzed according to the log types included in the log set to be analyzed to generate a log group set to be analyzed".
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.
Some embodiments of the present disclosure also provide a computer program product comprising a computer program that, when executed by a processor, implements any one of the above-described anomaly alarm log parsing methods.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combinations of the above-mentioned features, and other embodiments in which the above-mentioned features or their equivalents are combined arbitrarily without departing from the spirit of the invention are also encompassed. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (6)

1. An abnormal alarm log parsing method comprises the following steps:
responding to the fact that the current time is the target time, and obtaining a log set to be analyzed from a target database, wherein the log to be analyzed in the log set to be analyzed comprises a log type;
according to the log types included in the log set to be analyzed, clustering the log set to be analyzed to generate a log group set to be analyzed;
for each log group to be analyzed in the log group set to be analyzed, executing the following processing steps:
generating at least one target analysis log according to the log group to be analyzed;
adding each target analysis log in the at least one target analysis log into a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log;
in response to the fact that the text types of the at least one target log report text are all abnormal text types, the at least one target log report text is sent to the associated alarm equipment to conduct alarm operation;
generating at least one target analysis log according to the log group to be analyzed, wherein the generating of the at least one target analysis log comprises the following steps:
vectorizing each log to be analyzed in the log group to be analyzed to generate a log vector to be analyzed, so as to obtain a log vector group to be analyzed;
for each log vector to be analyzed of the log vector group to be analyzed, executing the following log determining steps:
determining first vector similarity between a first target vector included in each first target vector information in a first target vector information set and the log vector to be analyzed to obtain a first vector similarity set;
performing descending processing on the first vector similarity set to obtain a first vector similarity sequence;
determining a first vector similarity in the first vector similarity sequence as a first candidate vector similarity;
in response to the fact that the similarity of the first alternative vector is larger than or equal to a first preset similarity, determining the log to be analyzed corresponding to the log vector to be analyzed as a target log to be analyzed;
performing association processing on the target log to be analyzed and the abnormal label corresponding to the similarity of the first alternative vector to generate a target analysis log;
in response to the fact that the similarity of the first candidate vector is smaller than the first preset similarity, determining second vector similarity between a second target vector included in each piece of second target vector information in a second target vector information set and the log vector to be analyzed to obtain a second vector similarity set;
performing descending processing on the second vector similarity set to obtain a second vector similarity sequence;
determining a first second vector similarity in the second vector similarity sequence as a second candidate vector similarity;
and combining the log to be analyzed corresponding to the log vector to be analyzed and the reference label corresponding to the similarity of the second candidate vector into a target analysis log in response to the fact that the similarity of the second candidate vector is larger than or equal to a second preset similarity.
2. The method of claim 1, wherein the method further comprises:
in response to the fact that the text types of the at least one target log report text are not all abnormal text types, determining the target log report text which is an abnormal text type in the at least one target log report text as an abnormal log report text, and obtaining an abnormal log report text group;
determining a target log report text which is not of an abnormal text type in the at least one target log report text as a log report text to be displayed, and obtaining a log report text group to be displayed;
sending the abnormal log report text group to the alarm equipment for alarm operation;
and sending the log report text group to be displayed to associated target display equipment for displaying.
3. The method of claim 1, wherein prior to said adding each of the at least one target resolution log to a target log report text template to generate target log report text, resulting in at least one target log report text, the method further comprises:
selecting a log report text template meeting target conditions from a preset log report text template set as a target log report text template, wherein the target conditions are as follows: and the log type corresponding to the target log report text template is the same as the log type included in the target analysis log.
4. An anomaly alarm log parsing apparatus, comprising:
the analysis device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is configured to respond that the current time is a target time and acquire a log set to be analyzed from a target database, and the logs to be analyzed in the log set to be analyzed comprise log types;
the clustering unit is configured to perform clustering processing on the log set to be analyzed according to each log type included in the log set to be analyzed so as to generate a log group set to be analyzed;
a log processing unit configured to execute the following processing steps for each log group to be analyzed in the log group set to be analyzed: generating at least one target analysis log according to the log group to be analyzed; adding each target analysis log in the at least one target analysis log to a target log report text template to generate a target log report text and obtain at least one target log report text, wherein the log type corresponding to the target log report text template is the same as the log type included in the target analysis log; in response to the fact that the text types of the at least one target log report text are all abnormal text types, the at least one target log report text is sent to the associated alarm equipment to conduct alarm operation; a log processing unit further configured to:
vectorizing each log to be analyzed in the log group to be analyzed to generate a log vector to be analyzed, so as to obtain a log vector group to be analyzed;
for each log vector to be analyzed of the log vector group to be analyzed, executing the following log determining steps:
determining first vector similarity between a first target vector included in each first target vector information in a first target vector information set and the log vector to be analyzed to obtain a first vector similarity set;
performing descending processing on the first vector similarity set to obtain a first vector similarity sequence;
determining a first vector similarity in the first vector similarity sequence as a first candidate vector similarity;
in response to the fact that the similarity of the first alternative vector is larger than or equal to a first preset similarity, determining the log to be analyzed corresponding to the log vector to be analyzed as a target log to be analyzed;
performing association processing on the target log to be analyzed and the abnormal label corresponding to the similarity of the first alternative vector to generate a target analysis log;
in response to the fact that the similarity of the first candidate vector is smaller than the first preset similarity, determining second vector similarity between a second target vector included by each piece of second target vector information in a second target vector information set and the log vector to be analyzed to obtain a second vector similarity set;
performing descending processing on the second vector similarity set to obtain a second vector similarity sequence;
determining a first second vector similarity in the second vector similarity sequence as a second candidate vector similarity;
and combining the log to be analyzed corresponding to the log vector to be analyzed and the reference label corresponding to the similarity of the second candidate vector into a target analysis log in response to the fact that the similarity of the second candidate vector is larger than or equal to a second preset similarity.
5. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3.
6. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-3.
CN202211290483.4A 2022-10-21 2022-10-21 Abnormal alarm log analysis method and device, electronic equipment and computer medium Active CN115357469B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211290483.4A CN115357469B (en) 2022-10-21 2022-10-21 Abnormal alarm log analysis method and device, electronic equipment and computer medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211290483.4A CN115357469B (en) 2022-10-21 2022-10-21 Abnormal alarm log analysis method and device, electronic equipment and computer medium

Publications (2)

Publication Number Publication Date
CN115357469A CN115357469A (en) 2022-11-18
CN115357469B true CN115357469B (en) 2022-12-30

Family

ID=84008137

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211290483.4A Active CN115357469B (en) 2022-10-21 2022-10-21 Abnormal alarm log analysis method and device, electronic equipment and computer medium

Country Status (1)

Country Link
CN (1) CN115357469B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115982703B (en) * 2023-03-22 2023-06-16 新兴际华集团财务有限公司 User behavior data processing method, device, electronic equipment and computer readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958136A (en) * 2019-11-11 2020-04-03 国网山东省电力公司信息通信公司 Deep learning-based log analysis early warning method
CN112667469A (en) * 2020-12-25 2021-04-16 通号智慧城市研究设计院有限公司 Method, system and readable medium for automatically generating diversified big data statistical report
CN113312447A (en) * 2021-03-10 2021-08-27 天津大学 Semi-supervised log anomaly detection method based on probability label estimation
CN113986864A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Log data processing method and device, electronic equipment and storage medium
CN114610881A (en) * 2022-03-02 2022-06-10 京东科技信息技术有限公司 Application log analysis method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11210158B2 (en) * 2017-11-29 2021-12-28 Riverbed Technology, Inc. Automated problem diagnosis on logs using anomalous telemetry analysis

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110958136A (en) * 2019-11-11 2020-04-03 国网山东省电力公司信息通信公司 Deep learning-based log analysis early warning method
CN112667469A (en) * 2020-12-25 2021-04-16 通号智慧城市研究设计院有限公司 Method, system and readable medium for automatically generating diversified big data statistical report
CN113312447A (en) * 2021-03-10 2021-08-27 天津大学 Semi-supervised log anomaly detection method based on probability label estimation
CN113986864A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Log data processing method and device, electronic equipment and storage medium
CN114610881A (en) * 2022-03-02 2022-06-10 京东科技信息技术有限公司 Application log analysis method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115357469A (en) 2022-11-18

Similar Documents

Publication Publication Date Title
US10983789B2 (en) Systems and methods for automating and monitoring software development operations
CN111274760A (en) Rich text data processing method and device, electronic equipment and computer storage medium
CN115640285B (en) Power abnormality information transmission method, device, electronic equipment and medium
CN115757400B (en) Data table processing method, device, electronic equipment and computer readable medium
CN115357470B (en) Information generation method and device, electronic equipment and computer readable medium
CN115357469B (en) Abnormal alarm log analysis method and device, electronic equipment and computer medium
US11645540B2 (en) Deep graph de-noise by differentiable ranking
CN112506968A (en) Information aggregation method and device, electronic equipment and computer readable medium
CN115277261B (en) Abnormal machine intelligent identification method, device and equipment based on industrial control network virus
CN112954056A (en) Monitoring data processing method and device, electronic equipment and storage medium
CN113468342B (en) Knowledge graph-based data model construction method, device, equipment and medium
CN112230891A (en) Interface document integration method and device, server and computer storage medium
CN111880959A (en) Abnormity detection method and device and electronic equipment
CN116702168B (en) Method, device, electronic equipment and computer readable medium for detecting supply end information
CN117690063B (en) Cable line detection method, device, electronic equipment and computer readable medium
CN117235744B (en) Source file online method, device, electronic equipment and computer readable medium
CN115842819B (en) Automatic driving system test data downloading method, device and equipment
CN116881097B (en) User terminal alarm method, device, electronic equipment and computer readable medium
CN111581305B (en) Feature processing method, device, electronic equipment and medium
Gil et al. Current status of software log analysis at ALMA Observatory
CN117195833A (en) Log information conversion method, device, electronic equipment and computer readable medium
CN116880899A (en) Task information association method, device, electronic equipment and computer readable medium
CN113760698A (en) Method and device for converting test case file data
CN117331990A (en) Abnormal data display method, device and equipment for data application sharing platform
CN112948341A (en) Method and apparatus for identifying abnormal network device logs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20231129

Address after: Building 4, Dongxu International Center, yard 2, sihezhuang Road, Fengtai District, Beijing 100070 (South Building of block a)

Patentee after: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd.

Patentee after: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

Patentee after: State Grid Siji Location Service Co.,Ltd.

Address before: Xianglong business building, 311 guang'anmennei street, Xicheng District, Beijing 100032

Patentee before: BEIJING GUODIANTONG NETWORK TECHNOLOGY Co.,Ltd.

Patentee before: STATE GRID INFORMATION & TELECOMMUNICATION GROUP Co.,Ltd.

TR01 Transfer of patent right