CN116302652A - System alarm information processing method and device and electronic equipment - Google Patents

System alarm information processing method and device and electronic equipment Download PDF

Info

Publication number
CN116302652A
CN116302652A CN202310274595.9A CN202310274595A CN116302652A CN 116302652 A CN116302652 A CN 116302652A CN 202310274595 A CN202310274595 A CN 202310274595A CN 116302652 A CN116302652 A CN 116302652A
Authority
CN
China
Prior art keywords
target
alarm information
data
determining
keywords
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310274595.9A
Other languages
Chinese (zh)
Inventor
樊云丽
王保亮
杨桢恺
吴盛凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310274595.9A priority Critical patent/CN116302652A/en
Publication of CN116302652A publication Critical patent/CN116302652A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3476Data logging
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3495Performance evaluation by tracing or monitoring for systems
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses a processing method and device of system alarm information and electronic equipment. Wherein the method comprises the following steps: acquiring alarm information corresponding to a target system, and extracting a plurality of keywords in the alarm information, wherein the alarm information is used for describing system abnormal events occurring in the operation process of the target system; determining an abnormal event type corresponding to the system abnormal event according to the keywords, wherein the abnormal event type is used for representing the reason for the occurrence of the system abnormal event; and determining a target strategy according to the type of the abnormal event, and processing the alarm information according to the target strategy. The method and the device solve the technical problem of low processing efficiency of the system abnormal event in the prior art.

Description

System alarm information processing method and device and electronic equipment
Technical Field
The application relates to the field of financial science and technology and other related technical fields, in particular to a processing method and device of system alarm information and electronic equipment.
Background
In the prior art, the processing process of the system alarm information is greatly dependent on manual processing of system operation and maintenance personnel, for example, after the system generates the alarm information, the system sends the alarm information to a corresponding support manager, the support manager needs to manually locate the field of the problem according to the alarm information, then check the problem through data analysis, and then delete the alarm information after manual emergency operation.
In the prior art, the mode of processing the system alarm information belongs to a manual processing mode to a great extent, so that the processing efficiency of the system alarm information is lower.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a processing method, a processing device and electronic equipment for system alarm information, which are used for at least solving the technical problem of low processing efficiency of system abnormal events in the prior art.
According to one aspect of the embodiment of the application, there is provided a method for processing system alarm information, including: acquiring alarm information corresponding to a target system, and extracting a plurality of keywords in the alarm information, wherein the alarm information is used for describing system abnormal events occurring in the operation process of the target system; determining an abnormal event type corresponding to the system abnormal event according to the keywords, wherein the abnormal event type is used for representing the reason for the occurrence of the system abnormal event; and determining a target strategy according to the type of the abnormal event, and processing the alarm information according to the target strategy.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether the plurality of keywords comprise first keywords or not, wherein the first keywords are used for describing index thresholds corresponding to the target system, and the index thresholds are used for representing the maximum value or the minimum value of index data generated in the running process of the target system; under the condition that the plurality of keywords comprise first keywords, determining the type of the abnormal event corresponding to the system abnormal event as a first event type, wherein the reason for the occurrence of the system abnormal event due to the first event type representation is that index data of a target system at the alarm time is not matched with an index threshold value, and the alarm time is the time when the alarm information is generated.
Further, the processing method of the system alarm information further comprises the following steps: under the condition that the abnormal event type is the first event type, determining a first strategy as a target strategy, wherein the first strategy is used for determining the running state of a target system according to a system portrait, processing alarm information according to the running state of the target system, and the system portrait is used for representing all index data generated by the target system in the running process; extracting index data of a target system at a first moment and index data of a second moment from the system portrait according to a first strategy, wherein the first moment is before the alarm moment, and the second moment is after the alarm moment; and processing the alarm information according to the index data at the first moment and the index data at the second moment.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether the index data at the first moment and the index data at the second moment are matched with an index threshold value or not; under the condition that any one of the index data at the first moment and the index data at the second moment is not matched with the index threshold, determining the running state of the target system to be an abnormal state, restarting the target system, and deleting alarm information after the target system is restarted successfully; and under the condition that the index data at the first moment and the index data at the second moment are all matched with the index threshold, determining that the running state of the target system is a normal state, and deleting the alarm information.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether the plurality of keywords comprise second keywords or not, wherein the second keywords are used for describing server identifiers of target servers corresponding to the target system; and under the condition that the plurality of keywords comprise second keywords, determining the abnormal event type corresponding to the system abnormal event as a second event type, wherein the reason for the occurrence of the system abnormal event due to the second event type representation is that the target server is abnormal.
Further, the processing method of the system alarm information further comprises the following steps: determining a second strategy as a target strategy under the condition that the abnormal event type is a second event type, wherein the second strategy is used for remotely restarting the server; and performing remote restarting on the target server according to the second strategy, and deleting the alarm information after the remote restarting is successful.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether a plurality of keywords comprise a third keyword or not, wherein the third keyword is used for describing the data processing speed of a target database corresponding to a target system at the alarm moment; under the condition that the plurality of keywords comprise third keywords, determining the abnormal event type corresponding to the system abnormal event as a third event type, wherein the reason why the third event type characterizes the occurrence of the system abnormal event is that the data processing speed of the target database at the alarm moment is smaller than a preset threshold value.
Further, the processing method of the system alarm information further comprises the following steps: under the condition that the abnormal event type is a third event type, determining a third strategy as a target strategy, wherein the third strategy is used for processing alarm information according to the alarm time and the data processing speed; and processing the alarm information according to a third strategy.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether the alarm time is within a target time period or not according to a third strategy, wherein the target time period is a time period when the target database executes data batch operation, and the data batch operation is used for carrying out data structure conversion on data in the target database according to a preset rule, and occupies part of computing resources of the target database; when the alarm time is within the target time period, determining that the data processing speed of the target database at the alarm time is in a normal state, and deleting alarm information; when the alarm time is not in the target time period, determining that the data processing speed of the target database at the alarm time is in an abnormal state, restarting the target database, and deleting alarm information after the target database is restarted successfully.
Further, the processing method of the system alarm information further comprises the following steps: detecting whether a fourth keyword is included in the plurality of keywords, wherein the fourth keyword is used for describing the receiving time of target data, and the target data is data required by a target database when the target database executes data batch operation; and under the condition that the plurality of keywords comprise fourth keywords, determining the abnormal event type of the system abnormal event as a fourth event type, wherein the fourth event type characterizes that the reason for the occurrence of the system abnormal event is that the receiving time is later than the preset receiving time.
Further, the processing method of the system alarm information further comprises the following steps: under the condition that the abnormal event type is a fourth event type, determining a fourth strategy as a target strategy, wherein the fourth strategy is used for processing alarm information according to the receiving time and the preset receiving time; calculating the interval duration between the receiving time and the preset receiving time according to the fourth strategy, and detecting whether the interval duration is smaller than the preset duration; under the condition that the interval duration is less than or equal to the preset duration, determining that the receiving time of the target data is in a normal state, and deleting alarm information; and under the condition that the interval time length is longer than the preset time length, determining that the receiving time of the target data is in an abnormal state, restarting the target database and the target system, and deleting the alarm information after the restarting is successful.
Further, the target data are transaction data and business data in the target system; the data batch operation is used for checking transaction data according to a preset checking rule to obtain a checking result of the first data structure, and summarizing business data according to a preset data perspective rule to obtain a summarizing result of the second data result.
According to another aspect of the embodiment of the present application, there is also provided a processing device for system alarm information, including: the acquisition module is used for acquiring alarm information corresponding to the target system and extracting a plurality of keywords in the alarm information, wherein the alarm information is used for describing system abnormal events occurring in the operation process of the target system; the determining module is used for determining an abnormal event type corresponding to the system abnormal event according to the plurality of keywords, wherein the abnormal event type is used for representing the reason for the occurrence of the system abnormal event; and the processing module is used for determining a target strategy according to the type of the abnormal event and processing the alarm information according to the target strategy.
According to another aspect of the embodiments of the present application, there is further provided a computer readable storage medium, in which a computer program is stored, where the computer readable storage medium is controlled to execute the above-mentioned processing method of system alarm information when the computer program runs.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including one or more processors and a memory, where the memory is configured to store one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the method for processing system alarm information described above.
In the method, an abnormal event type corresponding to a system abnormal event is determined according to a plurality of keywords in alarm information, a mode that a target strategy is determined according to the abnormal event type and used for processing the alarm information is adopted, the alarm information corresponding to a target system is firstly obtained, and a plurality of keywords in the alarm information are extracted, wherein the alarm information is used for describing the system abnormal event occurring in the running process of the target system. And determining the type of the abnormal event corresponding to the abnormal event of the system according to the keywords, determining a target strategy according to the type of the abnormal event, and processing the alarm information according to the target strategy. Wherein, the abnormal event type is used for representing the reason for the abnormal event of the system.
From the above, the method and the device can identify the keywords in the alarm information, determine the types of the abnormal events corresponding to the abnormal events of the system according to the keywords, further determine the target strategies corresponding to the abnormal events of the system according to the types of the abnormal events, and process the alarm information of the system according to the target strategies, so that the full-automatic processing of the alarm information of the system is realized, the processing efficiency of the alarm information of the system is improved, and in addition, the technical scheme of the method and the device cannot be influenced by manual experience, thereby avoiding the problem that the processing mode of the alarm information is incorrect due to the lack of experience of operation and maintenance personnel.
Therefore, the technical scheme of the application achieves the aim of automatically processing the alarm information, thereby realizing the technical effect of shortening the processing time of the alarm information and further solving the technical problem of low processing efficiency of the abnormal event of the system in the prior art.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 is a flow chart of an alternative system alarm information processing method according to an embodiment of the present application;
FIG. 2 is a flow chart of selecting a target policy when an exception type is a first event type, according to an embodiment of the present application;
FIG. 3 is a flow chart of processing alarm information according to a third strategy in accordance with one embodiment of the present application;
FIG. 4 is a flow chart of processing alarm information according to a fourth policy in accordance with one embodiment of the present application;
FIG. 5 is a flow chart of another alternative system alarm information processing method according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an alternative system alarm information processing device provided according to an embodiment of the present application;
Fig. 7 is a schematic diagram of an alternative electronic device according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, related information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for presentation, analyzed data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.
Example 1
According to an embodiment of the present application, there is provided a method embodiment of a method for processing system alarm information, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases, the steps illustrated or described may be performed in an order different from that herein.
FIG. 1 is a flowchart of an alternative system alarm information processing method according to an embodiment of the present application, as shown in FIG. 1, including the steps of:
Step S101, alarm information corresponding to a target system is obtained, and a plurality of keywords in the alarm information are extracted.
In step S101, the alarm information is used to describe a system anomaly event that occurs in the target system during operation.
Alternatively, an alarm information processing system may be used as an execution subject of a system alarm information processing method in the embodiments of the present application. Specifically, communication connection is established between the alarm information processing system and the target system, and after the target system detects a system abnormal event occurring in the operation process of the target system through self detection, the target system generates corresponding alarm information and sends the alarm information to the alarm information processing system.
It should be noted that the target system may be various types of software systems, for example, in the field of financial science and technology, the target system may be a software system for processing a transfer transaction, a software system for managing information of a depositor, or a software system for transacting loan business. The specific type of the target system is not particularly limited in the present application, and in addition, the target system may be a software system other than the field of financial and technological technology, which is not particularly limited in the present application.
It should be noted that, the system abnormal events that may occur in the operation process of the target system are of multiple types, and the alarm information corresponding to the system abnormal events of different types is also different, for example, if the system abnormal event is that an abnormality occurs in the database corresponding to the target system, the alarm information is alarm information a; the system abnormal event is that the server corresponding to the target system is abnormal, and the alarm information is alarm information B.
In addition, the alarm information processing system may extract a plurality of keywords in the alarm information after obtaining the alarm information, and in an alternative embodiment, the alarm information processing system may introduce NLP (natural language processing) technology to analyze the alarm information, so as to automatically identify the plurality of keywords in the alarm information.
Step S102, determining the type of the abnormal event corresponding to the system abnormal event according to the keywords.
In step S102, the type of abnormal event is used to characterize the cause of the occurrence of the system abnormal event.
Optionally, the alarm information processing system determines which type of abnormal event system abnormal event occurs to the target system according to the identified keywords. It is easy to understand that since the alarm information corresponding to the system abnormal event of different abnormal event types is different, keywords in different alarm information are also different.
For example, if the plurality of keywords identified by the alarm information processing system include keywords related to a server such as "server down", the alarm information processing system may determine that an abnormal event type corresponding to an abnormal event of the abnormal system is related to a server corresponding to the target system. If the plurality of keywords identified by the alarm information processing system comprise keywords of related databases such as low response speed of the database, the alarm information processing system can determine that the type of the abnormal event corresponding to the abnormal event of the abnormal system is related to the database corresponding to the target system.
Step S103, determining a target strategy according to the type of the abnormal event, and processing alarm information according to the target strategy.
After determining the type of the abnormal event, the alarm information processing system determines a target policy according to the type of the abnormal event and processes the alarm information according to the target policy in step S103. For example, if the abnormal event type characterizes that the system abnormal event corresponding to the alarm information is related to the server corresponding to the target system, the alarm information processing system may restart the server corresponding to the target system, and delete the alarm information after the server is restarted successfully.
Based on the content of steps S101 to S103, in the present application, a manner of determining an abnormal event type corresponding to a system abnormal event according to a plurality of keywords in the alarm information and determining a target policy according to the abnormal event type to process the alarm information is adopted, first, the alarm information corresponding to the target system is obtained, and a plurality of keywords in the alarm information are extracted, where the alarm information is used for describing the system abnormal event occurring in the operation process of the target system. And determining the type of the abnormal event corresponding to the abnormal event of the system according to the keywords, determining a target strategy according to the type of the abnormal event, and processing the alarm information according to the target strategy. Wherein, the abnormal event type is used for representing the reason for the abnormal event of the system.
From the above, the method and the device can identify the keywords in the alarm information, determine the types of the abnormal events corresponding to the abnormal events of the system according to the keywords, further determine the target strategies corresponding to the abnormal events of the system according to the types of the abnormal events, and process the alarm information of the system according to the target strategies, so that the full-automatic processing of the alarm information of the system is realized, the processing efficiency of the alarm information of the system is improved, and in addition, the technical scheme of the method and the device cannot be influenced by manual experience, thereby avoiding the problem that the processing mode of the alarm information is incorrect due to the lack of experience of operation and maintenance personnel.
Therefore, the technical scheme of the application achieves the aim of automatically processing the alarm information, thereby realizing the technical effect of shortening the processing time of the alarm information and further solving the technical problem of low processing efficiency of the abnormal event of the system in the prior art.
In an alternative embodiment, determining, according to a plurality of keywords, the types of abnormal events corresponding to the abnormal events of the system in the present application may be divided into at least four scenarios.
Specifically, in a first scenario, the alarm information processing system first detects whether a plurality of keywords include a first keyword, where the first keyword is used to describe an index threshold corresponding to the target system, and the index threshold is used to represent a maximum value or a minimum value of index data generated in an operation process of the target system.
Further, under the condition that the plurality of keywords comprise first keywords, the alarm information processing system determines that the abnormal event type corresponding to the system abnormal event is a first event type, wherein the first event type represents that the reason for the occurrence of the system abnormal event is that index data of the target system at the alarm time is not matched with an index threshold, and the alarm time is the time when the alarm information is generated.
Alternatively, the target system may correspond to a plurality of indicator thresholds, for example, where the target system is a software system for processing transaction data, the plurality of indicator thresholds corresponding to the target system include, but are not limited to, a response time period threshold of the target system, a transaction success rate threshold of the target system, and an interface call time period threshold of the target system. If the response time of the target system at the alarm time is greater than the response time threshold, the target system generates alarm information; if the transaction success rate of the target system at the alarm moment is lower than the transaction success rate threshold value, the target system also generates alarm information; if the interface calling time length of the target system at the alarm time is longer than the interface calling time length threshold value, the target system generates alarm information.
It should be noted that the first keywords include, but are not limited to, the keywords such as "transaction success rate threshold", "response time threshold", and "interface call time threshold", which are described above. It is easy to understand that if the first keywords are included in the keywords in the alarm information, the reason why the abnormal event of the system occurs is that the index data of the target system at the alarm time is not matched with the index threshold value.
In addition, it should be noted that at least the alarm time is also included in the plurality of keywords.
In an alternative embodiment, FIG. 2 illustrates a flow chart of selecting a target policy when the type of exception event is a first event type. The method specifically comprises the following steps:
in step S201, in the case that the abnormal event type is the first event type, the first policy is determined as the target policy.
In step S201, the first policy is used to determine an operation state of the target system according to the system portrait, and process the alarm information according to the operation state of the target system, where the system portrait is used to characterize all index data generated in the operation process of the target system.
Step S202, extracting index data of a target system at a first moment and index data of a target system at a second moment from the system portrait according to a first strategy.
In step S202, the first time is before the alarm time, and the second time is after the alarm time.
Step S203, the alarm information is processed according to the index data of the first moment and the index data of the second moment.
Optionally, taking the response time length of the target system as the index data as an example, assuming that the alarm time is the time T1, since the response time length of the target system is greater than the response time length threshold at the time T1, an alarm message is generated. The alarm information is determined by identifying a first keyword, the reason that the alarm information appears is that the response time length of the target system at the alarm time is larger than a response time length threshold value, on the basis, the alarm information processing system firstly extracts the response time length of the target system at the time T2 (corresponding to the first time) and the response time length of the target system at the time T3 (corresponding to the second time) from the system portrait according to a first strategy, wherein the time T2 is earlier than the time T1, the time T3 is later than the time T1, and the response time length of the target system at each time is recorded in the system portrait.
Further, the alarm information processing system can also detect whether the index data at the first moment and the index data at the second moment are matched with the index threshold value. Under the condition that any one of the index data at the first moment and the index data at the second moment is not matched with an index threshold value, the alarm information processing system determines the running state of the target system to be an abnormal state, restarts the target system, and deletes alarm information after the restart of the target system is successful; and under the condition that the index data at the first moment and the index data at the second moment are all matched with the index threshold, the alarm information processing system determines that the running state of the target system is a normal state, and deletes the alarm information.
Optionally, if the response time length of the target system at the time T2 is less than or equal to the response time length threshold, and the response time length of the target system at the time T3 is also less than or equal to the response time length threshold, it is indicated that the response time lengths of the target system at the time T2 and the time T3 are both matched with the response time length, so that the alarm information processing system determines that the running state of the target system is a normal state, and deletes the alarm information, that is, although the response time length of the target system at the time T1 is greater than the response time length threshold, the target system is not in a state with a timeout of the response time length for a long time, so that the target system can still be regarded as a normally running system, and the alarm information can be ignored.
On the other hand, if the response time length of the target system at the time T2 is greater than the response time length threshold, or the response time length of the target system at the time T3 is greater than the response time length threshold, the response time length of the target system is in a timeout state in a long time, so that the alarm information processing system can judge that the target system is in an abnormal state currently, restart the target system, and delete the alarm information after the target system is restarted successfully. It should be noted that after deleting the alarm information, the alarm information processing system still continues to receive the alarm information sent by the target system, and if the response time of the target system is still greater than the response time threshold, the target system generates new alarm information and sends the alarm information to the alarm information processing system for processing.
An example of processing alarm information in a first scenario is shown below:
alarm information: alarm time: 2022-12-26 22:56; target system: a transaction system A; index ID: PLF0016925, index name: success rate of transaction; index threshold: 98.0%, index data: 97.97%. The reason for generating error reporting information is as follows: the transaction success rate exceeds a transaction success rate threshold.
First keyword: transaction success rate, transaction success rate threshold, index threshold: 98.0%, index data: 97.97%.
First strategy: invoking a system portrait to observe whether abnormality of transaction success rate occurs in a time period before and after the alarm moment, and restarting the transaction system A if the abnormality occurs; if not, the alarm information is deleted directly.
Optionally, in the second scenario, the alarm information processing system first detects whether a plurality of keywords include a second keyword, where the second keyword is used to describe a server identifier of a target server corresponding to the target system. Under the condition that the plurality of keywords comprise second keywords, the alarm information processing system determines the type of the abnormal event corresponding to the system abnormal event as a second event type, wherein the reason for the occurrence of the system abnormal event is that the target server is abnormal due to the second event type representation.
Specifically, the second keywords include, but are not limited to, keywords related to the server such as "container number", "server node", "server address", and the like. It is easy to understand that, in the case where the plurality of keywords include these second keywords, it is possible to determine that the cause of occurrence of the system abnormality event is that there is an abnormality in the target server corresponding to the target system.
Further, in the case that the abnormal event type is the second event type, the alarm information processing system determines the second policy as a target policy, wherein the second policy is used for restarting the server remotely. And finally, the alarm information processing system carries out remote restarting on the target server according to the second strategy, and deletes the alarm information after the remote restarting is successful.
Optionally, when the plurality of keywords include the second keyword, the alarm information processing system determines that the cause of the occurrence of the system abnormal event is that an abnormality exists in a target server corresponding to the target system, so that the alarm information processing system restarts the target server and deletes the alarm information after the target server is restarted successfully.
It should be noted that, after deleting the alarm information, the alarm information processing system may further continue to receive the alarm information sent by the target system.
An example of processing alarm information in a second scenario is shown below:
alarm information: alarm time: 2022-12-20 10:02, server IP:76.122.110.66, event description: target system: transaction system B, container/instance number: dd20 a7fa, availability generating event, application/module/sub-module name: card organization payment-ACS browser authentication node-JD-ACS browser authentication application service-JD, logical partition: NOVA failure: the availability fault report application is that the F-BOOM IP address is 76.122.110.66, and the error generation cause node is not started or the key process does not exist.
Second keyword: container/instance number, browser authentication node, availability failure, server IP:76.122.110.66, alarm time: 2022-12-20 10:02.
second strategy: and jumping to a server management system, restarting a target server with the server IP of 76.122.110.66 according to the server management system, and deleting alarm information after the restarting is completed.
Optionally, in a third scenario, the alarm information processing system first detects whether a plurality of keywords include a third keyword, where the third keyword is used to describe a data processing speed of a target database corresponding to the target system at an alarm time. Under the condition that the plurality of keywords comprise third keywords, the alarm information processing system determines that the abnormal event type corresponding to the system abnormal event is a third event type, wherein the reason for the occurrence of the system abnormal event is represented by the third event type, and the data processing speed of the target database at the alarm moment is smaller than a preset threshold value.
Specifically, the third keywords include, but are not limited to, database-related keywords such as "database address", "database processing efficiency", "database name", and the like.
It is easy to understand that, in the case where the above-described third keyword is included in the plurality of keywords, it is possible to determine that the cause of the occurrence of the system abnormality event is that the target database corresponding to the target system is in an abnormality.
Further, under the condition that the abnormal event type is a third event type, the alarm information processing system determines a third strategy as a target strategy, wherein the third strategy is used for processing alarm information according to the alarm time and the data processing speed. And finally, the alarm information processing system processes the alarm information according to a third strategy.
Specifically, fig. 3 shows a flowchart of processing alarm information according to a third policy in an embodiment of the present application. As shown in fig. 3, the method comprises the following steps:
step S301, detecting whether the alarm time is within the target time period according to the third policy.
In step S301, the target time period is a time period during which the target database performs data batch operation, where the data batch operation is used to perform data structure conversion on data in the target database according to a preset rule, and the data batch operation occupies a part of computing resources of the target database.
And step S302, when the alarm time is within the target time period, determining that the data processing speed of the target database at the alarm time is in a normal state, and deleting the alarm information.
Step S303, when the alarm time is not within the target time period, determining that the data processing speed of the target database at the alarm time is in an abnormal state, restarting the target database, and deleting the alarm information after the target database is restarted successfully.
Optionally, in the field of financial technology, some software systems need to perform data structure conversion on data in a database according to preset rules within a specific period of time, and these operations must not occupy part of the computing resources of the database. For example, assuming that the target system is a transaction system, the transaction system needs to perform a reconciliation operation on the transaction data in the database according to the reconciliation rules for a specific period of time, so that the data processing speed of the database is slower than usual during the period of time.
From the above, if the alarm time is within the target time period, the data processing speed of the target database at the alarm time is smaller than the preset threshold value and is in a normal state, so that the alarm information processing system can delete the alarm information directly. However, if the alarm time is not within the target time period, the phenomenon that the data processing speed of the target database at the alarm time is smaller than the preset threshold is not normal, and therefore the alarm information processing system restarts the target database and deletes the alarm information after determining that the restart of the target database is successful.
It should be noted that, after deleting the alarm information, the alarm information processing system may further continue to receive the alarm information sent by the target system.
An example of processing alarm information in a second scenario is shown below:
alarm information: alarm time: 2022-12-27 01:00. description of the event: the data processing speed of the database SQL100011 is lower than a preset threshold.
Third keyword: database SQL100011, data processing speed lower than preset threshold value, alarm time: 2022-12-27 01:00.
third strategy: the time period corresponding to the observation alarm time is 1 o' clock in the early morning, and the time period is the target time period when the database is executing data batch operation, so that the data processing speed of the database is lower than the preset threshold value and belongs to a normal phenomenon, and alarm information can be directly deleted.
Optionally, in a fourth scenario, the alarm information processing system detects whether a plurality of keywords include a fourth keyword, where the fourth keyword is used to describe a receiving time of target data, and the target data is data required when the target database performs a data batch operation. And under the condition that the plurality of keywords comprise fourth keywords, the alarm information processing system determines that the abnormal event type of the system abnormal event is a fourth event type, wherein the fourth event type characterizes that the reason for the occurrence of the system abnormal event is that the receiving time is later than the preset receiving time.
Specifically, the fourth keywords include, but are not limited to, keywords such as "reception time of transaction data", "reception time of service data", "preset reception time", and the like.
It is easy to understand that when the fourth keyword appears in the alarm information, it is determined that the cause of the occurrence of the system abnormality is that the reception time of the related data is later than the preset reception time.
It should be noted that the target data may be transaction data and business data in the target system; the data batch operation is used for checking transaction data according to a preset checking rule to obtain a checking result of the first data structure, and summarizing business data according to a preset data perspective rule to obtain a summarizing result of the second data result.
Further, fig. 4 shows a flowchart of processing alarm information according to a fourth policy in an embodiment of the present application. As shown in fig. 4, the method comprises the following steps:
in step S401, in the case that the abnormal event type is the fourth event type, the fourth policy is determined to be the target policy.
In step S401, the fourth policy is used to process the alarm information according to the receiving time and the preset receiving time.
Step S402, calculating the interval duration between the receiving time and the preset receiving time according to the fourth strategy, and detecting whether the interval duration is smaller than the preset duration.
Step S403, under the condition that the interval duration is less than or equal to the preset duration, determining that the receiving time of the target data is in a normal state, and deleting the alarm information.
Step S404, under the condition that the interval time is longer than the preset time, determining that the receiving time of the target data is in an abnormal state, restarting the target database and the target system, and deleting the alarm information after the restarting is successful.
Optionally, the target system needs to acquire target data required by the data batch operation before the data batch operation is performed, where in general, the target data is sent to the target system by other systems, for example, when the target system is a transaction system, various consumption terminals are required to transmit transaction detail data to the target system, and the target data can perform reconciliation operation on the transaction detail data after storing the transaction detail data in the target database. On the basis, if the interval duration between the receiving time of the target data and the preset receiving time is smaller than or equal to the preset duration, the receiving time of the target data is not beyond the specified receiving time range, and therefore the alarm information processing system can delete the alarm information directly. However, if the interval time between the receiving time of the target data and the preset receiving time is longer than the preset time, it is indicated that the receiving time of the target data has exceeded the specified receiving time range, and there may be an abnormality in the data transmission channel between the target system and other systems, or there may be an abnormality in the data transmission between the target system and the target database, so the alarm information processing system may restart the target system and the target database, and delete the alarm information after the restart is successful.
An example of processing alarm information in a fourth scenario is shown below:
alarm information: alarm time: 2022-11-22 09:13. description of the event: target system: and the transaction system H performs account checking operation, batched data and the receiving time of the transaction data is time K, and exceeds the preset receiving time.
Fourth keyword: and checking, wherein the receiving time of the transaction data is time K and exceeds the preset receiving time.
Fourth strategy: calculating the interval duration between the receiving time K and the preset receiving time, and deleting the alarm information under the condition that the interval duration is smaller than or equal to the preset duration; and restarting the transaction system H and the databases corresponding to the transaction system H under the condition that the interval time is longer than the preset time, and deleting the alarm information after the restarting is successful.
In an alternative embodiment, fig. 5 shows a flowchart of another alternative processing method of system alarm information according to an embodiment of the present application, as shown in fig. 5, an alarm information processing system firstly obtains alarm information from a target system, then uses NLP technology to perform semantic analysis on the alarm information, automatically identifies keywords or key sentences in the alarm information, and then uses a pattern matching algorithm to determine a policy corresponding to the keywords of the alarm information from a knowledge base, and performs a corresponding operation on the target system according to the policy, and deletes the alarm information after the operation is completed. In addition, if the strategy corresponding to the keyword of the alarm information is not matched, the alarm information processing system can generate an event list from the alarm information and transmit the event list to manual processing, and after the manual processing is finished, the alarm information and the processing strategy are updated to a knowledge base, and then similar alarm information is encountered, so that automatic emergency can be directly realized.
From the above, the method and the device can identify the keywords in the alarm information, determine the types of the abnormal events corresponding to the abnormal events of the system according to the keywords, further determine the target strategies corresponding to the abnormal events of the system according to the types of the abnormal events, and process the alarm information of the system according to the target strategies, so that the full-automatic processing of the alarm information of the system is realized, the processing efficiency of the alarm information of the system is improved, and in addition, the technical scheme of the method and the device cannot be influenced by manual experience, thereby avoiding the problem that the processing mode of the alarm information is incorrect due to the lack of experience of operation and maintenance personnel.
Example 2
The present embodiment provides an optional processing apparatus for system alarm information, where each implementation unit/module in the processing apparatus for system alarm information corresponds to each implementation step in embodiment 1.
Fig. 6 is a schematic diagram of an alternative system alarm information processing device according to an embodiment of the present application, as shown in fig. 6, including: an acquisition module 601, a determination module 602 and a processing module 603.
Specifically, the acquiring module 601 is configured to acquire alarm information corresponding to a target system, and extract a plurality of keywords in the alarm information, where the alarm information is used to describe a system abnormal event that occurs in an operation process of the target system; a determining module 602, configured to determine an abnormal event type corresponding to a system abnormal event according to a plurality of keywords, where the abnormal event type is used to characterize a cause of occurrence of the system abnormal event; the processing module 603 is configured to determine a target policy according to the type of the abnormal event, and process the alarm information according to the target policy.
Optionally, the determining module includes: a first detection unit and a first determination unit. The first detection unit is used for detecting whether the plurality of keywords comprise first keywords or not, wherein the first keywords are used for describing index thresholds corresponding to the target system, and the index thresholds are used for representing the maximum value or the minimum value of index data generated in the operation process of the target system; the first determining unit is configured to determine, when the plurality of keywords include a first keyword, that an abnormal event type corresponding to a system abnormal event is a first event type, where a cause of occurrence of the system abnormal event is represented by the first event type, where the cause of occurrence of the system abnormal event is that index data of a target system at an alarm time is not matched with an index threshold, and the alarm time is a time when alarm information is generated.
Optionally, the processing module further includes: the device comprises a second determining unit, an extracting unit and a first processing unit. The second determining unit is used for determining the first strategy as a target strategy under the condition that the abnormal event type is the first event type, wherein the first strategy is used for determining the running state of the target system according to the system portrait, processing the alarm information according to the running state of the target system, and the system portrait is used for representing all index data generated by the target system in the running process; the extraction unit is used for extracting index data of the target system at a first moment and index data of the target system at a second moment from the system portrait according to a first strategy, wherein the first moment is before the alarm moment, and the second moment is after the alarm moment; the first processing unit is used for processing the alarm information according to the index data at the first moment and the index data at the second moment.
Optionally, the first processing unit further includes: the first detection subunit, the first determination subunit and the second determination subunit. The first detection subunit is used for detecting whether the index data at the first moment and the index data at the second moment are matched with the index threshold value or not; the first determining subunit is used for determining that the running state of the target system is an abnormal state and restarting the target system under the condition that any one of the index data at the first moment and the index data at the second moment is not matched with the index threshold value, and deleting alarm information after the target system is restarted successfully; and the second determining subunit is used for determining the running state of the target system to be a normal state and deleting the alarm information under the condition that the index data at the first moment and the index data at the second moment are all matched with the index threshold value.
Optionally, the determining module further includes: a second detection unit and a third determination unit. The second detection unit is used for detecting whether the plurality of keywords comprise second keywords or not, wherein the second keywords are used for describing server identifiers of target servers corresponding to the target system; and the third determining unit is used for determining that the abnormal event type corresponding to the system abnormal event is a second event type under the condition that the plurality of keywords comprise second keywords, wherein the reason for the occurrence of the system abnormal event is that the target server is abnormal due to the second event type representation.
Optionally, the processing module further includes: and a fourth determination unit and a restart unit. The fourth determining unit is configured to determine, when the abnormal event type is a second event type, that the second policy is a target policy, where the second policy is used to remotely restart the server; and the restarting unit is used for remotely restarting the target server according to the second strategy and deleting the alarm information after the remote restarting is successful.
Optionally, the determining module further includes: a third detection unit and a fifth determination unit. The third detection unit is used for detecting whether a plurality of keywords comprise third keywords or not, wherein the third keywords are used for describing the data processing speed of a target database corresponding to the target system at the alarm moment; and a fifth determining unit, configured to determine, when the plurality of keywords include a third keyword, that an abnormal event type corresponding to the system abnormal event is a third event type, where the third event type characterizes that a cause of occurrence of the system abnormal event is that a data processing speed of the target database at an alarm time is less than a preset threshold.
Optionally, the processing module further includes: a sixth determination unit and a second processing unit. The sixth determining unit is configured to determine, when the abnormal event type is a third event type, that a third policy is a target policy, where the third policy is used to process alarm information according to an alarm time and a data processing speed; and the second processing unit is used for processing the alarm information according to a third strategy.
Optionally, the second processing unit further includes: a second detection subunit, a third determination subunit, and a fourth determination subunit. The second detection subunit is configured to detect whether the alarm time is within a target time period according to a third policy, where the target time period is a time period when the target database executes data batch operation, and the data batch operation is configured to perform data structure conversion on data in the target database according to a preset rule, and the data batch operation occupies part of computing resources of the target database; the third determining subunit is used for determining that the data processing speed of the target database at the alarm time is in a normal state when the alarm time is in the target time period, and deleting the alarm information; and the fourth determining subunit is used for determining that the data processing speed of the target database at the alarm time is in an abnormal state when the alarm time is not in the target time period, restarting the target database, and deleting the alarm information after the target database is restarted successfully.
Optionally, the determining module further includes: a fourth detection unit and a seventh determination unit. The fourth detection unit is used for detecting whether a fourth keyword is included in the plurality of keywords, wherein the fourth keyword is used for describing the receiving time of target data, and the target data are data required by the target database when the target database executes data batch operation; and a seventh determining unit, configured to determine, when the plurality of keywords include a fourth keyword, that an abnormal event type of the system abnormal event is a fourth event type, where the fourth event type characterizes that a cause of occurrence of the system abnormal event is that the receiving time is later than the preset receiving time.
Optionally, the processing module further includes: an eighth determination unit, a calculation unit, a ninth determination unit, and a tenth determination unit. The eighth determining unit is configured to determine, when the abnormal event type is a fourth event type, that the fourth policy is a target policy, where the fourth policy is used to process the alarm information according to the receiving time and a preset receiving time; the calculating unit is used for calculating the interval duration between the receiving time and the preset receiving time according to the fourth strategy and detecting whether the interval duration is smaller than the preset duration; a ninth determining unit, configured to determine that the receiving time of the target data is in a normal state and delete the alarm information when the interval duration is less than or equal to the preset duration; and a tenth determining unit, configured to determine that the receiving time of the target data is in an abnormal state when the interval time is longer than the preset time, restart the target database and the target system, and delete the alarm information after the restart is successful.
Optionally, the target data is transaction data and business data in the target system; the data batch operation is used for checking transaction data according to a preset checking rule to obtain a checking result of the first data structure, and summarizing business data according to a preset data perspective rule to obtain a summarizing result of the second data result.
Example 3
According to another aspect of the embodiments of the present application, there is also provided a computer-readable storage medium having a computer program stored therein, wherein the computer program is configured to execute the processing method of the system alarm information in embodiment 1 at runtime.
Example 4
According to another aspect of the embodiments of the present application, an electronic device is also provided. As shown in fig. 7, the electronic device includes one or more processors and memory; the memory is used for storing one or more programs, which when executed by the one or more processors, cause the one or more processors to implement a method for running the programs, wherein the programs are configured to execute the system alarm information processing method in embodiment 1.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application and are intended to be comprehended within the scope of the present application.

Claims (15)

1. A method for processing system alarm information, comprising:
acquiring alarm information corresponding to a target system, and extracting a plurality of keywords in the alarm information, wherein the alarm information is used for describing system abnormal events occurring in the running process of the target system;
determining an abnormal event type corresponding to the system abnormal event according to the plurality of keywords, wherein the abnormal event type is used for representing the reason for the occurrence of the system abnormal event;
and determining a target strategy according to the abnormal event type, and processing the alarm information according to the target strategy.
2. The method of claim 1, wherein determining the type of anomaly event corresponding to the system anomaly event based on the plurality of keywords comprises:
detecting whether the plurality of keywords comprise first keywords or not, wherein the first keywords are used for describing index thresholds corresponding to the target system, and the index thresholds are used for representing the maximum value or the minimum value of index data generated in the running process of the target system;
And under the condition that the plurality of keywords comprise the first keyword, determining the abnormal event type corresponding to the system abnormal event as a first event type, wherein the first event type characterizes that the cause of the system abnormal event is that index data of the target system at the alarm moment is not matched with the index threshold value, and the alarm moment is the moment when the alarm information is generated.
3. The method of claim 2, wherein determining a target policy based on the type of abnormal event and processing the alarm information based on the target policy comprises:
determining a first strategy as the target strategy under the condition that the abnormal event type is the first event type, wherein the first strategy is used for determining the running state of the target system according to a system portrait, processing the alarm information according to the running state of the target system, and the system portrait is used for representing all index data generated in the running process of the target system;
extracting index data of the target system at a first moment and index data of a second moment from the system portrait according to the first strategy, wherein the first moment is before the alarm moment, and the second moment is after the alarm moment;
And processing the alarm information according to the index data of the first moment and the index data of the second moment.
4. A method according to claim 3, wherein processing the alarm information based on the first time index data and the second time index data comprises:
detecting whether the index data of the first moment and the index data of the second moment are matched with the index threshold value or not;
determining that the running state of the target system is an abnormal state under the condition that any one of the index data at the first moment and the index data at the second moment is not matched with the index threshold, restarting the target system, and deleting the alarm information after the target system is restarted successfully;
and under the condition that the index data at the first moment and the index data at the second moment are all matched with the index threshold, determining that the running state of the target system is a normal state, and deleting the alarm information.
5. The method of claim 1, wherein determining the type of anomaly event corresponding to the system anomaly event based on the plurality of keywords comprises:
Detecting whether the plurality of keywords comprise second keywords or not, wherein the second keywords are used for describing server identifiers of target servers corresponding to the target systems;
and under the condition that the plurality of keywords comprise the second keywords, determining the abnormal event type corresponding to the system abnormal event as a second event type, wherein the second event type characterizes that the cause of the system abnormal event is that the target server is abnormal.
6. The method of claim 5, wherein determining a target policy based on the type of anomaly event and processing the alarm information based on the target policy comprises:
determining a second policy as the target policy in the case that the abnormal event type is the second event type, wherein the second policy is used for remotely restarting the server;
and carrying out remote restarting on the target server according to the second strategy, and deleting the alarm information after the remote restarting is successful.
7. The method of claim 1, wherein determining the type of anomaly event corresponding to the system anomaly event based on the plurality of keywords comprises:
Detecting whether the plurality of keywords comprise a third keyword or not, wherein the third keyword is used for describing the data processing speed of a target database corresponding to the target system at the alarm moment;
and under the condition that the plurality of keywords comprise the third keyword, determining the abnormal event type corresponding to the system abnormal event as a third event type, wherein the third event type characterizes that the reason for the occurrence of the system abnormal event is that the data processing speed of the target database at the alarm moment is smaller than a preset threshold value.
8. The method of claim 7, wherein determining a target policy based on the type of anomaly event and processing the alarm information based on the target policy comprises:
determining a third strategy as the target strategy under the condition that the abnormal event type is the third event type, wherein the third strategy is used for processing the alarm information according to the alarm time and the data processing speed;
and processing the alarm information according to the third strategy.
9. The method of claim 8, wherein processing the alert information in accordance with the third policy comprises:
Detecting whether the alarm time is within a target time period or not according to the third strategy, wherein the target time period is a time period when the target database executes data batch operation, the data batch operation is used for carrying out data structure conversion on data in the target database according to a preset rule, and the data batch operation occupies part of computing resources of the target database;
when the alarm time is within the target time period, determining that the data processing speed of the target database at the alarm time is in a normal state, and deleting the alarm information;
and when the alarm time is not in the target time period, determining that the data processing speed of the target database at the alarm time is in an abnormal state, restarting the target database, and deleting the alarm information after the target database is restarted successfully.
10. The method of claim 9, wherein determining the type of anomaly event corresponding to the system anomaly event based on the plurality of keywords comprises:
detecting whether a fourth keyword is included in the plurality of keywords, wherein the fourth keyword is used for describing the receiving time of target data, and the target data is data required by the target database when the target database executes the data batch operation;
And under the condition that the plurality of keywords comprise the fourth keyword, determining the abnormal event type of the system abnormal event as a fourth event type, wherein the fourth event type characterizes that the reason for the occurrence of the system abnormal event is that the receiving time is later than a preset receiving time.
11. The method of claim 10, wherein determining a target policy based on the type of anomaly event and processing the alarm information based on the target policy comprises:
determining a fourth policy as the target policy under the condition that the abnormal event type is the fourth event type, wherein the fourth policy is used for processing the alarm information according to the receiving time and the preset receiving time;
calculating the interval duration between the receiving time and the preset receiving time according to the fourth strategy, and detecting whether the interval duration is smaller than the preset duration;
under the condition that the interval duration is smaller than or equal to the preset duration, determining that the receiving time of the target data is in a normal state, and deleting the alarm information;
and under the condition that the interval time length is longer than the preset time length, determining that the receiving time of the target data is in an abnormal state, restarting the target database and the target system, and deleting the alarm information after the restarting is successful.
12. The method of claim 10, wherein the target data is transaction data and business data in the target system; the data batch operation is used for checking the transaction data according to a preset checking rule to obtain a checking result of the first data structure, and summarizing the business data according to a preset data perspective rule to obtain a summarizing result of the second data result.
13. A processing apparatus for system alarm information, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring alarm information corresponding to a target system and extracting a plurality of keywords in the alarm information, wherein the alarm information is used for describing a system abnormal event occurring in the operation process of the target system;
the determining module is used for determining an abnormal event type corresponding to the system abnormal event according to the plurality of keywords, wherein the abnormal event type is used for representing the reason for the occurrence of the system abnormal event;
and the processing module is used for determining a target strategy according to the abnormal event type and processing the alarm information according to the target strategy.
14. A computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and wherein the computer program when executed controls a device in which the computer readable storage medium is located to perform the method for processing system alarm information according to any one of claims 1 to 12.
15. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of processing system alarm information of any of claims 1-12.
CN202310274595.9A 2023-03-17 2023-03-17 System alarm information processing method and device and electronic equipment Pending CN116302652A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310274595.9A CN116302652A (en) 2023-03-17 2023-03-17 System alarm information processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310274595.9A CN116302652A (en) 2023-03-17 2023-03-17 System alarm information processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN116302652A true CN116302652A (en) 2023-06-23

Family

ID=86835771

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310274595.9A Pending CN116302652A (en) 2023-03-17 2023-03-17 System alarm information processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116302652A (en)

Similar Documents

Publication Publication Date Title
US8516499B2 (en) Assistance in performing action responsive to detected event
CN112087334B (en) Alarm root cause analysis method, electronic device and storage medium
CN110581887B (en) Data processing method, device, block chain node and storage medium
US20240039821A1 (en) Mitigating failure in request handling
CN111177165A (en) Method, device and equipment for detecting data consistency
CN115686910A (en) Fault analysis method and device, electronic equipment and medium
CN114022151A (en) Block chain data visualization method and system, electronic device and storage medium
CN113238815B (en) Interface access control method, device, equipment and storage medium
CN108255703B (en) SQL script fault repairing method and terminal thereof
CN111367934B (en) Data consistency checking method, device, server and medium
CN109214189B (en) Method, device, storage medium and electronic equipment for identifying program bugs
CN114331446B (en) Method, device, equipment and medium for realizing out-of-chain service of block chain
CN116302652A (en) System alarm information processing method and device and electronic equipment
CN113868216B (en) Block chain monitoring method and device
CN116149932A (en) Method and device for detecting software system state and electronic equipment
CN113902415A (en) Financial data checking method and device, computer equipment and storage medium
CN113297149A (en) Method and device for monitoring data processing request
CN111835566A (en) System fault management method, device and system
CN106375354B (en) Data processing method and device
CN115883346B (en) Abnormality detection method and device based on FDEP log and storage medium
CN115174667B (en) Big data pushing method, system and electronic equipment
CN117632733A (en) Verification method and device for verifying accounting system and electronic equipment
CN113468024A (en) Visual on-duty emergency disposal interaction method and device
CN117061310A (en) Device image generation method, device, storage medium and electronic device
CN116366420A (en) Log monitoring method, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination