CN115801589B - Event topological relation determination method, device, equipment and storage medium - Google Patents
Event topological relation determination method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115801589B CN115801589B CN202211429614.2A CN202211429614A CN115801589B CN 115801589 B CN115801589 B CN 115801589B CN 202211429614 A CN202211429614 A CN 202211429614A CN 115801589 B CN115801589 B CN 115801589B
- Authority
- CN
- China
- Prior art keywords
- identification information
- event
- topological relation
- alarm
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a method, a device, equipment and a storage medium for determining event topological relation. Comprising the following steps: acquiring an alarm event list of a monitoring system, matching the alarm event list with a preset topological relation table to generate a first identification information group and a first sub-event topological relation, and taking all network identification information as a second identification information group; reversely deducing the second identification information group to generate a second sub-event topological relation; and updating the second sub-event topological relation according to the first sub-event topological relation to generate an event topological relation corresponding to the alarm event list. The network identification information in the alarm event list is reversely deduced to generate a second sub-event topological relation, the preset topological relation list is matched with the alarm event list to update the second sub-event topological relation, the event topological relation can be combed without data support, the manual workload is reduced, and meanwhile, the deduced accuracy is improved.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a method, an apparatus, a device, and a storage medium for determining an event topology relationship.
Background
In the process of promoting enterprise informatization, various industries build a large amount of IT infrastructures and matched monitoring systems, a large amount of monitoring systems are built according to technical characteristics, in actual operation and maintenance work, a real fault can occur in a plurality of monitoring systems, and how to accurately and quickly comb the logic relationship among the events, particularly the logic relationship derivation for locating the fault root cause, is a general problem in the whole operation and maintenance monitoring industry.
At present, the relation between network identification information is generally introduced by an external relation introduction method, cascade relations among nodes are imported to a unified event management platform in advance through configuration management databases, then newly generated events are matched, and the nodes are associated and given a dependency relation value; or manually setting attribute values such as a gateway, a network segment and the like, and automatically giving a dependency relationship value when a new event is acquired.
In the prior art, a method of introducing external relations or manually setting a gateway is adopted, a large amount of data is required to be supported, the data cannot be updated in time, meanwhile, manual operation is relied on, so that the manual workload is large, and the accuracy is low.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for determining an event topological relation, which are used for analyzing alarm information to generate the event topological relation.
According to an aspect of the present invention, there is provided an event topology relationship determination method, the method comprising:
acquiring an alarm event list of a monitoring system, wherein the alarm event list contains network identification information;
matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all network identification information in the alarm event list as a second identification information group;
generating a first sub-event topological relation according to the first identification information group and the topological relation table;
reversely deducing the second identification information group to generate a second sub-event topological relation;
and updating the second sub-event topological relation according to the first sub-event topological relation to generate an event topological relation corresponding to the alarm event list.
Optionally, acquiring an alarm event list of the monitoring system includes: collecting alarm information in a specified time range, wherein the alarm information comprises network identification information; carrying out format conversion on specified fields in the alarm information to obtain converted alarm information; and screening the converted alarm information according to a specified rule to obtain screened alarm information, and generating an alarm event list according to the screened alarm information.
Optionally, generating the first identification information group according to each network identification information and a preset topological relation table includes: determining target network identification information in a topological relation table in an alarm event list; the target network identification information is divided into a first identification information group.
Optionally, generating a first sub-event topology relationship according to the first identification information group and the topology relationship table includes: matching each network identification information in the first identification information group with a topological relation table to determine the position and the connection relation of each network identification information; and generating a first sub-event topological relation according to the network identification information, the position and the connection relation.
Optionally, the reverse deriving of the second set of identification information to generate a second sub-event topology relationship includes: taking the same network identification information in the second identification information group as a node, and determining the quantity of the same network identification information in the node; arranging the nodes according to the order of the number from at least more, and generating a node list; sequentially selecting two nodes in the node list to carry out reverse deduction so as to determine a position relation; and taking the first node in the node list as a main reference node, and determining a second sub-event topological relation according to the main reference node, the network identification information and the position relation.
Optionally, before sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, the method further includes: and carrying out format conversion on the network identification information corresponding to each node to generate conversion identification information, wherein the conversion identification information comprises a network number.
Optionally, sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, including: determining conversion identification information corresponding to the nodes; determining the same number of network numbers in the two conversion identification information; and determining the position relation of the two nodes according to the quantity.
According to another aspect of the present invention, there is provided an event topology relation determination apparatus, comprising:
the alarm event list acquisition module is used for acquiring an alarm event list of the monitoring system, wherein the alarm event list contains network identification information;
the identification information group generation module is used for matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all network identification information in the alarm event list as a second identification information group;
the first sub-event topological relation generation module is used for generating a first sub-event topological relation according to the first identification information group and the topological relation table;
the second sub-event topological relation generation module is used for carrying out reverse deduction on the second identification information group to generate a second sub-event topological relation;
and the event topological relation generation module is used for updating the second sub-event topological relation according to the first sub-event topological relation so as to generate an event topological relation corresponding to the alarm event list.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform an event topology determination method according to any one of the embodiments of the invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement an event topology determination method according to any of the embodiments of the present invention when executed.
According to the technical scheme, the network identification information in the alarm event list is reversely deduced to generate the second sub-event topological relation, the preset topological relation table is matched with the alarm event list to update the second sub-event topological relation, the event topological relation can be combed without data support, the manual workload is reduced, and meanwhile the deducing accuracy is improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for determining event topology according to a first embodiment of the present invention;
FIG. 2 is a flow chart of another method for determining event topology according to a first embodiment of the present invention;
FIG. 3 is a schematic diagram of an event topology provided according to a first embodiment of the present invention;
FIG. 4 is a flowchart of another event topology determination method according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of an event topology determining apparatus according to a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device implementing a method for determining an event topology according to an embodiment of the present invention.
Description of the embodiments
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of an event topology determination method according to an embodiment of the present invention, where the method may be performed by an event topology determination device, which may be implemented in hardware and/or software, and the event topology determination device may be configured in a computer. As shown in fig. 1, the method includes:
s110, acquiring an alarm event list of the monitoring system.
The monitoring system is a system for detecting faults, and the monitoring system comprises a network monitoring system, a host monitoring system, a database monitoring system, a log monitoring system and the like, for example, the network monitoring system can be used for detecting communication faults, and the host monitoring system can be used for detecting faults of an operating system level. The alarm event list is a list containing fault key information generated after the monitoring system detects a fault, and the alarm event list contains network identification information. The network identification information refers to an internet protocol address (InternetProtocolAddress, IP), and is a protocol designed for computer network interconnections to communicate. Namely, when the monitoring system detects a fault, the controller can acquire an alarm event list of the monitoring system, and the analysis of the alarm event is completed through the alarm event list.
And S120, matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all network identification information in the alarm event list as a second identification information group.
The topology relationship refers to a relationship between spatial data that satisfies the principle of topology geometry, and in this embodiment, network identification information is used as a node, and the topology relationship is a connection relationship between network identification information. The topology relation table is a connection relation preset in the controller by a user and stores known network identification information. The identification information group is composed of network identification information, the controller can match the alarm event list with a preset topological relation table to generate a first identification information group, and meanwhile, all network identification information in the alarm event list is used as a second identification information group.
Optionally, generating the first identification information group according to each network identification information and a preset topological relation table includes: determining target network identification information in a topological relation table in an alarm event list; the target network identification information is divided into a first identification information group.
Specifically, since the alarm event list includes network identification information, when the controller matches the alarm event list with the preset topology relation table, it can determine target network identification information located in the topology relation table in the alarm event list, and divide the target network identification information into a first identification information group, that is, network identification information in the first identification information group with a known connection relation in the topology relation table.
S130, generating a first sub-event topological relation according to the first identification information group and the topological relation table.
Optionally, generating a first sub-event topology relationship according to the first identification information group and the topology relationship table includes: matching each network identification information in the first identification information group with a topological relation table to determine the position and the connection relation of each network identification information; and generating a first sub-event topological relation according to the network identification information, the position and the connection relation.
Specifically, the controller matches each piece of network identification information with the topological relation table, determines the position and the connection relation of the network identification information in the topological relation table, and takes the network identification information, the position and the connection relation as the topological relation of the first sub-event.
S140, carrying out reverse deduction on the second identification information group to generate a second sub-event topological relation.
The reverse deduction refers to a process of finding out the largest aggregate of network numbers of different network identification information from the first bit to the right recursively after the network identification information in the second identification information group is expressed in a 32-bit binary form, so as to indirectly judge which network identification information belongs to one network.
Fig. 2 is a flowchart of a method for determining an event topology according to an embodiment of the present invention, and step S140 mainly includes steps S141 to S144 as follows:
s141, taking the same network identification information in the second identification information group as a node, and determining the quantity of the same network identification information in the node.
S142, arranging the nodes according to the order of the number from at least to at least, and generating a node list.
Specifically, the process of combining the same IP into one node to process the same network identification information in the second identification information group as one node, and the larger the number of the same network identification information in one node is, the more the number of times the node occurs. The controller may arrange the nodes in an order of at least more than one number to generate a node list, a first node in the node list indicating that the same network identification information is the largest in the node.
S143, sequentially selecting two nodes in the node list to conduct reverse deduction so as to determine the position relation.
Optionally, before sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, the method further includes: and carrying out format conversion on the network identification information corresponding to each node to generate conversion identification information, wherein the conversion identification information comprises a network number.
Specifically, the controller sequentially selects two nodes in the node list to reversely deduce so as to determine the position relationship, the controller firstly performs format conversion on the network identification information to generate conversion identification information, the format conversion refers to converting the decimal format IP into 32-bit binary representation so as to generate conversion identification information, and the conversion identification information comprises a network number. For example, if the network identification information IP1 is 128.14.31.7, the corresponding conversion identification information is 1000 0000.0000 1100.0001 1111.0000 0111; if the IP2 is 128.14.35.7, the corresponding conversion identification information is 1000 0000.0000 1100.0010 0011.0000 01111; IP3 is 12.14.42.7, and the corresponding translation identification information is 1000 0000.0000 1100.0010 1010.0000 0111. The method can be completed by directly using IP data through reverse deduction and calculation of the relation between network identification information, external parameter input is not needed, the problem that the dependency relation needs to be manually tidied before is solved, and the used data is reversely deduced, so that the problem that the data cannot be updated in time and the data is lagged is solved for the IP data in event data acquired in real time, namely the real node IP data reported by each monitoring in real time.
Optionally, sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, including: determining conversion identification information corresponding to the nodes; determining the same number of network numbers in the two conversion identification information; and determining the position relation of the two nodes according to the quantity.
Specifically, the controller recursively finds the largest aggregate of the network numbers of different network identification information from the first order to the right, that is, determines the same number of network numbers in the two pieces of conversion identification information to determine the position relationship of the two nodes, for example, the number of the conversion identification information 1000 0000.0000 1100.0001 1111.0000 0111 corresponding to the IP1 and the number of the conversion identification information 1000 0000.0000 1100.0010 0011.0000 01111 corresponding to the IP2 are 18, and the number of the conversion identification information corresponding to the IP2 and the number of the conversion identification information 1000 0000.0000 1100.0010 1010.0000 0111 corresponding to the IP3 are 20, and are greater than 18, which represents that the path of the IP3 from the IP2 is shorter than that of the IP 1.
S144, the first node in the node list is used as a main reference node, and the second sub-event topological relation is determined according to the main reference node, the network identification information and the position relation.
Specifically, the controller uses the first node in the node list as a main reference node, and determines a second sub-event topological relation according to the main reference node, the network identification information and the position relation. Note that, since the second sub-event topology is a topology generated by reverse derivation, the connection relationship in the second sub-event topology is indicated by a broken line.
And S150, updating the second sub-event topological relation according to the first sub-event topological relation to generate an event topological relation corresponding to the alarm event list.
Specifically, since the first sub-event topological relation is a known connection relation located in the topological relation table, the first sub-event topological relation is represented by a solid line, the controller updates the second sub-event topological relation according to the first word time topological relation, and replaces the connection relation corresponding to the same network identification information in the second sub-event topological relation to generate the event topological relation corresponding to the alarm event list.
The specific application scene is as follows: fig. 3 provides a schematic diagram of an event topology relationship in this embodiment, in fig. 3, numerals 1 to 9 denote respective network identification information, the network identification information are connected by a solid line or a dotted line, the solid line denotes a connection relationship existing in the topology relationship table, and the dotted line denotes a connection relationship generated by reverse deduction. As shown in fig. 3, the connection relationship of the network identification information 1 and 2, the connection relationship of 2 and 5, the connection relationship of 1 and 4, and the connection relationship of 8 and 9 are connection relationships existing in the topology relationship table, and the remaining broken line connection relationships are connection relationships generated by reverse deduction.
According to the technical scheme, the network identification information in the alarm event list is reversely deduced to generate the second sub-event topological relation, the preset topological relation list is matched with the alarm event list to update the second sub-event topological relation, the event topological relation is generated, the event topological relation can be combed without data support, the manual workload is reduced, and meanwhile the deduced accuracy is improved.
Example two
Fig. 4 is a flowchart of a method for determining an event topology according to a second embodiment of the present invention, where a process of obtaining an alarm event list of a monitoring system is added on the basis of the first embodiment. The specific contents of steps S240 to S270 are substantially the same as those of steps S120 to S150 in the first embodiment, and thus, a detailed description is omitted in this embodiment. As shown in fig. 4, the method includes:
s210, acquiring alarm information in a specified time range.
Specifically, the controller collects alarm information of each monitoring system, wherein the alarm information comprises a time stamp, network identification information, a time abstract, an alarm type and the like. The appointed time range is a time window which is set by a user through a time window parameter in the controller, the user is a staff or a technician for determining the event topological relation, and the controller can roll and collect the alarm information of the next batch according to the appointed time range set by the user so as to realize continuous update of the event topological relation. For example, when the specified time range set by the user is 10 minutes and the current time is 18:00, the controller can collect a batch of alarm information every 10 minutes, namely 18:10, 18:20 … and so on, and the real-time collection and analysis are completed through the rolling of the time window, so that the problem of data lag is avoided.
S220, carrying out format conversion on the appointed field in the alarm information to obtain converted alarm information.
Specifically, after completing a batch of alarm information acquisition, the controller performs field mapping on the alarm information, that is, performs format conversion on specified fields in the alarm information, where the purpose of format conversion is to make the format of the alarm information regular and uniform, convert non-standard expressions in the alarm information into the same specified expressions, for example, unify "from" into "source", and then acquire the converted alarm information.
S230, screening the converted alarm information according to a specified rule to obtain screened alarm information, and generating an alarm event list according to the screened alarm information.
Specifically, the purpose of format conversion is to complete event aggregation, that is, the converted alarm information is screened according to a specified rule to obtain screened alarm information, the specified rule is set by a user, and the user can screen out the content which wants to analyze the event topological relation by setting the specified rule. For example, the user may set "location" to "Jiangsu", at this time, the controller may perform screening analysis on relevant alarm information in Jiangsu regions, the specified rule may be multiple, the user may also perform screening by setting text similarity and timestamp difference, for example, when the user sets the text similarity to 80% and the timestamp difference to be within 5 minutes, the controller may compare the text similarity and timestamp of each alarm information, and use the screened alarm information as an alarm event list.
S240, matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all network identification information in the alarm event list as a second identification information group.
Optionally, generating the first identification information group according to each network identification information and a preset topological relation table includes: determining target network identification information in a topological relation table in an alarm event list; the target network identification information is divided into a first identification information group.
S250, generating a first sub-event topological relation according to the first identification information group and the topological relation table.
Optionally, generating a first sub-event topology relationship according to the first identification information group and the topology relationship table includes: matching each network identification information in the first identification information group with a topological relation table to determine the position and the connection relation of each network identification information; and generating a first sub-event topological relation according to the network identification information, the position and the connection relation.
S260, carrying out reverse deduction on the second identification information group to generate a second sub-event topological relation.
Optionally, the reverse deriving of the second set of identification information to generate a second sub-event topology relationship includes: taking the same network identification information in the second identification information group as a node, and determining the quantity of the same network identification information in the node; arranging the nodes according to the order of the number from at least more, and generating a node list; sequentially selecting two nodes in the node list to carry out reverse deduction so as to determine a position relation; and taking the first node in the node list as a main reference node, and determining a second sub-event topological relation according to the main reference node, the network identification information and the position relation.
Optionally, before sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, the method further includes: and carrying out format conversion on the network identification information corresponding to each node to generate conversion identification information, wherein the conversion identification information comprises a network number.
Optionally, sequentially selecting two nodes in the node list to perform reverse derivation to determine the position relationship, including: determining conversion identification information corresponding to the nodes; determining the same number of network numbers in the two conversion identification information; and determining the position relation of the two nodes according to the quantity.
S270, updating the second sub-event topological relation according to the first sub-event topological relation to generate an event topological relation corresponding to the alarm event list.
According to the technical scheme, the alarm event list is generated by field mapping and aggregation of the collected alarm information, analysis of the alarm information can be completed in a targeted manner, the network identification information in the alarm event list is reversely deduced to generate the second sub-event topological relation, the second sub-event topological relation is updated by matching the preset topological relation list with the alarm event list, the event topological relation is generated, the event topological relation can be combed without data support, manual workload is reduced, and meanwhile deducing accuracy is improved.
Example III
Fig. 5 is a schematic structural diagram of an event topology determining apparatus according to a third embodiment of the present invention. As shown in fig. 5, the apparatus includes: an alarm event list obtaining module 310, configured to obtain an alarm event list of the monitoring system, where the alarm event list includes network identification information; the identification information set generating module 320 is configured to match the alarm event list with a preset topology relationship table to generate a first identification information set, and use all network identification information in the alarm event list as a second identification information set; a first sub-event topology relationship generation module 330, configured to generate a first sub-event topology relationship according to the first identification information set and the topology relationship table; a second sub-event topology generation module 340, configured to reversely derive the second identification information set to generate a second sub-event topology; the event topology generating module 350 is configured to update the second sub-event topology according to the first sub-event topology to generate an event topology corresponding to the alarm event list.
Optionally, the alarm event list acquisition module 310 is specifically configured to: collecting alarm information in a specified time range, wherein the alarm information comprises network identification information; carrying out format conversion on specified fields in the alarm information to obtain converted alarm information; and screening the converted alarm information according to a specified rule to obtain screened alarm information, and generating an alarm event list according to the screened alarm information.
Optionally, the identification information group generating module 320 specifically includes: a first identification information group generating unit, configured to determine target network identification information located in a topology relationship table in the alarm event list; the target network identification information is divided into a first identification information group.
Optionally, the first sub-event topology generating module 330 is specifically configured to: matching each network identification information in the first identification information group with a topological relation table to determine the position and the connection relation of each network identification information; and generating a first sub-event topological relation according to the network identification information, the position and the connection relation.
Optionally, the second sub-event topology relationship generation module 340 specifically includes an identical network identification information merging unit, configured to take identical network identification information in the second identification information group as a node, and determine the number of identical network identification information in the node; the node list generating unit is used for arranging the nodes according to the order of the number from at least one to generate a node list; the position relation determining unit is used for sequentially selecting two nodes in the node list to carry out reverse deduction so as to determine the position relation; and the second sub-event topological relation determining unit is used for taking the first node in the node list as a main reference node and determining the second sub-event topological relation according to the main reference node, the network identification information and the position relation.
Optionally, the second sub-event topology relationship generating module 340 further includes a conversion identification information generating unit, configured to perform format conversion on the network identification information corresponding to each node, and generate conversion identification information, where the conversion identification information includes a network number.
Optionally, the location relation determining unit is specifically configured to: determining conversion identification information corresponding to the nodes; determining the same number of network numbers in the two conversion identification information; and determining the position relation of the two nodes according to the quantity.
According to the technical scheme, the network identification information in the alarm event list is reversely deduced to generate the second sub-event topological relation, the preset topological relation table is matched with the alarm event list to update the second sub-event topological relation, the event topological relation can be combed without data support, the manual workload is reduced, and meanwhile the deducing accuracy is improved.
The event topological relation determining device provided by the embodiment of the invention can execute the event topological relation determining method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the executing method.
Example IV
Fig. 6 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 6, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as an event topology determination method.
In some embodiments, an event topology determination method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. One or more steps of an event topology determination method described above may be performed when a computer program is loaded into RAM 13 and executed by processor 11. Alternatively, in other embodiments, the processor 11 may be configured to perform an event topology determination method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (9)
1. A method for determining an event topology, comprising:
acquiring an alarm event list of a monitoring system, wherein the alarm event list comprises network identification information;
matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all network identification information in the alarm event list as a second identification information group;
generating a first sub-event topological relation according to the first identification information group and the topological relation table;
reversely deducing the second identification information group to generate a second sub-event topological relation;
updating the second sub-event topological relation according to the first sub-event topological relation to generate an event topological relation corresponding to the alarm event list;
the step of matching the alarm event list with a preset topological relation table to generate a first identification information group includes:
determining target network identification information in the topological relation table in the alarm event list;
dividing the target network identification information into the first identification information group.
2. The method of claim 1, wherein the obtaining the list of alarm events for the monitoring system comprises:
collecting alarm information in a specified time range, wherein the alarm information comprises the network identification information;
performing format conversion on the appointed field in the alarm information to obtain converted alarm information;
and screening the converted alarm information according to a specified rule to obtain screened alarm information, and generating the alarm event list according to the screened alarm information.
3. The method of claim 1, wherein generating a first sub-event topology relationship from the first set of identification information and the topology relationship table comprises:
matching each piece of network identification information in the first identification information group with the topological relation table so as to determine the position and the connection relation of each piece of network identification information;
and generating the first sub-event topological relation according to the network identification information, the position and the connection relation.
4. The method of claim 1, wherein said reverse deriving the second set of identification information to generate a second sub-event topology comprises:
taking the same network identification information in the second identification information group as a node, and determining the quantity of the same network identification information in the node;
arranging the nodes according to the number from at least more to at least more order to generate a node list;
sequentially selecting two nodes in the node list to carry out reverse deduction so as to determine a position relation;
and taking the first node in the node list as a main reference node, and determining the second sub-event topological relation according to the main reference node, the network identification information and the position relation.
5. The method of claim 4, further comprising, prior to said sequentially selecting two of said nodes in said list of nodes for reverse derivation to determine positional relationship:
and carrying out format conversion on the network identification information corresponding to each node to generate conversion identification information, wherein the conversion identification information comprises a network number.
6. The method of claim 5, wherein said sequentially selecting two of said nodes in said list of nodes for reverse derivation to determine positional relationship comprises:
determining the conversion identification information corresponding to the node;
determining the same number of the network numbers in the two conversion identification information;
and determining the position relation of the two nodes according to the quantity.
7. An event topology determination apparatus, comprising:
the alarm event list acquisition module is used for acquiring an alarm event list of the monitoring system, wherein the alarm event list comprises network identification information;
the identification information group generation module is used for matching the alarm event list with a preset topological relation table to generate a first identification information group, and taking all the network identification information in the alarm event list as a second identification information group;
the first sub-event topological relation generation module is used for generating a first sub-event topological relation according to the first identification information group and the topological relation table;
the second sub-event topological relation generation module is used for carrying out reverse deduction on the second identification information group to generate a second sub-event topological relation;
the event topological relation generation module is used for updating the second sub-event topological relation according to the first sub-event topological relation so as to generate an event topological relation corresponding to the alarm event list;
the identification information group generation module specifically comprises: a first identification information group generating unit, configured to determine target network identification information located in a topology relationship table in the alarm event list; the target network identification information is divided into a first identification information group.
8. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6.
9. A computer storage medium storing computer instructions for causing a processor to perform the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211429614.2A CN115801589B (en) | 2022-11-15 | 2022-11-15 | Event topological relation determination method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211429614.2A CN115801589B (en) | 2022-11-15 | 2022-11-15 | Event topological relation determination method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115801589A CN115801589A (en) | 2023-03-14 |
| CN115801589B true CN115801589B (en) | 2023-07-18 |
Family
ID=85437879
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211429614.2A Active CN115801589B (en) | 2022-11-15 | 2022-11-15 | Event topological relation determination method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801589B (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101668025B (en) * | 2008-09-04 | 2013-02-13 | 北京启明星辰信息技术股份有限公司 | Method and device for discovering link layer network topology |
| US10382283B2 (en) * | 2014-07-08 | 2019-08-13 | Telefonaktiebolaget Lm Ericsson (Publ) | Network topology estimation based on event correlation |
| CN110932889B (en) * | 2019-11-18 | 2022-03-15 | 中盈优创资讯科技有限公司 | Method and device for constructing and maintaining network logic topology |
| CN112583644B (en) * | 2020-12-14 | 2022-10-18 | 华为技术有限公司 | Alarm processing method, device, equipment and readable storage medium |
| CN113792008A (en) * | 2021-08-31 | 2021-12-14 | 北京百度网讯科技有限公司 | Method and device for acquiring network topology structure, electronic equipment and storage medium |
| CN114020581A (en) * | 2021-11-23 | 2022-02-08 | 浪潮通信信息系统有限公司 | Alarm correlation method based on topological optimization FP-Growth algorithm |
-
2022
- 2022-11-15 CN CN202211429614.2A patent/CN115801589B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115801589A (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2016165378A1 (en) | Energy storage power station mass data cleaning method and system | |
| CN115396289B (en) | Fault alarm determining method and device, electronic equipment and storage medium | |
| CN116225769B (en) | Method, device, equipment and medium for determining root cause of system fault | |
| CN115801589B (en) | Event topological relation determination method, device, equipment and storage medium | |
| CN117034149A (en) | Fault processing strategy determining method and device, electronic equipment and storage medium | |
| CN115048352B (en) | Log field extraction method, device, equipment and storage medium | |
| CN116975081A (en) | Log diagnosis set updating method, device, equipment and storage medium | |
| CN115687406A (en) | Sampling method, device and equipment of call chain data and storage medium | |
| CN115665783A (en) | Abnormal index tracing method and device, electronic equipment and storage medium | |
| CN115599687A (en) | Method, device, equipment and medium for determining software test scene | |
| CN115344627A (en) | Data screening method and device, electronic equipment and storage medium | |
| CN114884813A (en) | Network architecture determination method and device, electronic equipment and storage medium | |
| CN114881112A (en) | System anomaly detection method, device, equipment and medium | |
| CN116149933B (en) | Abnormal log data determining method, device, equipment and storage medium | |
| CN115495380A (en) | Test case generation method and device, electronic equipment and storage medium | |
| CN116991684B (en) | Alarm information processing method, device, equipment and medium | |
| CN114706578A (en) | Data processing method, device, equipment and medium | |
| CN115774648A (en) | Abnormity positioning method, device, equipment and storage medium | |
| CN116089499A (en) | Data statistics method, device and medium based on kafka data volume | |
| CN116627695A (en) | Alarm event root cause recommendation method, device, equipment and storage medium | |
| CN117668600A (en) | Method, device and equipment for processing abnormal operation data of Internet of vehicles and storage medium | |
| CN115525774A (en) | Map generation method and device, electronic equipment and storage medium | |
| CN115208871A (en) | Hydrogen production equipment monitoring system and method and storage medium | |
| CN117971815A (en) | Method, device, equipment and medium for collecting and sorting transformer monitoring data | |
| CN115546725A (en) | Scene recognition early warning method, system, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |