TW202301122A - Log analysis system and log analysis method - Google Patents

Log analysis system and log analysis method Download PDF

Info

Publication number
TW202301122A
TW202301122A TW110124684A TW110124684A TW202301122A TW 202301122 A TW202301122 A TW 202301122A TW 110124684 A TW110124684 A TW 110124684A TW 110124684 A TW110124684 A TW 110124684A TW 202301122 A TW202301122 A TW 202301122A
Authority
TW
Taiwan
Prior art keywords
log
data
parsing
module
multiple modules
Prior art date
Application number
TW110124684A
Other languages
Chinese (zh)
Other versions
TWI778698B (en
Inventor
李漢生
Original Assignee
大陸商深圳富桂精密工業有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商深圳富桂精密工業有限公司 filed Critical 大陸商深圳富桂精密工業有限公司
Application granted granted Critical
Publication of TWI778698B publication Critical patent/TWI778698B/en
Publication of TW202301122A publication Critical patent/TW202301122A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/321Display for diagnostics, e.g. diagnostic result display, self-test user interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present application provides a log analysis system and a log analysis method. The log analysis method includes: obtaining log data; parsing the log data and obtaining log data with failed parsing and log data with successful parsing; performing a data structuring processing on the log data with successful parsing to obtain structured data; correcting the log data with failed parsing and the structured data to obtain revised data; outputting the revised data to a terminal; monitoring a configuration file of the log analysis system according to predetermined time and updating the configuration file of the log analysis system according to monitored change of the configuration file; and realizing a configuration visualization of the log analysis process task by using a web page. This application can assist the log parsing, reduce the difficulty of the log parsing.

Description

日誌解析系統及日誌解析方法Log parsing system and log parsing method

本發明涉及日誌資料處理技術領域,尤其涉及一種日誌解析系統及日誌解析方法。The invention relates to the technical field of log data processing, in particular to a log analysis system and a log analysis method.

隨著5G技術的快速推行以及物聯網的迅猛發展,日誌資料技術領域需要在萬物互聯的技術背景下,將日誌資料用各種方式採集出來,進行大資料處理分析。在對日誌資料進行採集的過程中,由於採集的介質多種多樣且使用的協定也各不相同,導致採集出來的數位化資訊雜亂、無序,將這樣的資訊直接上傳雲端,會導致雲端資料處理的難度大幅提升。With the rapid implementation of 5G technology and the rapid development of the Internet of Things, the field of log data technology needs to collect log data in various ways under the technical background of the Internet of Everything for big data processing and analysis. In the process of collecting log data, due to the various collection media and the different protocols used, the collected digital information is messy and out of order. Uploading such information directly to the cloud will lead to cloud data processing. The difficulty has been greatly increased.

鑒於以上內容,有必要提供一種日誌解析系統及日誌解析方法,能夠降低系統的各個模組之間的耦合度,便於對系統進行拓展,降低日誌解析流程的難度。In view of the above, it is necessary to provide a log parsing system and a log parsing method, which can reduce the coupling degree between various modules of the system, facilitate the expansion of the system, and reduce the difficulty of the log parsing process.

所述日誌解析系統包括多個模組,所述多個模組包括:日誌接入模組,用於獲取來自不同通信協定的日誌資料;資料解析模組,用於對所獲取的日誌資料進行並行解析,獲得解析失敗的日誌資料和解析成功的日誌資料;所述資料解析模組,還用於對所述解析成功的日誌資料進行資料結構化處理,獲得結構化資料;資料處理模組,用於對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料;資料輸出模組,用於將所述修正後的資料輸出至終端。The log analysis system includes a plurality of modules, and the plurality of modules include: a log access module for obtaining log data from different communication protocols; a data analysis module for processing the obtained log data Parallel parsing to obtain the log data of failed parsing and the log data of successful parsing; the data parsing module is also used to perform data structural processing on the log data of successful parsing to obtain structured data; the data processing module, It is used to correct the log data that fails to be parsed and the structured data to obtain the corrected data; the data output module is used to output the corrected data to the terminal.

可選地,所述日誌解析系統包含外掛程式,所述外掛程式用於拓展所述多個模組;所述日誌解析系統還包括遠端控制模組,所述遠端控制模組用於按照預定的時間對所述日誌解析系統的設定文檔進行監聽,並於監聽到更新的設定文檔時,載入所述更新的設定文檔對所述多個模組進行更新配置;所述遠端控制模組還用於對所述多個模組進行控制;所述日誌解析系統還包括視覺化模組,所述視覺化模組利用萬維網頁面實現對所述日誌解析系統的配置視覺化。Optionally, the log parsing system includes a plug-in program, which is used to expand the multiple modules; the log parsing system also includes a remote control module, and the remote control module is used to follow the Monitor the setting file of the log analysis system at a predetermined time, and when an updated setting file is monitored, load the updated setting file to update the configuration of the multiple modules; the remote control module The group is also used to control the plurality of modules; the log parsing system further includes a visualization module, and the visualization module realizes configuration visualization of the log parsing system by using a web page.

可選地,所述日誌接入模組包含通用行讀取器;所述遠端控制模組控制所述日誌接入模組基於所述通用行讀取器獲取所述來自不同通信協定的日誌資料,將所述來自不同通信協定的日誌資料統一接入到所述日誌解析系統。Optionally, the log access module includes a universal line reader; the remote control module controls the log access module to obtain the logs from different communication protocols based on the universal line reader data, and uniformly access the log data from different communication protocols to the log analysis system.

可選地,所述資料解析模組包含通用行解譯器;所述遠端控制模組控制所述資料解析模組,基於所述通用行解譯器對所述來自不同通信協定的日誌資料進行並行解析,並基於所述通用行解譯器,對所述解析成功的日誌資料進行所述資料結構化處理。Optionally, the data parsing module includes a general line interpreter; the remote control module controls the data parsing module, based on the general line interpreter for the log data from different communication protocols Parallel analysis is performed, and based on the general line interpreter, the data structure processing is performed on the successfully parsed log data.

可選地,所述資料處理模組包含通用行解譯器;所述遠端控制模組控制所述資料處理模組,基於所述通用行解譯器對所述解析失敗的日誌來源資料和所述結構化資料進行修正,包括:刪除或替換所述解析失敗的日誌資料、為所述結構化資料添加標籤。Optionally, the data processing module includes a general line interpreter; the remote control module controls the data processing module, based on the general line interpreter for the log source data and The modification of the structured data includes: deleting or replacing the log data that fails to be parsed, and adding tags to the structured data.

可選地,所述終端包括本機存放區、透過通信協議連接的雲端和控制台。Optionally, the terminal includes a local storage area, a cloud and a console connected through a communication protocol.

可選地,所述遠端控制模組包含消息接收模組、資訊解析器和控制庫。Optionally, the remote control module includes a message receiving module, an information parser and a control library.

可選地,所述消息接收模組用於獲取對所述多個模組的控制資訊;所述資訊解析器用於對所述控制資訊進行解析,獲得解析結果,所述解析結果包括存取控制修飾符;所述控制庫用於根據所述存取控制修飾符對所述多個模組進行控制。Optionally, the message receiving module is used to obtain control information for the multiple modules; the information parser is used to analyze the control information to obtain a result of analysis, the result of which includes access control modifier; the control library is used to control the multiple modules according to the access control modifier.

可選地,所述視覺化模組透過萬維網頁面,對所述多個模組進行配置,生成所述多個模組的設定文檔,使得所述多個模組根據所述設定文檔對所述日誌資料進行處理;及在萬維網頁面中顯示所述多個模組的運行狀態。Optionally, the visualization module configures the multiple modules through a web page, and generates setting files of the multiple modules, so that the multiple modules configure the processing the log data; and displaying the running status of the multiple modules on the web page.

所述日誌解析方法,利用所述日誌解析系統,所述方法包括:獲取來自不同通信協定的日誌資料;對所述來自不同通信協定的日誌資料進行並行解析,獲得解析失敗的日誌資料和解析成功的日誌資料;對所述解析成功的日誌資料進行資料結構化處理,獲 得結構化資料;對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料;將所述修正後的資料輸出至終端;按照預定的時間對所述日誌解析系統的設定文檔進行監聽,根據監聽到的設定文檔的改變對所述日誌解析系統進行更新配置;利用萬維網頁面實現對上述日誌解析流程任務的配置視覺化。The log parsing method utilizes the log parsing system, and the method includes: obtaining log data from different communication protocols; performing parallel parsing on the log data from different communication protocols, obtaining log data of failed parsing and parsing successfully Log data of the log data; carry out data structure processing to the log data of the successful parsing to obtain the structured data; modify the log data of the failed parsing and the structured data to obtain the corrected data; The final data is output to the terminal; the setting file of the log analysis system is monitored according to the predetermined time, and the log analysis system is updated and configured according to the change of the monitored setting file; the above-mentioned log analysis process is realized by using the World Wide Web page Configuration visualization of tasks.

相較於習知技術,本申請的日誌解析系統及日誌解析方法中,所述日誌解析系統透過解耦的方式形成多個獨立模組,每個模組定義通用介面,所述日誌解析系統以輸入、解析、處理、輸出的流程串聯這些通用介面來實現所述日誌解析方法中的流程;透過對通用介面的繼承,實現適應多種複雜應用場景的功能;透過對介面參數的抽取,把日誌解析流程按模組定義各自的行為到設定文檔中,並形成定時任務;透過設定文檔的定義將所述日誌解析方法的流程的設計到視覺化頁面中,降低用戶的使用難度。所述日誌解析系統具有高內聚、低耦合、模組化和可拓展等特性,有利於系統的反覆運算升級。Compared with the conventional technology, in the log analysis system and log analysis method of the present application, the log analysis system forms a plurality of independent modules through decoupling, each module defines a common interface, and the log analysis system uses The process of input, parsing, processing, and output is connected in series with these common interfaces to realize the process in the log analysis method; through the inheritance of the common interface, the function of adapting to various complex application scenarios is realized; through the extraction of interface parameters, the log is parsed The process defines the respective behaviors in the setting document according to the module, and forms a timed task; through the definition of the setting document, the process of the log analysis method is designed into the visual page to reduce the difficulty of use for users. The log parsing system has the characteristics of high cohesion, low coupling, modularization, and scalability, which is conducive to repeated computing upgrades of the system.

為了能夠更清楚地理解本申請的上述目的、特徵和優點,下面結合附圖和具體實施例對本申請進行詳細描述。需要說明的是,在不衝突的情況下,本申請的實施例及實施例中的特徵可以相互組合。In order to more clearly understand the above objects, features and advantages of the present application, the present application will be described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments can be combined with each other.

在下面的描述中闡述了很多具體細節以便於充分理解本申請,所描述的實施例僅僅是本申請一部分實施例,而不是全部的實施例。基於本申請中的實施例,本領域普通技術人員在沒有做出創造性勞動前提下所獲得的所有其他實施例,都屬於本申請保護的範圍。A lot of specific details are set forth in the following description to facilitate a full understanding of the application, and the described embodiments are only a part of the embodiments of the application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

除非另有定義,本文所使用的所有的技術和科學術語與屬於本申請的技術領域的技術人員通常理解的含義相同。本文中在本申請的說明書中所使用的術語只是為了描述具體的實施例的目的,不是旨在於限制本申請。Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terms used herein in the specification of the application are only for the purpose of describing specific embodiments, and are not intended to limit the application.

參閱圖1所示,為本申請實施例提供的日誌解析系統1的功能模組圖。所述日誌解析系統1包括多個模組,所述多個模組包括:日誌接入模組10、資料解析模組11、資料處理模組12、資料輸出模組13;所述日誌解析系統1還包括遠端控制模組14和視覺化模組15,所述遠端控制模組14用於作為所述日誌解析系統1的控制中心。在本實施例中,所述日誌解析系統1可以應用於電腦裝置(例如圖2所示的電腦裝置3)中,對於需要進行日誌解析任務的電腦裝置,可以直接在電腦裝置上集成本申請的方法所提供的用於日誌解析的功能,或者以軟體開發套件(Software Development Kit,SDK)的形式運行在電腦裝置上。Referring to FIG. 1 , it is a functional module diagram of the log parsing system 1 provided by the embodiment of the present application. The log analysis system 1 includes a plurality of modules, and the plurality of modules include: a log access module 10, a data analysis module 11, a data processing module 12, and a data output module 13; the log analysis system 1 also includes a remote control module 14 and a visualization module 15, the remote control module 14 is used as the control center of the log analysis system 1. In this embodiment, the log analysis system 1 can be applied to a computer device (such as the computer device 3 shown in FIG. 2 ), and for a computer device that needs to perform log analysis tasks, the computer device of this application can be directly integrated on the computer device. The log parsing function provided by the method may be run on a computer device in the form of a software development kit (Software Development Kit, SDK).

在一個實施例中,所述日誌解析系統1包含外掛程式(Plug-in),可以在日誌解析任務的運行過程中透過補丁包的形式增刪所述外掛程式,從而拓展所述多個模組。In one embodiment, the log parsing system 1 includes a plug-in program (Plug-in), and the plug-in program can be added or deleted in the form of a patch package during the running of the log parsing task, so as to expand the multiple modules.

在一個實施例中,所述日誌接入模組10用於獲取來自不同通信協定的日誌資料,所述來自不同通信協定的日誌資料包含格式各異、雜亂無序的日誌資料,所述日誌資料可以以被包含在日誌文檔的形式被所述日誌接入模組10接入。所述日誌接入模組10包含通用行讀取器(General Line Reader),所述通用行讀取器可以按行讀取所述日誌文檔中的日誌資料;所述遠端控制模組14用於控制所述日誌接入模組10透過對所述通用行讀取器的繼承(Inheritance)獲取所述來自不同通信協定的日誌資料,將所述來自不同通信協定的日誌資料統一接入到所述日誌解析系統1,儲存在預先定義的資料庫中。這些不同通信協定可以包括IP協定,IMCP協定,TCP協定等。In one embodiment, the log access module 10 is used to acquire log data from different communication protocols, and the log data from different communication protocols include log data in different formats and out of order, and the log data It can be accessed by the log access module 10 in the form of being contained in a log file. The log access module 10 includes a general line reader (General Line Reader), which can read the log data in the log file by line; the remote control module 14 uses Controlling the log access module 10 to obtain the log data from different communication protocols through the inheritance of the universal row reader, and uniformly access the log data from different communication protocols to all The log parsing system 1 described above is stored in a predefined database. These different communication protocols may include IP protocol, IMCP protocol, TCP protocol and so on.

在一個實施例中,所述資料解析模組11用於利用並行技術(Parallel Technology)對所述資料庫中所獲取的日誌資料進行並行解析,獲得解析失敗的日誌資料(例如,根據電腦裝置3中預先定義的規則被判定為敏感性資料從而解析失敗的日誌資料)和解析成功的日誌資料;所述資料解析模組11包含通用行解譯器,所述通用行解譯器是指命令列解譯器(Command Line Interpreter);所述遠端控制模組14用於控制所述資料解析模組11透過對所述通用行解譯器的繼承對所述來自不同通信協定的日誌資料進行並行解析,並基於所述通用行解譯器,根據所述電腦裝置3中預先定義的格式對所述解析成功的日誌資料進行所述資料結構化處理,將格式各異、雜亂無序的日誌資料格式化成有序的結構化資料(Structured Data),將日誌資料進行標識化(Tokenization)。In one embodiment, the data parsing module 11 is configured to use parallel technology (Parallel Technology) to perform parallel parsing on the log data obtained in the database, and obtain log data that fail to parse (for example, according to the computer device 3 The pre-defined rule in is judged as the log data of sensitive data thereby parsing failure) and the log data of parsing success; The data parsing module 11 includes a general line interpreter, and the general line interpreter refers to the command line Interpreter (Command Line Interpreter); the remote control module 14 is used to control the data analysis module 11 to parallelize the log data from different communication protocols by inheriting the universal line interpreter Parsing, and based on the universal line interpreter, according to the format predefined in the computer device 3, performing the data structure processing on the successfully parsed log data, and disorganizing the log data in different formats Format it into ordered structured data (Structured Data), and tokenize the log data (Tokenization).

在一個實施例中,所述資料處理模組12用於對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料;所述資料處理模組12包含通用行解譯器;所述遠端控制模組14用於控制所述資料處理模組12透過對所述通用行解譯器的繼承對所述解析失敗的日誌來源資料和所述結構化資料進行修正。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正包括:檢索所述解析失敗的日誌來源資料,刪除或替換檢索到的解析失敗的日誌資料,例如,根據電腦裝置3中預先定義的規則對敏感性資料進行刪除或替換掉其中的關鍵字。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正還包括:從所述資料庫中檢索所述結構化資料,根據電腦裝置3中預先定義的資料標籤的屬性和定義規則,為檢索到的所述結構化資料添加標籤。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正還包括:根據修正後的日誌資料更新所述資料庫。In one embodiment, the data processing module 12 is used to correct the log data that failed to be parsed and the structured data to obtain the corrected data; the data processing module 12 includes general line interpretation The remote control module 14 is used to control the data processing module 12 to correct the log source data that failed to parse and the structured data by inheriting the universal row interpreter. The modification of the log source data of the analysis failure and the structured data includes: retrieving the log source data of the analysis failure, deleting or replacing the retrieved log data of the analysis failure, for example, according to the computer device 3 Pre-defined rules delete or replace keywords in sensitive data. The modifying the log source data and the structured data that failed to parse further includes: retrieving the structured data from the database, according to the attributes and definition rules of the pre-defined data tags in the computer device 3 , to tag the retrieved structured data. The correcting the log source data that fails to be parsed and the structured data further includes: updating the database according to the corrected log data.

在一個實施例中,所述資料輸出模組13包含通用資料匯出工具,用於將所述修正後的資料從所述資料庫輸出至終端,所述終端可以是所述日誌解析系統1之外的儲存裝置,包括但不限於所述電腦裝置3的本機存放區、透過通信協定(例如,MQTT協定)與所述日誌解析系統1通訊連接的雲端、控制台(例如,在Windows下的CMD控制台中輸出所述日誌解析系統1的運行結果)。In one embodiment, the data output module 13 includes a general data export tool for exporting the corrected data from the database to a terminal, and the terminal can be one of the log analysis system 1 External storage devices, including but not limited to the local storage area of the computer device 3, the cloud connected to the log analysis system 1 through a communication protocol (for example, the MQTT protocol), the console (for example, under Windows Output the operation result of the log parsing system 1 in the CMD console).

在一個實施例中,所述遠端控制模組14用於按照預定的時間(例如,每隔30秒)對所述日誌解析系統1的設定文檔進行監聽,並於監聽到更新的設定文檔時,載入所述更新的設定文檔對所述日誌解析系統1的多個模組進行更新配置;所述遠端控制模組14還用於對所述多個模組進行控制。所述多個模組包括,但不限於,所述日誌接入模組10、資料解析模組11、資料處理模組12、資料輸出模組13。In one embodiment, the remote control module 14 is configured to monitor the configuration file of the log analysis system 1 at a predetermined time (for example, every 30 seconds), and when an updated configuration file is detected, , loading the updated setting file to update and configure multiple modules of the log analysis system 1; the remote control module 14 is also used to control the multiple modules. The multiple modules include, but are not limited to, the log access module 10 , data analysis module 11 , data processing module 12 , and data output module 13 .

在一個實施例中,所述遠端控制模組14包含消息接收模組151、資訊解析器152和控制庫153。所述消息接收模組151用於獲取來自不同通信協議的對所述多個模組的控制資訊,例如透過MQTT協定與所述日誌解析系統1外部的消息伺服器(例如,安裝在所述電腦裝置3中的消息伺服器)進行資訊交互,獲取所述控制資訊;所述資訊解析器152用於對所述控制資訊進行解析,獲得解析結果,所述解析結果包括存取控制修飾符;所述控制庫153用於根據所述存取控制修飾符對所述多個模組進行控制,包括:根據存取控制修飾符指示的更新設定文檔的命令,控制所述日誌解析系統1的運行狀態(例如重啟、暫停、啟動等)或者透過下載所述日誌解析系統1的最新版本的軟體程式更新所述日誌解析系統1。In one embodiment, the remote control module 14 includes a message receiving module 151 , an information parser 152 and a control library 153 . The message receiving module 151 is used to obtain control information on the multiple modules from different communication protocols, such as communicating with an external message server of the log analysis system 1 (for example, installed on the computer through the MQTT protocol) The message server in the device 3) performs information interaction to obtain the control information; the information parser 152 is used to analyze the control information to obtain an analysis result, and the analysis result includes an access control modifier; The control library 153 is used to control the multiple modules according to the access control modifier, including: controlling the running state of the log analysis system 1 according to the command for updating the configuration file indicated by the access control modifier (eg restart, suspend, start, etc.) or update the log analysis system 1 by downloading the latest version of the software program of the log analysis system 1 .

在其他實施例中,所述日誌解析系統1還可以包含雲端,所述雲端可以以軟體的形式安裝在所述電腦裝置3中。所述遠端控制模組14將所述日誌解析系統1的當前運行狀態發送至所述雲端,所述雲端用於對所述日誌解析系統1的當前運行狀態進行解析,獲得運行狀態的解析結果,透過所述消息伺服器將所述運行狀態的解析結果傳輸至所述消息接收模組151,實現間接監聽。所述雲端還用於根據所述運行狀態的解析結果獲得所述多個模組的控制資訊,將所述控制資訊輸入所述消息接收模組151。所述消息接收模組151將接收所述控制資訊的動作記錄到所述日誌解析系統1的本地日誌(例如,在所述資料庫中預先定義的本地日誌文檔)中。所述資訊解析器152用於將所述控制資訊中的控制行為與所述控制庫153提供的介面對應起來,並載入控制參數,執行控制流程,將整個過程中產生的行為結果記錄到所述本地日誌中。所述控制庫153提供一個通用的核心控制執行庫,透過拓展庫實現對所述日誌解析系統1的直接或間接運行控制。所述直接控制包含版本更新庫,透過調用版本更新庫的介面實現下載所述更新的設定文檔,根據所述更新的設定文檔重新運行所述日誌解析系統1的更新流程。所述間接控制包括對所述日誌解析系統1的資料解析任務的運行狀態進行控制,透過對每個任務的運行設定文檔的改寫,所述日誌解析系統1定期(例如,每隔1小時)掃描運行設定文檔所在目錄(例如,在所述資料庫中預先定義的設定文檔所在目錄),根據所述設定文檔對所述日誌解析系統1中的任務進行停止、刪除、重啟或新建等操作。In other embodiments, the log analysis system 1 may also include a cloud, and the cloud may be installed in the computer device 3 in the form of software. The remote control module 14 sends the current operating state of the log analysis system 1 to the cloud, and the cloud is used to analyze the current operating state of the log analysis system 1 to obtain an analysis result of the operating state The analysis result of the running state is transmitted to the message receiving module 151 through the message server, so as to realize indirect monitoring. The cloud is also used to obtain the control information of the plurality of modules according to the analysis result of the running state, and input the control information into the message receiving module 151 . The message receiving module 151 records the action of receiving the control information into a local log of the log parsing system 1 (for example, a local log file predefined in the database). The information parser 152 is used to match the control behavior in the control information with the interface provided by the control library 153, load control parameters, execute the control process, and record the behavior results generated during the whole process to the described in the local log. The control library 153 provides a common core control execution library, and realizes direct or indirect operation control of the log parsing system 1 through an extended library. The direct control includes a version update library, and the updated setting file is downloaded by calling the interface of the version update library, and the update process of the log analysis system 1 is rerun according to the updated setting file. The indirect control includes controlling the running status of the data parsing tasks of the log parsing system 1. By rewriting the running setting file of each task, the log parsing system 1 periodically (for example, every hour) scans Run the directory where the setting file is located (for example, the directory where the setting file is predefined in the database), and perform operations such as stopping, deleting, restarting or creating a new task in the log analysis system 1 according to the setting file.

在一個實施例中,所述視覺化模組15利用萬維網頁面實現對所述日誌解析系統1的配置視覺化。所述視覺化模組15透過所述電腦裝置3的顯示器展示所述萬維網頁面,對所述多個模組進行配置,生成所述多個模組的設定文檔,使得所述多個模組根據所述設定文檔對所述日誌資料進行處理;及在萬維網頁面中顯示所述多個模組的運行狀態。所述萬維網頁面包含任務參數配置頁面,用於為每個日誌文檔匹配對應的所述日誌解析系統1的日誌解析任務,進入某個日誌解析任務後,可以在所述某個日誌解析任務的任務參數配置頁面對該日誌解析任務下的日誌接入模組10、資料解析模組11、資料處理模組12、資料輸出模組13進行順序配置,配置完成後儲存設定文檔。所述萬維網頁面中顯示的是所述日誌解析系統1的日誌解析任務的運行狀態,例如在工業環境下,透過將所述日誌解析系統1安裝至生產資料所在的電腦裝置3上,打開所述萬維網頁面,新建一個日誌解析任務,進入任務參數配置頁面,依次對日誌接入參數配置頁面、資料解析配置頁面、資料處理配置頁面和資料輸出配置頁面上的表單進行填寫,將配置完成後的表單進行儲存並退出所述任務參數配置頁面;選中配置好的日誌解析任務,改變其運行狀態(例如運行、暫停或重啟),所述萬維網頁面可以以清單形式展示每個日誌解析任務的狀態,如解析成功的日誌資料的條數,解析失敗的日誌資料的條數等。In one embodiment, the visualization module 15 realizes the configuration visualization of the log parsing system 1 by using a web page. The visualization module 15 displays the web page through the display of the computer device 3, configures the multiple modules, and generates the setting files of the multiple modules, so that the multiple modules are configured according to The setting file processes the log data; and displays the running status of the multiple modules on the web page. The web page includes a task parameter configuration page, which is used to match each log document to the corresponding log analysis task of the log analysis system 1. After entering a certain log analysis task, the task of the certain log analysis task can be The parameter configuration page configures the log access module 10, data analysis module 11, data processing module 12, and data output module 13 under the log analysis task in order, and saves the setting file after the configuration is completed. What is displayed on the web page is the running status of the log analysis task of the log analysis system 1. For example, in an industrial environment, by installing the log analysis system 1 on the computer device 3 where the production data is located, open the Create a new log analysis task on the World Wide Web page, enter the task parameter configuration page, fill in the forms on the log access parameter configuration page, data analysis configuration page, data processing configuration page, and data output configuration page in turn. Store and exit the task parameter configuration page; select the configured log parsing task, change its running status (such as running, pausing or restarting), and the World Wide Web page can display the status of each log parsing task in the form of a list, For example, the number of log data that was parsed successfully, the number of log data that failed to parse, etc.

在一個實施例中,所述日誌解析系統1包含日誌記錄庫,在所述日誌解析系統1中設置了日誌記錄埋點,並在日誌記錄埋點處標記了與日誌記錄對應的標籤。所述日誌解析系統1在運行時產生的日誌記錄會儲存到所述日誌解析系統1本地預先定義的資料庫的日誌文檔中。所述日誌解析系統1的日誌與日誌解析流程任務的日誌分別儲存在各自目錄下。所述日誌解析系統1同時透過定義對本地日誌文檔的日誌解析流程,實現所述日誌解析系統1運行心跳的上報,所述心跳資訊包括所述日誌解析系統1資源使用量,各日誌解析任務的運行狀態,所述日誌解析系統1的版本等。In one embodiment, the log parsing system 1 includes a log record library, a log record buried point is set in the log record parse system 1, and a label corresponding to the log record is marked at the log record buried point. The log records generated by the log parsing system 1 during operation will be stored in log files in a local predefined database of the log parsing system 1 . The logs of the log analysis system 1 and the logs of the log analysis process tasks are stored in respective directories. At the same time, the log analysis system 1 realizes the reporting of the operation heartbeat of the log analysis system 1 by defining the log analysis process of the local log file, and the heartbeat information includes the resource usage of the log analysis system 1, and each log analysis task running status, the version of the log parsing system 1, etc.

在一個實施例中,所述遠端控制模組14為可選用模組,所述遠端控制模組14配置在所述日誌解析系統1的設定文檔中,與日誌解析任務的配置分離。所述日誌解析系統1執行狀態的回饋是透過日誌解析流程對所述日誌解析系統1的日誌文檔進行按標籤篩選,並處理記錄輸出到雲端完成控制的間接回饋。In one embodiment, the remote control module 14 is an optional module, and the remote control module 14 is configured in the configuration file of the log analysis system 1 , which is separated from the configuration of the log analysis task. The feedback of the execution status of the log analysis system 1 is to filter the log documents of the log analysis system 1 by tags through the log analysis process, and process the records and output them to the cloud to complete the indirect feedback of control.

在一個實施例中,可以利用Golang語言編寫的軟體形式,透過交叉編譯將所述日誌解析系統1編譯成日誌收集終端平臺可執行文檔。In one embodiment, the log analysis system 1 can be compiled into an executable file of the log collection terminal platform through cross-compilation in the form of software written in Golang language.

如圖3示,所述日誌解析方法具體包括以下步驟,根據不同的需求,該流程圖中步驟的順序可以改變,某些步驟可以省略。As shown in FIG. 3 , the log parsing method specifically includes the following steps. According to different requirements, the order of the steps in the flow chart can be changed, and some steps can be omitted.

步驟S1,日誌接入模組10獲取來自不同通信協定的日誌資料。In step S1, the log access module 10 obtains log data from different communication protocols.

在一個實施例中,所述來自不同通信協定的日誌資料包含格式各異、雜亂無序的日誌資料,所述日誌資料可以以被包含在日誌文檔的形式被所述日誌接入模組10接入。所述日誌接入模組10包含通用行讀取器,所述通用行讀取器可以按行讀取所述日誌文檔中的日誌資料。遠端控制模組14控制所述日誌接入模組10透過對所述通用行讀取器的繼承獲取所述來自不同通信協定的日誌資料,將所述來自不同通信協定的日誌資料統一接入到日誌解析系統1,儲存在預先定義的資料庫中。這些不同通信協定可以包括IP協定,IMCP協定,TCP協定等。In one embodiment, the log data from different communication protocols includes log data in different formats and out of order, and the log data can be received by the log access module 10 in the form of being contained in a log file. enter. The log access module 10 includes a universal line reader, which can read the log data in the log file line by line. The remote control module 14 controls the log access module 10 to obtain the log data from different communication protocols through the inheritance of the universal line reader, and uniformly access the log data from different communication protocols to the log parsing system 1 and stored in a pre-defined database. These different communication protocols may include IP protocol, IMCP protocol, TCP protocol and so on.

步驟S2,資料解析模組11對所述來自不同通信協定的日誌資料進行並行解析,獲得解析失敗的日誌資料和解析成功的日誌資料。In step S2, the data analysis module 11 performs parallel analysis on the log data from different communication protocols, and obtains the log data that fails to be parsed and the log data that succeeds in parsing.

在一個實施例中,所述資料解析模組11利用並行技術對所述資料庫中所獲取的日誌資料進行並行解析,獲得解析失敗的日誌資料(例如,根據電腦裝置3中預先定義的規則被判定為敏感性資料從而解析失敗的日誌資料)和解析成功的日誌資料;所述資料解析模組11包含通用行解譯器,所述通用行解譯器是指命令列解譯器;所述遠端控制模組14控制所述資料解析模組11透過對所述通用行解譯器的繼承對所述來自不同通信協定的日誌資料進行並行解析,並基於所述通用行解譯器,根據所述電腦裝置3中預先定義的格式對所述解析成功的日誌資料進行所述資料結構化處理,將格式各異、雜亂無序的日誌資料格式化成有序的結構化資料,將日誌資料進行標識化。In one embodiment, the data parsing module 11 uses parallel technology to perform parallel parsing on the log data acquired in the database, and obtain log data that fails to parse (for example, according to the predefined rules in the computer device 3 The log data that is judged as sensitive data thereby parsing fails) and the log data that parses successfully; The data parsing module 11 includes a general-purpose line interpreter, and the general-purpose line interpreter refers to a command line interpreter; The remote control module 14 controls the data analysis module 11 to analyze the log data from different communication protocols in parallel by inheriting the universal line interpreter, and based on the general line interpreter, according to The pre-defined format in the computer device 3 performs the data structuring process on the successfully parsed log data, formats the log data with different formats and disorderly into orderly structured data, and processes the log data Tokenization.

步驟S3,資料處理模組12對所述解析成功的日誌資料進行資料結構化處理,獲得結構化資料;對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料。In step S3, the data processing module 12 performs data structural processing on the log data that has been successfully parsed to obtain structured data; corrects the log data that fails to be parsed and the structured data to obtain corrected data.

在一個實施例中,所述資料處理模組12包含通用行解譯器;所述遠端控制模組14控制所述資料處理模組12透過對所述通用行解譯器的繼承對所述解析失敗的日誌來源資料和所述結構化資料進行修正。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正包括:檢索所述解析失敗的日誌來源資料,刪除或替換檢索到的解析失敗的日誌資料,例如,根據電腦裝置3中預先定義的規則對敏感性資料進行刪除或替換掉其中的關鍵字。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正還包括:從所述資料庫中檢索所述結構化資料,根據電腦裝置3中預先定義的資料標籤的屬性和定義規則,為檢索到的所述結構化資料添加標籤。所述對所述解析失敗的日誌來源資料和所述結構化資料進行修正還包括:根據修正後的日誌資料更新所述資料庫。In one embodiment, the data processing module 12 includes a general line interpreter; the remote control module 14 controls the data processing module 12 to implement the The log source data that fails to be parsed and the structured data are corrected. The modification of the log source data of the analysis failure and the structured data includes: retrieving the log source data of the analysis failure, deleting or replacing the retrieved log data of the analysis failure, for example, according to the computer device 3 Pre-defined rules delete or replace keywords in sensitive data. The modifying the log source data and the structured data that failed to parse further includes: retrieving the structured data from the database, according to the attributes and definition rules of the pre-defined data tags in the computer device 3 , to tag the retrieved structured data. The correcting the log source data that fails to be parsed and the structured data further includes: updating the database according to the corrected log data.

步驟S4,資料輸出模組13將所述修正後的資料輸出至終端。In step S4, the data output module 13 outputs the corrected data to the terminal.

在一個實施例中,所述資料輸出模組13包含通用資料匯出工具,所述資料輸出模組13將所述修正後的資料從所述資料庫輸出至終端,所述終端可以是所述日誌解析系統1之外的儲存裝置,包括但不限於所述電腦裝置3的本機存放區、透過通信協定(例如,MQTT協定)與所述日誌解析系統1通訊連接的雲端、控制台(例如,在Windows下的CMD控制台中輸出所述日誌解析系統1的運行結果)。In one embodiment, the data output module 13 includes a general data export tool, and the data output module 13 outputs the corrected data from the database to a terminal, and the terminal may be the Storage devices other than the log analysis system 1, including but not limited to the local storage area of the computer device 3, the cloud and the console (such as , output the running result of the log parsing system 1 in the CMD console under Windows).

步驟S5,遠端控制模組14按照預定的時間對所述日誌解析系統的設定文檔進行監聽,根據監聽到的設定文檔的改變對所述日誌解析系統進行更新配置。Step S5 , the remote control module 14 monitors the setting file of the log analysis system according to a predetermined time, and updates the configuration of the log analysis system according to the changes of the monitored setting file.

在一個實施例中,所述遠端控制模組14按照預定的時間(例如,每隔30秒)對所述日誌解析系統1的設定文檔進行監聽,並於監聽到更新的設定文檔時,載入所述更新的設定文檔對所述日誌解析系統1的多個模組進行更新配置;所述遠端控制模組14還用於對所述多個模組進行控制。所述多個模組包括,但不限於,所述日誌接入模組10、資料解析模組11、資料處理模組12、資料輸出模組13。In one embodiment, the remote control module 14 monitors the configuration file of the log parsing system 1 at a predetermined time (for example, every 30 seconds), and uploads the Import the updated setting file to update and configure multiple modules of the log analysis system 1; the remote control module 14 is also used to control the multiple modules. The multiple modules include, but are not limited to, the log access module 10 , data analysis module 11 , data processing module 12 , and data output module 13 .

在一個實施例中,所述遠端控制模組14包含消息接收模組151、資訊解析器152和控制庫153,所述消息接收模組151獲取來自不同通信協議的對所述多個模組的控制資訊,例如透過MQTT通信協定與所述日誌解析系統1外部的消息伺服器(例如,安裝在所述電腦裝置3中的消息伺服器)進行資訊交互,獲取所述控制資訊;所述資訊解析器152對所述控制資訊進行解析,獲得解析結果,所述解析結果包括存取控制修飾符;所述控制庫153根據所述存取控制修飾符對所述多個模組進行控制,包括:根據存取控制修飾符指示的更新設定文檔的命令,控制所述日誌解析系統1的運行狀態(例如重啟、暫停、啟動等)或者透過下載所述日誌解析系統1的最新版本的軟體程式更新所述日誌解析系統1。In one embodiment, the remote control module 14 includes a message receiving module 151, an information parser 152 and a control library 153, and the message receiving module 151 obtains information from different communication protocols for the multiple modules. control information, such as through the MQTT communication protocol and the message server outside the log analysis system 1 (for example, the message server installed in the computer device 3) for information interaction, to obtain the control information; the information The parser 152 parses the control information to obtain a parsing result, the parsing result includes an access control modifier; the control library 153 controls the multiple modules according to the access control modifier, including : According to the command for updating the configuration file indicated by the access control modifier, control the running state of the log analysis system 1 (such as restart, suspend, start, etc.) or update the software program by downloading the latest version of the log analysis system 1 The log parsing system 1.

在其他實施例中,所述日誌解析系統1還可以包含雲端,所述雲端可以以軟體的形式安裝在所述電腦裝置3中。所述遠端控制模組14將所述日誌解析系統1的當前運行狀態發送至所述雲端,所述雲端對所述日誌解析系統1的當前運行狀態進行解析,獲得運行狀態的解析結果,透過所述消息伺服器將所述運行狀態的解析結果傳輸至所述消息接收模組151,實現間接監聽。所述雲端還用於根據所述運行狀態的解析結果獲得所述多個模組的控制資訊,將所述控制資訊輸入所述消息接收模組151。所述消息接收模組151將接收所述控制資訊的動作記錄到所述日誌解析系統1的本地日誌(例如,在所述資料庫中預先定義的本地日誌文檔)中。所述資訊解析器152將所述控制資訊中的控制行為與所述控制庫153提供的介面對應起來,並載入控制參數,執行控制流程,將整個過程中產生的行為結果記錄到所述本地日誌中。所述控制庫153提供一個通用的核心控制執行庫,透過拓展庫實現對所述日誌解析系統1的直接或間接運行控制。所述直接控制包含版本更新庫,透過調用版本更新庫的介面實現下載所述更新的設定文檔,根據所述更新的設定文檔重新運行所述日誌解析系統1的更新流程。所述間接控制包括對所述日誌解析系統1的資料解析任務的運行狀態進行控制,透過對每個任務的運行設定文檔的改寫,所述日誌解析系統1定期(例如,每隔1小時)掃描運行設定文檔所在目錄(例如,在所述資料庫中預先定義的設定文檔所在目錄),根據所述設定文檔對所述日誌解析系統1中的任務進行停止、刪除、重啟或新建等操作。In other embodiments, the log analysis system 1 may also include a cloud, and the cloud may be installed in the computer device 3 in the form of software. The remote control module 14 sends the current operating state of the log analysis system 1 to the cloud, and the cloud analyzes the current operating state of the log analysis system 1 to obtain an analysis result of the operating state. The message server transmits the analysis result of the running state to the message receiving module 151 to realize indirect monitoring. The cloud is also used to obtain the control information of the plurality of modules according to the analysis result of the running state, and input the control information into the message receiving module 151 . The message receiving module 151 records the action of receiving the control information into a local log of the log parsing system 1 (for example, a local log file predefined in the database). The information parser 152 corresponds the control behavior in the control information with the interface provided by the control library 153, loads control parameters, executes the control process, and records the behavior results generated during the whole process to the local in the log. The control library 153 provides a common core control execution library, and realizes direct or indirect operation control of the log parsing system 1 through an extended library. The direct control includes a version update library, and the updated setting file is downloaded by calling the interface of the version update library, and the update process of the log analysis system 1 is rerun according to the updated setting file. The indirect control includes controlling the running status of the data parsing tasks of the log parsing system 1. By rewriting the running setting file of each task, the log parsing system 1 periodically (for example, every hour) scans Run the directory where the setting file is located (for example, the directory where the setting file is predefined in the database), and perform operations such as stopping, deleting, restarting or creating a new task in the log analysis system 1 according to the setting file.

步驟S6,視覺化模組15利用萬維網頁面實現對上述日誌解析流程任務的配置視覺化。In step S6, the visualization module 15 realizes the configuration visualization of the above log parsing process task by using the web page.

在一個實施例中,所述視覺化模組15透過萬維網頁面,對所述多個模組進行配置,生成所述多個模組的設定文檔,使得所述多個模組根據所述設定文檔對所述日誌資料進行處理;及在萬維網頁面中顯示所述多個模組的運行狀態。所述萬維網頁面包含任務參數配置頁面,為每個日誌文檔匹配對應的所述日誌解析系統1的日誌解析任務,進入某個日誌解析任務後,可以在所述某個日誌解析任務的任務配置頁面對該任務下的日誌接入模組10、資料解析模組11、資料處理模組12、資料輸出模組13進行順序配置,配置完成後儲存設定文檔。所述萬維網頁面中顯示的是所述日誌解析系統1的日誌解析任務的運行狀態,例如在工業環境下,透過將所述日誌解析系統1安裝至生產資料所在的電腦裝置3上,打開所述萬維網頁面,新建一個日誌解析任務,進入任務參數配置頁面,依次對日誌接入參數配置頁面、資料解析配置頁面、資料處理配置頁面和資料輸出配置頁面上的表單進行填寫,將配置完成後的表單進行儲存並退出所述任務參數配置頁面;選中配置好的日誌解析任務,改變其運行狀態(例如運行、暫停或重啟),所述萬維網頁面可以以清單形式展示每個日誌解析任務的狀態,如解析成功的日誌資料的條數,解析失敗的日誌資料的條數等。In one embodiment, the visualization module 15 configures the multiple modules through a web page, and generates the setting files of the multiple modules, so that the multiple modules can be configured according to the setting files. processing the log data; and displaying the running status of the multiple modules on the web page. The web page includes a task parameter configuration page, which matches the corresponding log parsing task of the log parsing system 1 for each log file. After entering a certain log parsing task, the task configuration page of the certain log parsing task can be The log access module 10, data analysis module 11, data processing module 12, and data output module 13 under the task are sequentially configured, and the configuration file is stored after configuration is completed. What is displayed on the web page is the running status of the log analysis task of the log analysis system 1. For example, in an industrial environment, by installing the log analysis system 1 on the computer device 3 where the production data is located, open the Create a new log analysis task on the World Wide Web page, enter the task parameter configuration page, fill in the forms on the log access parameter configuration page, data analysis configuration page, data processing configuration page, and data output configuration page in turn. Store and exit the task parameter configuration page; select the configured log parsing task, change its running status (such as running, pausing or restarting), and the World Wide Web page can display the status of each log parsing task in the form of a list, For example, the number of log data that was parsed successfully, the number of log data that failed to parse, etc.

上述圖3詳細介紹了本申請的日誌解析方法,下面結合圖2,對實現所述日誌解析方法的硬體裝置架構進行介紹。The above-mentioned FIG. 3 introduces the log parsing method of the present application in detail. The hardware device architecture for implementing the log parsing method is introduced below in conjunction with FIG. 2 .

應該瞭解,所述實施例僅為說明之用,在專利申請範圍上並不受此結構的限制。It should be understood that the embodiments are only for illustration, and are not limited by the structure in terms of the scope of the patent application.

參閱圖2所示,為本申請實施例提供的電腦裝置的結構示意圖。在本申請較佳實施例中,所述電腦裝置3包括儲存器31、至少一個處理器32。本領域技術人員應該瞭解,圖2示出的電腦裝置的結構並不構成本申請實施例的限定,既可以是匯流排型結構,也可以是星形結構,所述電腦裝置3還可以包括比圖示更多或更少的其他硬體或者軟體,或者不同的部件佈置。Referring to FIG. 2 , it is a schematic structural diagram of a computer device provided by an embodiment of the present application. In a preferred embodiment of the present application, the computer device 3 includes a storage 31 and at least one processor 32 . Those skilled in the art should understand that the structure of the computer device shown in Figure 2 does not constitute a limitation of the embodiment of the present application, it can be a bus-type structure or a star structure, and the computer device 3 can also include a ratio More or less other hardware or software, or different arrangements of components are illustrated.

在一些實施例中,所述電腦裝置3包括一種能夠按照事先設定或儲存的指令,自動進行數值計算和/或資訊處理的終端,其硬體包括但不限於微處理器、專用積體電路、可程式設計閘陣列、數位訊號處理器及嵌入式設備等。In some embodiments, the computer device 3 includes a terminal capable of automatically performing numerical calculations and/or information processing according to preset or stored instructions, and its hardware includes but not limited to microprocessors, dedicated integrated circuits, Programmable gate arrays, digital signal processors and embedded devices, etc.

需要說明的是,所述電腦裝置3僅為舉例,其他現有的或今後可能出現的電子產品如可適應於本申請,也應包含在本申請的保護範圍以內,並以引用方式包含於此。It should be noted that the computer device 3 is only an example, and other existing or future electronic products that can be adapted to this application should also be included in the scope of protection of this application and included here by reference.

在一些實施例中,所述儲存器31用於儲存程式碼和各種資料。例如,所述儲存器31可以用於儲存安裝在所述電腦裝置3中的日誌解析系統1,並在電腦裝置3的運行過程中實現高速、自動地完成程式或資料的存取。所述儲存器31包括唯讀記憶體(Read-Only Memory,ROM)、可程式設計唯讀儲存器(Programmable Read-Only Memory,PROM)、可抹除可程式設計唯讀儲存器(Erasable Programmable Read-Only Memory,EPROM)、一次可程式設計唯讀儲存器(One-time Programmable Read-Only Memory,OTPROM)、電子抹除式可複寫唯讀儲存器(Electrically-Erasable Programmable Read-Only Memory,EEPROM)、唯讀光碟(Compact Disc Read-Only Memory,CD-ROM)或其他光碟儲存器、磁碟儲存器、磁帶儲存器、或者任何其他能夠用於攜帶或儲存資料的電腦可讀的儲存介質。In some embodiments, the storage 31 is used to store program codes and various data. For example, the storage 31 can be used to store the log analysis system 1 installed in the computer device 3 , and realize high-speed and automatic program or data access during the operation of the computer device 3 . The storage 31 includes a read-only memory (Read-Only Memory, ROM), a programmable read-only memory (Programmable Read-Only Memory, PROM), an erasable programmable read-only memory (Erasable Programmable Read -Only Memory, EPROM), One-time Programmable Read-Only Memory (OTPROM), Electrically-Erasable Programmable Read-Only Memory (EEPROM) , CD-ROM (Compact Disc Read-Only Memory, CD-ROM) or other optical disk storage, disk storage, tape storage, or any other computer-readable storage medium that can be used to carry or store data.

在一些實施例中,所述至少一個處理器32可以由積體電路組成,例如可以由單個封裝的積體電路所組成,也可以是由多個相同功能或不同功能封裝的積體電路所組成,包括一個或者多個中央處理器(Central Processing unit,CPU)、微處理器、數位訊號處理器、圖形處理器及各種控制晶片的組合等。所述至少一個處理器32是所述電腦裝置3的控制核心(Control Unit),利用各種介面和線路連接整個電腦裝置3的各個部件,透過運行或執行儲存在所述儲存器31內的程式或者模組,以及調用儲存在所述儲存器31內的資料,以執行電腦裝置3的各種功能和處理資料,例如執行日誌解析系統1的日誌解析的功能。In some embodiments, the at least one processor 32 may be composed of an integrated circuit, for example, may be composed of a single packaged integrated circuit, or may be composed of multiple integrated circuits with the same function or different functions. , including one or more central processing units (Central Processing unit, CPU), microprocessors, digital signal processors, graphics processors and combinations of various control chips. The at least one processor 32 is the control core (Control Unit) of the computer device 3, which connects various components of the entire computer device 3 through various interfaces and lines, and runs or executes programs stored in the memory 31 or module, and call the data stored in the storage 31 to execute various functions of the computer device 3 and process data, such as executing the log analysis function of the log analysis system 1 .

在一些實施例中,所述日誌解析系統1運行於電腦裝置3中。所述日誌解析系統1可以包括多個由程式碼段所組成的功能模組。所述日誌解析系統1中的各個程式段的程式碼可以儲存於電腦裝置3的儲存器31中,並由至少一個處理器32所執行,以實現圖3所示的日誌解析的功能。In some embodiments, the log parsing system 1 runs on a computer device 3 . The log parsing system 1 may include a plurality of functional modules composed of program code segments. The program codes of each program segment in the log analysis system 1 can be stored in the memory 31 of the computer device 3 and executed by at least one processor 32 to realize the log analysis function shown in FIG. 3 .

儘管未示出,所述電腦裝置3還可以包括給各個部件供電的電源(比如電池),優選的,電源可以透過電源管理裝置與所述至少一個處理器32邏輯相連,從而透過電源管理裝置實現管理充電、放電、以及功耗管理等功能。電源還可以包括一個或一個以上的直流或交流電源、再充電裝置、電源故障檢測電路、電源轉換器或者逆變器、電源狀態指示器等任意元件。所述電腦裝置3還可以包括多種感測器、藍牙模組、Wi-Fi模組、顯示器等,在此不再贅述。Although not shown, the computer device 3 may also include a power supply (such as a battery) for supplying power to each component. Preferably, the power supply may be logically connected to the at least one processor 32 through a power management device, thereby realizing Manage functions such as charging, discharging, and power management. The power supply may also include one or more DC or AC power sources, recharging devices, power failure detection circuits, power converters or inverters, power status indicators and other arbitrary components. The computer device 3 may also include various sensors, a Bluetooth module, a Wi-Fi module, a display, etc., which will not be repeated here.

應該瞭解,所述實施例僅為說明之用,在專利申請範圍上並不受此結構的限制。It should be understood that the embodiments are only for illustration, and are not limited by the structure in terms of the scope of the patent application.

上述以軟體功能模組的形式實現的集成的單元,可以儲存在一個電腦可讀取儲存介質中。上述軟體功能模組儲存在一個儲存介質中,包括若干指令用以使得一台電腦裝置(可以是伺服器、個人電腦等)或處理器(processor)執行本申請各個實施例所述方法的部分。The above-mentioned integrated units implemented in the form of software function modules can be stored in a computer-readable storage medium. The above-mentioned software function module is stored in a storage medium, and includes several instructions for enabling a computer device (which may be a server, a personal computer, etc.) or a processor (processor) to execute part of the method described in each embodiment of the present application.

在進一步的實施例中,結合圖3,所述至少一個處理器32可執行所述電腦裝置3的作業系統以及安裝的各類應用程式(如所述的日誌解析系統1)、程式碼等,例如,上述的各個模組。In a further embodiment, referring to FIG. 3 , the at least one processor 32 can execute the operating system of the computer device 3 and various installed applications (such as the log analysis system 1), program codes, etc., For example, the various modules mentioned above.

在本申請的一個實施例中,所述儲存器31儲存一個或多個指令(即至少一個指令),所述至少一個指令被所述至少一個處理器32所執行以實現圖3所示的日誌解析的目的。In one embodiment of the present application, the storage 31 stores one or more instructions (that is, at least one instruction), and the at least one instruction is executed by the at least one processor 32 to realize the log shown in FIG. 3 Parsing purposes.

在本申請所提供的幾個實施例中,應該理解到,所揭露的裝置和方法,可以透過其它的方式實現。例如,以上所描述的裝置實施例僅僅是示意性的,例如,所述模組的劃分,僅僅為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the modules is only a logical function division, and there may be other division methods in actual implementation.

所述作為分離部件說明的模組可以是或者也可以不是物理上分開的,作為模組顯示的部件可以是或者也可以不是物理單元,即可以位於一個地方,或者也可以分佈到多個網路單元上。可以根據實際的需要選擇其中的部分或者全部模組來實現本實施例方案的目的。The modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical units, that is, they may be located in one place, or may also be distributed to multiple networks on the unit. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申請各個實施例中的各功能模組可以集成在一個處理單元中,也可以是各個單元單獨物理存在,也可以兩個或兩個以上單元集成在一個單元中。上述集成的單元既可以採用硬體的形式實現,也可以採用硬體加軟體功能模組的形式實現。In addition, each functional module in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented not only in the form of hardware, but also in the form of hardware plus software function modules.

對於本領域技術人員而言,顯然本申請不限於上述示範性實施例的細節,而且在不背離本申請的精神或基本特徵的情況下,能夠以其他的具體形式實現本申請。因此,無論從哪一點來看,均應將實施例看作是示範性的,而且是非限制性的,本申請的範圍由所附請求項而不是上述說明限定,因此旨在將落在請求項的等同要件的含義和範圍內的所有變化涵括在本申請內。不應將請求項中的任何附圖標記視為限制所涉及的請求項。此外,顯然“包括”一詞不排除其他單元或,單數不排除複數。裝置請求項中陳述的多個單元或裝置也可以由一個單元或裝置透過軟體或者硬體來實現。第一,第二等詞語用來表示名稱,而並不表示任何特定的順序。It will be apparent to those skilled in the art that the present application is not limited to the details of the exemplary embodiments described above, but that the present application can be implemented in other specific forms without departing from the spirit or essential characteristics of the present application. Therefore, no matter from any point of view, the embodiments should be regarded as exemplary and non-restrictive, and the scope of the application is defined by the appended claims rather than the above description, so it is intended to All changes within the meaning and range of equivalents of the elements are embraced in this application. Any reference sign in a claim should not be construed as limiting the claim to which it relates. Furthermore, it is clear that the word "comprising" does not exclude other elements or the singular does not exclude the plural. A plurality of units or devices stated in the device claim may also be implemented by one unit or device through software or hardware. The words first, second, etc. are used to denote names and do not imply any particular order.

最後所應說明的是,以上實施例僅用以說明本申請的技術方案而非限制,儘管參照以上較佳實施例對本申請進行了詳細說明,本領域的普通技術人員應當理解,可以對本申請的技術方案進行修改或等同替換,而不脫離本申請技術方案的精神和範圍。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application without limitation. Although the present application has been described in detail with reference to the above preferred embodiments, those of ordinary skill in the art should understand that the present application can be The technical solution shall be modified or equivalently replaced without departing from the spirit and scope of the technical solution of the present application.

1:日誌解析系統 10:日誌接入模組 11:資料解析模組 12:資料處理模組 13:資料輸出模組 14:遠端控制模組 15:視覺化模組 3:電腦裝置 31:儲存器 32:處理器 S1~S6:步驟 1: Log parsing system 10: log access module 11: Data analysis module 12: Data processing module 13: Data output module 14:Remote control module 15:Visualization module 3: Computer device 31: Storage 32: Processor S1~S6: steps

為了更清楚地說明本申請實施例或習知技術中的技術方案,下面將對實施例或習知技術描述中所需要使用的附圖作簡單地介紹,顯而易見地,下面描述中的附圖僅僅是本申請的實施例,對於本領域普通技術人員來講,在不付出創造性勞動的前提下,還可以根據提供的附圖獲得其他的附圖。In order to more clearly illustrate the technical solutions in the embodiments of the present application or in the prior art, the accompanying drawings that need to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present application, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

圖1是本申請實施例提供的日誌解析系統的功能模組圖。FIG. 1 is a functional module diagram of a log parsing system provided by an embodiment of the present application.

圖2是本申請實施例提供的電腦裝置的架構圖。FIG. 2 is a structural diagram of a computer device provided by an embodiment of the present application.

圖3本申請實施例提供的日誌解析方法的流程圖。Fig. 3 is a flow chart of the log parsing method provided by the embodiment of the present application.

S1~S6:步驟 S1~S6: steps

Claims (10)

一種日誌解析系統,其中,所述系統包括多個模組,所述多個模組包括: 日誌接入模組,用於獲取來自不同通信協定的日誌資料; 資料解析模組,用於對所獲取的日誌資料進行並行解析,獲得解析失敗的日誌資料和解析成功的日誌資料; 所述資料解析模組,還用於對所述解析成功的日誌資料進行資料結構化處理,獲得結構化資料; 資料處理模組,用於對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料; 資料輸出模組,用於將所述修正後的資料輸出至終端。 A log parsing system, wherein the system includes multiple modules, and the multiple modules include: Log access module, used to obtain log data from different communication protocols; The data parsing module is used to analyze the obtained log data in parallel, and obtain the log data of failed parsing and the log data of successful parsing; The data parsing module is also used to perform data structured processing on the successfully parsed log data to obtain structured data; A data processing module, configured to correct the log data that fails to be parsed and the structured data, and obtain the corrected data; The data output module is used to output the corrected data to the terminal. 如請求項1所述的日誌解析系統,其中,所述日誌解析系統包含外掛程式,所述外掛程式用於拓展所述多個模組; 所述日誌解析系統還包括遠端控制模組,所述遠端控制模組用於按照預定的時間對所述日誌解析系統的設定文檔進行監聽,並於監聽到更新的設定文檔時,載入所述更新的設定文檔對所述多個模組進行更新配置; 所述遠端控制模組還用於對所述多個模組進行控制; 所述日誌解析系統還包括視覺化模組,所述視覺化模組利用萬維網頁面實現對所述日誌解析系統的配置視覺化。 The log parsing system as described in claim item 1, wherein the log parsing system includes a plug-in program, and the plug-in program is used to expand the plurality of modules; The log analysis system also includes a remote control module, the remote control module is used to monitor the setting file of the log analysis system according to a predetermined time, and when an updated setting file is monitored, load The updated setting file updates and configures the multiple modules; The remote control module is also used to control the plurality of modules; The log parsing system further includes a visualization module, and the visualization module realizes configuration visualization of the log parsing system by using a web page. 如請求項2所述的日誌解析系統,其中,所述日誌接入模組包含通用行讀取器; 所述遠端控制模組控制所述日誌接入模組基於所述通用行讀取器,獲取所述來自不同通信協定的日誌資料,將所述來自不同通信協定的日誌資料統一接入到所述日誌解析系統。 The log parsing system as described in claim item 2, wherein, the log access module includes a universal line reader; The remote control module controls the log access module to obtain the log data from different communication protocols based on the universal line reader, and uniformly access the log data from different communication protocols to the Describe the log parsing system. 如請求項2所述的日誌解析系統,其中,所述資料解析模組包含通用行解譯器; 所述遠端控制模組控制所述資料解析模組,基於所述通用行解譯器對所述來自不同通信協定的日誌資料進行並行解析,並基於所述通用行解譯器,對所述解析成功的日誌資料進行所述資料結構化處理。 The log parsing system as described in claim 2, wherein the data parsing module includes a general line interpreter; The remote control module controls the data analysis module, analyzes the log data from different communication protocols in parallel based on the universal line interpreter, and based on the general line interpreter, analyzes the The log data that is successfully parsed is processed for the data structure. 如請求項2所述的日誌解析系統,其中,所述資料處理模組包含通用行解譯器; 所述遠端控制模組控制所述資料處理模組,基於所述通用行解譯器對所述解析失敗的日誌來源資料和所述結構化資料進行修正,包括:刪除或替換所述解析失敗的日誌資料、為所述結構化資料添加標籤。 The log parsing system as described in claim 2, wherein the data processing module includes a general line interpreter; The remote control module controls the data processing module, and based on the universal line interpreter, corrects the log source data of the parsing failure and the structured data, including: deleting or replacing the parsing failure , tagging said structured data. 如請求項2所述的日誌解析系統,其中,所述終端包括本機存放區、透過通信協議連接的雲端和控制台。The log parsing system according to claim 2, wherein the terminal includes a local storage area, a cloud and a console connected through a communication protocol. 如請求項2所述的日誌解析系統,其中,所述遠端控制模組包含消息接收模組、資訊解析器和控制庫。The log parsing system according to claim 2, wherein the remote control module includes a message receiving module, an information parser and a control library. 如請求項7所述的日誌解析系統,其中,所述消息接收模組用於獲取對所述多個模組的控制資訊; 所述資訊解析器用於對所述控制資訊進行解析,獲得解析結果,所述解析結果包括存取控制修飾符; 所述控制庫用於根據所述存取控制修飾符對所述多個模組進行控制。 The log parsing system according to claim 7, wherein the message receiving module is used to obtain control information for the multiple modules; The information parser is used to parse the control information to obtain a parsing result, and the parsing result includes an access control modifier; The control library is used to control the multiple modules according to the access control modifier. 如請求項2所述的日誌解析系統,其中,所述視覺化模組透過萬維網頁面,對所述多個模組進行配置,生成所述多個模組的設定文檔,使得所述多個模組根據所述設定文檔對所述日誌資料進行處理;及在萬維網頁面中顯示所述多個模組的運行狀態。The log parsing system as described in claim item 2, wherein, the visualization module configures the multiple modules through the World Wide Web page, and generates the setting files of the multiple modules, so that the multiple modules The group processes the log data according to the setting file; and displays the running status of the multiple modules on the web page. 一種日誌解析方法,利用如請求項1至9中任一項所述的日誌解析系統,其中,所述方法包括: 獲取來自不同通信協定的日誌資料; 對所述來自不同通信協定的日誌資料進行並行解析,獲得解析失敗的日誌資料和解析成功的日誌資料; 對所述解析成功的日誌資料進行資料結構化處理,獲得結構化資料; 對所述解析失敗的日誌資料和所述結構化資料進行修正,獲得修正後的資料; 將所述修正後的資料輸出至終端; 按照預定的時間對所述日誌解析系統的設定文檔進行監聽,根據監聽到的設定文檔的改變對所述日誌解析系統進行更新配置; 利用萬維網頁面實現對上述日誌解析流程任務的配置視覺化。 A log parsing method, using the log parsing system according to any one of claim items 1 to 9, wherein the method includes: Obtain log data from different communication protocols; Analyzing the log data from different communication protocols in parallel to obtain the log data of failed parsing and the log data of successful parsing; performing data structuring processing on the successfully parsed log data to obtain structured data; Correcting the log data that fails to be parsed and the structured data to obtain the corrected data; Outputting the corrected data to a terminal; Monitor the configuration file of the log analysis system according to a predetermined time, and update and configure the log analysis system according to changes in the monitored configuration file; The configuration visualization of the above log parsing process tasks is realized by using a web page.
TW110124684A 2021-06-16 2021-07-05 Log analysis system and log analysis method TWI778698B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110666464.6A CN115480998A (en) 2021-06-16 2021-06-16 Log analysis system and log analysis method
CN202110666464.6 2021-06-16

Publications (2)

Publication Number Publication Date
TWI778698B TWI778698B (en) 2022-09-21
TW202301122A true TW202301122A (en) 2023-01-01

Family

ID=84419505

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110124684A TWI778698B (en) 2021-06-16 2021-07-05 Log analysis system and log analysis method

Country Status (2)

Country Link
CN (1) CN115480998A (en)
TW (1) TWI778698B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107273269B (en) * 2017-06-12 2021-04-23 北京奇虎科技有限公司 Log analysis method and device
CN109960944A (en) * 2017-12-14 2019-07-02 中兴通讯股份有限公司 A kind of data desensitization method, server, terminal and computer readable storage medium
CN109522316B (en) * 2018-11-02 2020-09-29 东软集团股份有限公司 Log processing method, device, equipment and storage medium
CN110955673A (en) * 2020-02-04 2020-04-03 医渡云(北京)技术有限公司 Data de-identification method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115480998A (en) 2022-12-16
TWI778698B (en) 2022-09-21

Similar Documents

Publication Publication Date Title
CN109313739B (en) System and method for providing visualization of workflow
US8910166B2 (en) Automatic transcoding and semantic adaptation between scripting and workflow systems
US9118538B1 (en) Method and system for configuring resources to enable resource monitoring
EP2808790A2 (en) Migration assessment for cloud computing platforms
US9935838B2 (en) Multi-stage network discovery
US8484617B2 (en) Process-driven feedback of digital asset re-use
US20220344039A1 (en) Scalable and Traceable Healthcare Analytics Management
CN112363695B (en) PMML file and integration method of runtime environment and industrial software thereof
CN111966465B (en) Method, system, equipment and medium for modifying host configuration parameters in real time
CN114327678A (en) Real-time data processing system and method supporting multiple engines
CN111400102A (en) Application program change monitoring method, device, equipment and storage medium
US9996344B2 (en) Customized runtime environment
CN113065139A (en) Alarm access method and system, electronic device and medium
TWI778698B (en) Log analysis system and log analysis method
CN113779337B (en) Supervision data uploading method, device, equipment and storage medium
CN115729590A (en) Service deployment method, device, equipment and computer readable storage medium
CN114385155A (en) vue project visualization tool generation method, device, equipment and storage medium
CN113392311A (en) Field searching method, field searching device, electronic equipment and storage medium
CN116719702B (en) Method and device for collecting open source information, electronic equipment and storage medium
Fanjiang et al. Automatic data logging and quality analysis system for mobile devices
CN116431940A (en) Link configuration method, system, equipment and storage medium
WO2020261487A1 (en) Analysis device, analysis method, and analysis program
CN115629748A (en) Method for automatically modifying information for constructing APP (application) by IOS (input/output) system
CN112965869A (en) Automatic operation and maintenance method and system for non-standardized application system
CN117950635A (en) Application development method and device of platform, electronic equipment and storage medium

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent