WO2017073119A1 - Management server and management method employing same - Google Patents

Management server and management method employing same Download PDF

Info

Publication number
WO2017073119A1
WO2017073119A1 PCT/JP2016/070711 JP2016070711W WO2017073119A1 WO 2017073119 A1 WO2017073119 A1 WO 2017073119A1 JP 2016070711 W JP2016070711 W JP 2016070711W WO 2017073119 A1 WO2017073119 A1 WO 2017073119A1
Authority
WO
WIPO (PCT)
Prior art keywords
event
processing
information
operation work
parameter
Prior art date
Application number
PCT/JP2016/070711
Other languages
French (fr)
Japanese (ja)
Inventor
美都成 小林
洋輔 肥村
保田 淑子
眞之 五十嵐
豊 井之上
Original Assignee
株式会社日立システムズ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立システムズ filed Critical 株式会社日立システムズ
Priority to MYPI2018701647A priority Critical patent/MY191557A/en
Priority to CN201680060252.0A priority patent/CN108139965B/en
Publication of WO2017073119A1 publication Critical patent/WO2017073119A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment

Definitions

  • the present invention relates to a technique for automating the actual grasp of operation work for resources in a data center or the like.
  • it is suitable for automating the actual grasp of the operation work for the virtual resource in the cloud environment where the computing resource is virtualized.
  • a virtualization technology that logically divides a physical resource such as a network, server, storage, etc. and makes it available as a plurality of virtual resources, or the virtualized resource (referred to as a virtual resource)
  • cloud management infrastructure software to manage
  • a service form called a cloud is realized in which a virtual resource is cut out from physical resources pooled in advance in the data center to construct an information processing system and provide the system to the user.
  • a cloud data center In addition to conventional operations for physical resources, various new operations for virtual resources are required.
  • the operations for virtual resources in the cloud environment include construction of virtual machines (VMs) and virtual network devices, setting change of connection relation between virtual resources, scheduled backup of VMs, and the like.
  • VMs virtual machines
  • virtual network devices setting change of connection relation between virtual resources, scheduled backup of VMs, and the like.
  • operations for virtual resources are performed based on a procedure manual created in advance.
  • the operator refers to the procedure manual and performs daily operations.
  • the implementation of human operation work causes a work error and a decrease in efficiency.
  • the current status of the operation work related to virtual resources is generally conducted through interviews with the operation worker and investigation of the operation work procedure manual. And a human error occurs. Therefore, in order to speed up and facilitate the grasp of the operation work related to the virtual resource in the cloud environment, it is necessary to specify the operation work without human intervention.
  • the operation work related to virtual resources in the cloud environment is a work for achieving one business purpose, such as the above-described VM construction and scheduled backup.
  • One operation work is an operation performed by an operator who performs one or more GUI (Graphical User Interface) operations or CLI (Command-Line Interface) command input operations (hereinafter referred to as operations and operations) on the virtual environment management server and virtualization software. To achieve this.
  • Each operation is executed as one or more processing events in the virtual environment management server or virtualization software.
  • the execution process and result are output as text data over a plurality of lines together with the output time, debugging message, etc., and recorded as a system log. That is, the system log records not only processing events related to operations but also various information such as a text message for debugging.
  • Patent Document 1 is a conventional technique for extracting an event that matches a specific key from a system log.
  • system log data output by individual devices is sequentially collected in a central server and output by a plurality of devices. Merge multiple related log lines from log mixed data using a specific character string in the log as a key.
  • Patent Document 1 only merges a plurality of lines using a specific character string as a key, and cannot extract a processing event related to an operation. In addition, parameters related to the processing event cannot be specified.
  • An object of the present invention is to extract a processing event related to an operation and specify a parameter related to the processing event.
  • One aspect of the present invention for solving the above-described problem is management that includes an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using resources of an information processing system It is a server.
  • the input device acquires one or more log data generated by the information processing system.
  • the storage device defines the correspondence between the type of processing event and the event type detection key that is a character string in the log data, the resource that is the event detection information, the type of processing event, and the character string in the log data.
  • the detailed parameter detection information that defines the correspondence relationship with the parameter extraction rule related to the is stored.
  • the processing device uses an extraction rule corresponding to the type of the processing event identified by the processing event grasping process and the processing event grasping process specifying the existence and type of the processing event by matching the log data with the event kind detection key. Is used to perform parameter extraction processing for extracting detailed parameters from log data, and processing event management information in which the detailed parameters extracted for the types of processing events are associated with each other is stored in the storage device.
  • Another aspect of the present invention is a management method using the management server or a system managed by the management method.
  • the detailed parameter detection information includes, as an extraction rule, a detailed parameter type, an extraction method corresponding to the detailed parameter type, and a detailed parameter extraction processing target log corresponding to the detailed parameter type.
  • Detailed parameter extraction processing commands corresponding to data types and detailed parameter types are included.
  • the parameter extraction processing identifies one or more detailed parameter types corresponding to the processing event type specified in the processing event grasp processing, and corresponds to the detailed parameter type according to the extraction method and the detailed parameter extraction processing command.
  • Detailed parameters are extracted from one or more log data specified by the detailed parameter extraction processing target log data type corresponding to the detailed parameter type.
  • the detailed parameter includes an identifier that uniquely identifies the resource
  • the storage device further defines the relevance of the resource of the information processing system using the identifier.
  • the processing device Based on the configuration information management information, the processing device performs processing event grouping processing in which processing event group management information obtained by grouping event types and detailed parameters of processing event management information is stored in a storage device.
  • the storage device further stores operation work mapping information for associating the processing event with the operation work, and the processing device manages the processing event group based on the operation work mapping information.
  • An operation work specifying process is performed in which a plurality of process events included in one group of information are associated with one operation work.
  • the operation work mapping information includes information on the order of the plurality of process events when a plurality of process events are associated with one operation work.
  • Another aspect of the present invention is a management server that manages an operation related to a virtual resource including at least a virtual machine, implemented in an information processing system to which a virtualization technology is applied.
  • This management server relates to one or more system log data generated by the information processing system, a type of processing event related to the operation work executed in the information processing system, and an event type character string that is a character string pattern in the system log data Detailed parameter character string pattern, which is a character string pattern in the system log, that indicates the correspondence with the pattern, the type of processing event related to the operation work executed in the information processing system, and the virtual resource that is the work target subordinate to the processing event
  • the processing event grasping unit for specifying the existence and type of the processing event, and the system log data and the detailed parameter character string pattern are specified.
  • processing parameter information related to the operation work including the detailed parameters is extracted and stored by the parameter extraction unit that extracts detailed parameters related to the operation work.
  • FIG. 1 is an overall configuration diagram of an operation work analysis system in an embodiment of the present invention. It is a functional block diagram of the operation work analysis server in the embodiment of the present invention. It is a functional block diagram of the operation work detection part in this invention Example. It is a table
  • Example 1 will be described by taking as an example a case of analyzing and grasping operation work related to virtual resources performed in the past by an operation worker in a cloud environment in which physical resources of a data center are virtualized.
  • the analysis of the virtual resource operation work is performed by the operation work analysis server that embodies this embodiment, and is a process of identifying and grasping past operation work based on the log data.
  • the cloud environment shown in the first embodiment is one form of the application portion of the present embodiment, and includes a cloud environment constructed across a plurality of data centers as an application destination.
  • FIG. 1 shows the overall configuration of the operational work analysis system in the first embodiment.
  • the components of the operation work analysis system in this embodiment include a data center 101, a network 102 outside the data center, a virtual environment connection terminal 103, and an operation work analysis server 104, and the user 105 analyzes the operation work.
  • the user 105 can grasp the operation work by operating the operation work analysis server.
  • the cloud environment that is the operation work analysis target of this embodiment is constructed in the data center 101.
  • the components in the data center 101 include a data center network 111, a virtual environment management server 112a-c, a virtual resource configuration management server 113, a network device 114, a virtualization server 115a-d, a SAN (Storage Area Network) 116, a storage 117a-c.
  • a data center network 111 a virtual environment management server 112a-c, a virtual resource configuration management server 113, a network device 114, a virtualization server 115a-d, a SAN (Storage Area Network) 116, a storage 117a-c.
  • SAN Storage Area Network
  • the data center internal network 111 provides a path for communication between various servers and communication with the network 102 outside the data center.
  • the SAN 116 is configured by a SAN device such as an FC (Fibre Channel) switch, and provides a storage I / O (Input Output) communication path between the storage 117a-c and the virtualization servers 115a-d.
  • FC Fibre Channel
  • O Input Output
  • the virtualization servers 115a-d are connected to each other via the network device 114 described above, and are connected to the outside of the data center 101. Further, as will be described later, the storage 117a-c is accessed via the SAN 116 implemented by an FC switch or the like.
  • the virtualization servers 115a-d are equipped with NIC (Network Interface Card), HBA (Host Bus Adapter), or CNA (Converged Network Adapter), and access the LAN and SAN.
  • NIC Network Interface Card
  • HBA Host Bus Adapter
  • CNA Converged Network Adapter
  • the virtualization servers 115a-d are equipped with virtual software VMM (Virtual Machine Monitor) and LPAR (Logical Partitioning), and a plurality of virtual machines (VMs) are generated by the virtualization software.
  • VMM Virtual Machine Monitor
  • LPAR Logical Partitioning
  • VMs virtual machines
  • Each virtual machine is a virtual interface on a virtual server such as vNIC (Virtual Network Interface Card), vHBA (Virtual Host Bus Adapter), vCNA (Virtual Converged Network Adapter), etc.
  • vNIC Virtual Network Interface Card
  • vHBA Virtual Host Bus Adapter
  • vCNA Virtual Converged Network Adapter
  • VMware ESXi registered trademark
  • Microsoft Hyper-V registered trademark
  • Linux registered trademark
  • KVM Kernel-based Virtual Machine
  • Citrix Xen registered trademark
  • the storage 117a-c provides an external storage area to the virtualization servers 115a-c via the SAN 116.
  • the storages 117a-c include an NPIV (N_Port ID Virtualization) for virtualizing a physical port for storage access, and an LU (Logical Unit) that is a logical volume configured in the physical storage.
  • the storages 117a-c may have a function such as LUN (Logical Unit Number) masking for associating storage ports with LUs and servers.
  • the virtual environment management servers 112a-c manage physical resources such as the virtualization servers 115a-d and storages 117a-c, and virtual resources such as virtual machines and virtual storages generated using these physical resources.
  • Examples of software that realizes the functions of the virtual environment management server 112a-c include VMware vCenter (registered trademark), Microsoft (registered trademark) System Center Virtual Machine Manager, OpenStack (registered trademark), and the like.
  • the virtual resource configuration management server 113 targets virtual resources including VMs (Virtual Machines), vNICs (Virtual Network Interface Cards), vDisks (Virtual Disks), etc.
  • This is a configuration management server having a function for collecting and managing connection relation updates in a time series.
  • the virtual resource configuration management server 113 exists in the data center 101, but the installation location of the virtual resource configuration management server 113 is not limited.
  • Configuration information may be collected periodically by issuing configuration information collection commands to the virtualization software or virtual environment management server, or on demand according to configuration change events from the virtualization software or virtual environment management server Configuration information may be collected at Any method may be used as long as the collected configuration information can be managed as history information together with the time.
  • the cloud environment constructed on the data center 101 taken up in the first embodiment does not need to include all the devices described above.
  • SAN-connected storages 117a-c are assumed as the external storage area, but a server built-in disk may be used. Further, a case where there is no virtual environment management server is also assumed.
  • the above are the components in the data center 101.
  • the network 102 outside the data center is transmitted from a terminal connected to the network 102 outside the data center by an L2 switch, an L3 switch, a firewall, a router or the like (not shown) installed outside the data center like the network 111 inside the data center. It has a role of connecting to the center 101.
  • the network 102 outside the data center may be connected to a wide area network such as the Internet.
  • a connection such as access control may be restricted for connections inside and outside the data center.
  • the virtual environment connection terminal 103 accesses the virtual environment management servers 112a-c to perform cloud environment operation, and collects log data output by the virtualization software and the virtual environment management server.
  • the operation work analysis server 104 collects log data distributed and held in the cloud environment, analyzes the log data, and visualizes the operation work.
  • the operation work analysis server 104 includes an operation work visualization unit 121, a log data analysis unit 122, a cloud configuration information management unit 123, and a log data management unit 124. These functional units will be described with reference to FIG. In FIG. 1, the operation work analysis server 104 is directly connected to the virtual environment connection terminal 103. However, the operation work analysis server 104 is connected to the network 102 outside the data center or the network 111 inside the data center and is distributed and held in the cloud environment. You may comprise so that log data may be collected.
  • FIG. 2 is a configuration example of the operation work analysis server 104.
  • the operation work analysis server 104 includes, as components, an operation work visualization unit 121, a log data analysis unit 122, a cloud configuration information management unit 123, a log data management unit 124, an operation work trend analysis unit 125, and log data management.
  • the operation work analysis server 104 receives an operation analysis start request from the user 105 via the operation work visualization unit 121.
  • the operation work visualization unit 121 executes the acquisition of log data to be analyzed by the log data management unit 124.
  • the log data analysis unit 122 also performs analysis processing on the acquired log data and information managed by the cloud configuration information management unit 123.
  • the analysis result is stored in the operation work management table 213.
  • the operation work visualization unit 121 presents the information of the operation work management table 213 to the user 105.
  • the results of the operation work analysis for each log data are stored in the trend analysis unit 214, and totalization such as frequency analysis of each operation work is performed.
  • FIG. 2 and 3 show the configuration of the embodiment with the function as one block for the sake of explanation.
  • the configuration referred to as a server in the embodiment such as the operation work analysis server 104, includes an input device, an output device, a processing device (processor or CPU), and a storage device_ (memory) as in a general computer. .
  • the physical configuration of such an embodiment will be described later with reference to FIG.
  • functions such as calculation, processing, and control are realized by a program stored in the storage device being executed by the processor, and in cooperation with other hardware as necessary.
  • a program to be executed or a configuration for realizing the function may be referred to as “function”, “means”, “unit”, “module”, “unit”, or the like in the specification and drawings.
  • the information of the embodiment may be described by expressions such as “ ⁇ table”, “ ⁇ list”, “ ⁇ DB (Database)”, “ ⁇ queue”, and the like.
  • DB, queue, etc. may be expressed other than the data structure to define the relationship between the data. Therefore, “ ⁇ table”, “ ⁇ list”, “ ⁇ DB”, “ ⁇ queue”, etc. may be referred to as “ ⁇ information” in order to show that they do not depend on the data structure.
  • one table or the like may be divided, or a plurality of tables or the like may be integrated.
  • the expressions “identification information”, “identifier”, “name”, “name”, “IDentification)” are used, but “identification information”, “identifier”, “ID” is an identification code that is unique and invariant to arbitrary information, but “name” and “name” are variable identification codes.
  • “identification information”, “identifier”, and “ID” can be replaced with each other.
  • “Name” and “name” can be replaced with each other.
  • a VM name and a VM ID are given as specific name examples indicating the difference between “ID” and “name” in the description of migration.
  • the VM name can be freely changed by an operator who manages the target VM in consideration of the usage of the VM, and duplication in the same cloud environment may be permitted.
  • the VM ID is information for uniquely identifying a target in the same cloud environment, and is therefore unique and unchanging.
  • the operation work visualization unit 121 is a functional unit that serves as an interface between the operation work analysis server 104 and the user 105 as described above.
  • the operation work visualization unit 121 receives a log data collection request or log data input as an operation work analysis request from the user 105.
  • the operation work visualization unit 121 passes this information to the log data management unit 124 and starts log acquisition / management by the log data management unit 124.
  • the operation work visualization unit starts processing execution of the log data analysis unit 122.
  • the operation work analysis result is presented to the user 105.
  • the user 105 inputs a log data collection request from another terminal and user-retained log data to the data acquisition request unit 223, and the operation work flow is visualized and presented by the operation work flow display unit 225.
  • the log data analysis unit 122 is a functional unit that performs various analyzes on log data to be analyzed.
  • the log data reference from the log data management unit 124 and the cloud configuration information reference from the cloud configuration information management unit 123 are performed.
  • processing event extraction from log data and operation work detection / specification from the extraction result are performed.
  • Information on the identified operation work is stored in the operation work management table 213.
  • the cloud configuration information management unit 123 collects virtual resource settings and changes in connection relations between virtual resources from the virtual resource configuration management server 113 in the data center 101 having the cloud environment to be analyzed, at any time. Manage cloud configuration information.
  • the configuration information to be managed is referred to by the log data analysis unit 122 and used in the process of specifying the operation work from the log data.
  • the cloud configuration information management unit 123 may update in conjunction with the configuration information change process by the virtual resource configuration management server 113.
  • the configuration information may be explicitly updated in the data acquisition request from the data acquisition request unit 223. Any method can be used as long as the cloud configuration information is managed to be the latest.
  • the log data management unit 124 collects and manages log data used for specifying operation work.
  • the log data management table 211 collects and manages log data used for operation work analysis processing. Regarding the analysis target log data acquired via the external network or input by the user 105, the log data type, the file path to the log data, and the like are stored. The log data management table 211 will be described with reference to FIGS. 4A and 4B.
  • the cloud configuration information management table 212 is a table that holds virtual resource setting information and connection relationships collected by the cloud configuration information management unit 123.
  • the cloud configuration information management table 212 will be described with reference to FIG.
  • the operation work management table 213 stores operation work information detected and specified by the log data analysis unit.
  • the information stored in the operation work management table 213 is referenced and visualized by the operation work visualization unit 121 after the operation work analysis is completed.
  • the operation work management table 213 will be described with reference to FIG.
  • the trend analysis unit 214 accumulates the operation work analysis results performed by the operation work analysis server 104, and performs aggregation processing and trend analysis processing on the analysis results. Aggregation processing and trend analysis, for example, counts the number according to the set items, such as for each user and each operation work, or totals the cases when two or more operation work is performed continuously, and is highly relevant operation For example, a process for estimating a set of tasks.
  • the operation work visualization unit 121 includes a setting information editing unit 221, a trend analysis display unit 222, a data acquisition request unit 223, an analysis start request unit 224, and an operation work flow display unit 225.
  • the data acquisition request unit 223 receives the specification of the analysis target log data from the user 105 and starts acquiring the log data.
  • the analysis start request unit 224 performs the analysis process of the log data analysis unit 122.
  • the setting information editing unit 221 and the trend analysis display unit 222 are not directly involved in the execution of the operation analysis process.
  • the setting information editing unit 221 provides a user interface that enables interactive editing of the setting information (log format management table 243 and operation work mapping table 237 required for analysis of log data (setting information input unit 1413 in FIG. 14). Shows an example of the edit screen of the operation work mapping table 237).
  • the analysis start request unit 224 requests the log data analysis unit 122 to analyze the log data.
  • the data acquisition request unit 223 receives a log data analysis request from the user 105 and issues a collection request for each data necessary for the analysis.
  • the log data held by the user is input to the log data management unit, the log data is input to the log data receiving unit 232, and when the log data is not input, the user
  • a log data acquisition request including input information (such as access information to a remote server having log data) is issued to the log data collection unit 231.
  • a cloud configuration information collection request is issued to the cloud configuration information management unit 123.
  • the trend analysis display unit 222 is a function for displaying the analysis result by the trend analysis unit 214.
  • a display example is 1412 in FIG.
  • the operation work flow display unit 225 provides a function of displaying the obtained analysis result with reference to the operation work management table 213 in which the analysis result by the log data analysis unit 122 is stored.
  • the log data management unit 124 collects and manages log data used for operation work analysis processing.
  • the log data management unit 124 includes a log data collection unit 231 and a log data reception unit 232. Depending on the request content from the data acquisition request unit 223, the log data collection unit 231 collects log data from outside the operation work analysis server, or the log data reception unit 232 accepts log data input by the user 105.
  • the log data receiving unit 232 receives the log data to be analyzed input by the user 105 via the operation work visualization unit 121.
  • the received log data is stored in the log data management table 211.
  • the log data collection unit 231 uses the data acquisition request unit 223 based on the analysis target (access information to the remote server or designation of the log file to be acquired (not shown)) input by the user, etc. Collect log data that exists outside the operational work analysis server and log data directly to the cloud environment. The collected log data is stored in the log data management table 211.
  • the log data analysis unit 122 includes a processing event extraction unit 233, an operation work detection unit 234, an operation work mapping table management unit 235, a processing event management table 236, and an operation work mapping table 237.
  • the process event extraction unit 233 stores the analysis target log data from the log data management unit 124, the process event extraction from the log data, and the process event management table 236 of the extraction process event.
  • the operation work detection unit 234 identifies the operation work according to the information of the operation work mapping table 237 managed by the operation work mapping table management unit 235.
  • the operation work detection unit 234 specifies the correspondence between the operation work and the processing event, the operation work detection unit 234 sequentially stores the specified results in the operation work management table 213.
  • Processing event extraction unit 233 extracts processing events and parameters associated with the processing events from the log data to be analyzed.
  • the extraction processing event is an internal processing unit by the virtual environment management server 112 or the virtualization server 115 in accordance with an operation operation by the virtual resource operator.
  • One or more processing events are processed by one operation operation of the operation worker, and the processing result is output to the log data in a text format.
  • the parameter associated with the processing event includes, for example, an identifier of a virtual resource that is a processing target of the processing event (such as an identifier of VM or vDisk).
  • the operation work detection unit 234 specifies an operation work from the processing event extracted by the processing event extraction unit 233, and holds the specified operation work information in the operation work management table 213.
  • the operation work mapping table management unit 235 refers to and edits information for mapping the operation work and the processing event held in the operation work mapping table 237.
  • the operation work and processing event mapping information held in the operation work mapping table 237 can be edited by the user 105 such as information addition or new creation.
  • the setting information editing unit 221 serves as an interface with the user 105, and the input content to the GUI screen (setting information input unit 1413) is passed to the operation work mapping table management unit 235, and the operation work mapping table 237 is stored. Edited.
  • the user 105 can read a text file or the like created in an environment other than the operation work analysis server 104 without using the GUI, and can edit or newly create the operation work mapping table 237. Good.
  • the processing event management table 236 holds the processing event extracted by the processing event extraction unit 233 and parameters associated with the processing event, and is referred to by the operation work detection unit 234. The configuration of the processing event management table 236 will be described with reference to FIG.
  • the operation work mapping table 237 holds processing event sequences and operation work correspondence information, and is referred to by the operation work detection unit 234. The configuration of the operation work mapping table 237 will be described with reference to FIG.
  • the processing event extraction unit 233 includes a processing event grasping unit 241, a parameter extraction unit 242, and a log format management table 243.
  • the processing event extraction unit 233 refers to the analysis processing information matched with the format of the analysis target log data from the log format management table 243. Based on this information, the processing event grasping unit 241 grasps the processing event from the analysis target log data, and the parameter extracting unit 242 extracts the parameters of each processing event.
  • the processing event grasping unit 241 detects a processing event related to the operation work from the log data to be analyzed.
  • the parameter extraction unit 242 extracts parameters associated with the processing event for each processing event detected by the processing event grasping unit 241.
  • the log format management table 243 manages processing contents for log data executed by the processing event grasping unit 241 and the parameter extracting unit 242.
  • the log format management table 243 will be described with reference to FIG.
  • the operation work detection unit 234 includes a process event grouping unit 251, an operation work specifying unit 252, and a process event group management table 253.
  • the operation work detection unit 234 performs grouping processing by the processing event grouping unit on the processing event data set stored in the processing event management table 236, and stores the grouped processing event sequence in the processing event group management table 253. To do.
  • the operation work specifying unit 252 performs a mapping process between a process event partial sequence and an operation work for each grouping process event sequence.
  • the processing event grouping unit 251 refers to the data set of processing events stored in the processing event management table 236 and the cloud configuration information stored in the cloud configuration information management unit 123.
  • the VM and system identifier information is acquired from the cloud configuration information, and the processing event data set is grouped based on the identifier information.
  • the grouping result is stored in the processing event group management table 253.
  • the operation work specifying unit 252 first refers to the operation work mapping table 237. For each processing event sequence grouped by the processing event grouping unit 251, the processing event subsequence and the operation work mapping location are detected based on the referenced operation work mapping information. The detected mapping information is stored in the operation work management table 213.
  • the processing event group management table 253 manages the processing event group by adding information for identifying each group to the processing event sequence grouped by the processing event grouping unit 251. A more detailed description of the operation work detection unit 234 will be given with reference to FIG.
  • FIG. 3 shows the configuration of the operation work detection unit 234.
  • the operation work detection unit 234 includes a process event grouping unit 251, an operation work specifying unit 252, and a process event group management table 253. Further, the operation work detection unit 234 includes VM configuration information tables 311a-c as temporary information.
  • the processing event grouping unit 251 includes an in-cloud VM configuration information reference unit 321, a VM related device ID acquisition unit 322, and a processing event group extraction unit 323.
  • the processing event grouping unit 251 uses the in-cloud VM configuration information reference unit 321 to refer to the cloud configuration information management table 212 for each VM.
  • the VM related device ID acquisition unit 322 acquires identifier information of an arbitrary VM and a device connected to the VM from the configuration information of the referenced VM unit, refers to the processing event management table 236 using the acquired identifier as key information,
  • the reference results are grouped and stored in the processing event group management table 253.
  • the in-cloud VM configuration information reference unit 321 refers to the table information of the cloud configuration information management table 212 for each VM.
  • the processing event grouping unit 251 uses the VM ID and the device ID related to the VM managed in the configuration information tables 311a-c of each VM in order to group the processing events for each VM.
  • Each VM configuration information table 311a-c is obtained by acquiring row data having the same VM ID 911 value as the configuration information table 311a-c of the same VM with respect to the information included in the cloud configuration management table of FIG.
  • the VM related device ID acquisition unit 322 extracts information (VM and related device identifier information, configuration information change time, etc.) necessary for processing by the processing event group extraction unit 323 from each VM configuration information table 311a-c, The data is input to the processing event group extraction unit 323.
  • the processing event group extraction unit 323 refers to the processing event management table 236 using the information input from the VM related device ID acquisition unit 322 as key information.
  • the reference result includes a processing event for a related device in addition to a processing event for a VM.
  • the above reference result is stored in the processing event group management table 253 by newly adding a VM identifier as a group identifier.
  • the operation work specifying unit 252 includes an operation work mapping table reference unit 331, a processing event group reference unit 332, and an operation work mapping processing unit 333.
  • the operation work mapping table reference unit 331 refers to the operation work mapping table 237.
  • the processing event group reference unit 332 refers to each processing event group from the processing event group management table 253.
  • the operation work mapping processing unit 333 detects a process event subsequence that matches the mapping information of the operation work and the process event sequence defined in the operation work mapping table from the process event sequence of the referenced process event group, and displays the detection result. Stored in the operation work management table 213.
  • the operation work mapping table reference unit 331 refers to the operation work mapping table 237.
  • the processing event group reference unit 332 sets the row data having the same group ID 711 as one processing event group from the processing events stored in the processing event group management table 253, and refers to each processing event group.
  • the operation work mapping processing unit 333 performs work mapping processing based on each processing event group referred to by the processing event group reference unit 332 and the operation work mapping table 237.
  • the processing event group management table 253 manages the processing event group by adding information for identifying each group to the processing event sequence grouped by the processing event grouping unit 251. Details of the processing event group management table 253 will be described with reference to FIG. Details of the processing flow of the operation work detection unit 234 will be described with reference to FIG.
  • FIG. 4A shows a configuration example of the log data management table 211.
  • the log data management table 211 is a log data type 411, a log data acquisition ID 412, an acquisition date and time 413, and log data reference for individual log data (used as a file in this embodiment) used for operational work analysis.
  • Information 414 is managed.
  • Each row data 431, 432, 433 manages one log data file.
  • the log data type 411 includes a cloud environment type 421 and a log file type 422 for each log data file.
  • the format of log data differs depending on the log standard such as virtualization software, virtual environment management server, system log, event log, etc. to realize cloud environment. It is necessary to selectively perform appropriate processing for each file.
  • Information on the cloud environment type 421 and the log file type 422 is used to select the log format management table 243 as the log type used for analysis.
  • the log data acquisition ID 412 is information for identifying the relationship between log data in the log data management table 211. In one operation work analysis according to the application of the present embodiment, a plurality of types of log data may be used even in the operation work analysis for a single cloud environment, and the log data acquisition ID 412 associates them.
  • the log data collection unit 231 or the log data reception unit 232 holds the same log data acquisition ID 412 as key information for a plurality of types of log data files obtained by one log data acquisition.
  • Acquisition date 413 indicates the acquisition date of each log data file.
  • the log data reference information 414 is file path information for referring to the acquired log data file. An example of the log data file associated with the row data 431 414 is shown at 441.
  • Fig. 4B shows an example of log data.
  • Log data is generated by a device or software constituting the system.
  • the log data is an execution history of processing events executed on the cloud platform as a result of execution of operation work.
  • log data is recorded on a plurality of lines of text data in units of one line for execution results and progress of processing events for processing events executed on a device or software.
  • the information included in the log data includes processing event information executed inside the virtual environment management server and virtualization server, but does not include information that directly suggests the operation work (such as scheduled VM backup). .
  • FIG. 5 shows the configuration of the log format management table 243.
  • the log format management table 243 is a table necessary for extracting processing events executed by the virtualization servers 115a to 115d or the virtual environment management server 112 from log data collected for operational work analysis.
  • the log format management table 243 includes event detection information 511 and detailed parameter detection information 512.
  • the event detection information 511 is mainly referred to by the processing event grasping unit 241 and used for event grasping.
  • the detailed parameter detection information 512 is referred to by the parameter extraction unit 242 in order to acquire a parameter associated with the processing event for each processing event grasped by the processing event grasping unit 241.
  • the event detection information 511 includes a target log type 521, an event type specific log line detection key 522, and a processing event type 523.
  • the target log type 521 includes a cloud environment type 531 and a log file type 532.
  • the event detection information 511 is used to uniquely determine an event type specific log row detection key 522 for detecting a log row related to a processing event with respect to the analysis target log file, and the log data file is stored in the processing event grasping unit 241. Is input, a row having event detection information 511 that matches the log data type 411 attached to the log file is selected.
  • the process event grasping unit 241 uses the event type specific log line detection key 522 included in the selected log line to detect the presence / absence of a process event from the input log data and to detect the event of each detected process event. Get the log line that contains the type.
  • the detailed parameter detection information 512 includes an extraction target parameter 524, an extraction method 525, a target log file type 526, and parameter extraction processing template information 527.
  • an extraction method 525 for a parameter to be acquired, a target log file type 526 including parameter information, and a parameter for the target log file according to the processing event type of the processing event Extraction processing template information 527 is defined.
  • the processing other than the log row related to the processing event is regulated, such as the difference comparison between specific log rows and the reference to the cloud configuration information management table 212. May be.
  • parameter extraction processing for log files other than the log file that detected the processing event in the processing event of the virtual resource setting information change or the like May be specified.
  • parameter extraction processing may be defined not only by acquiring key value values of specific log lines but also by differences or comparison of key value values in a plurality of log lines.
  • the log format management table 243 can be created manually by the system administrator and stored in the storage device of the operation work analysis server 104. By using the event detection information 511 of the log format management table 243, it is possible to detect the processing event and its type from the log file.
  • the rule includes at least one of the type or parameter name of the parameter to be extracted, the extraction method, the target log file type, the model of the parameter extraction process, and the like corresponding to the processing event.
  • the target log file type By defining the target log file type, detailed parameters corresponding to the processing event type can be extracted from the log file even when the parameter to be extracted is in another file.
  • the specific extraction process is executed by extracting the detailed parameter character string pattern, which is the character string pattern in the log file, by matching the character string of the information held in the rule with the character string in the log file. Can do.
  • FIG. 6 shows the configuration of the processing event management table 236.
  • the processing event management table 236 is configured to structure each processing event extracted by the processing event extraction unit 233 in a table format and manage it in units of rows.
  • the processing event management table 236 includes an execution time 611, a processing event type 612, and a processing event parameter 613 as information regarding each processing event.
  • the execution time 611 is information on the execution time of each processing event extracted by the processing event extraction unit 233.
  • the process event type 612 is a process event type name of each process event.
  • the processing event parameter 613 is obtained by storing each parameter acquired by the parameter extraction unit 242 in association with a parameter name and a parameter value for each processing event.
  • the number of parameters for each processing event need not be a fixed length, but may be a variable length.
  • the parameter name includes the type of resource (such as Disk ID) and the type of change target item (such as memory size), and the parameter includes a resource identifier (such as Disk-23) and a set value after change of the change target item (4096). MB).
  • FIG. 7 shows the configuration of the processing event group management table 253.
  • the processing event group management table 253 includes processing events grouped by the processing event grouping unit 251.
  • the processing event group managed by the processing event group management table 253 has a VM ID 711 as a group ID.
  • VM ID 711 as a group ID.
  • each row corresponds to one processing event.
  • the VM ID 711 can be referred to as search key information.
  • FIG. 8 shows the configuration of the operation work mapping table 237.
  • the operation work mapping table 237 managed by the operation work mapping table management unit 235 is referred to by the operation work specifying unit 252 and used for processing for specifying the correspondence between the processing event and the operation work.
  • the operation work mapping table 237 has definition information for mapping priority 811, operation work name 812, operation work identifier 813, processing event sequence 814, order 815, association time range 817, and overlap 818.
  • the mapping priority 811 defines work that needs to be preferentially mapped in the operation work specifying process. Taking 821 and 824 indicating mapping information of different operation tasks as an example, different operation tasks may be candidates for association with respect to the same processing event sequence 814. In order to solve this, the information specifying the processing event and the operation work to be preferentially mapped is the mapping priority 811, and the operation work specifying process is performed in order from the operation work having the highest mapping priority 811. (In the present embodiment, the operation work is performed in order from the smallest priority value).
  • the operation work name 812 and the operation work identifier 813 are information for identifying the operation work.
  • the process event sequence 814 defines a process event subsequence corresponding to the operation work.
  • the order 815 defines the order in which each processing event should appear in the processing event sequence corresponding to the operation work.
  • a process event sequence in which process events do not appear in the order defined in 815 is not associated with an operation work.
  • the device ID type 816 defines the virtual resource type targeted by each processing event.
  • the association time range 817 defines the upper limit of the time range from the first processing event to the end processing event for the processing event subsequence corresponding to the operation work. Based on the information in the association time range 817, a plurality of different events greatly separated in time can be prevented from being identified as one operation work.
  • the association time range 817 is determined corresponding to the operation work name 812, but may be determined corresponding to the device ID type 816. The method determined in accordance with the device ID type 816 is effective, for example, when there is a difference in the hard disk capacity for each model.
  • the association time range 817 may be a fixed value or may be variable by an operation by an operator.
  • Duplicate 818 defines whether duplication is allowed in the process event sequence corresponding to the operation work. A flag of “No” is set for an event that should appear only once, and a “Yes” flag is set for an event that may appear once or more. By using the information of the duplication 818, it is possible to appropriately detect the operation work from the system log even when one operation work generates a different number of processing events according to the work content.
  • the specific operation work specifying process in the present embodiment is a process event in the process event group stored in the process event group management table 253 (FIG. 7) according to the execution time 611.
  • This is a process for detecting the process event sequence 814 from the process event sequence arranged in the sequence order according to the constraints such as the order and time range defined in the operation work mapping table 237 (FIG. 8).
  • the detected result is stored in the operation work management table 213 (FIG. 10).
  • FIG. 9 shows the configuration of the cloud configuration information management table 212.
  • the cloud configuration information management table 212 includes configuration information of virtual resources such as VMs and virtual DIsks that exist in the cloud environment in the data center 101.
  • the devices associated with individual VMs do not need to have a fixed length and may be variable.
  • the cloud configuration information management table 212 holds changes in configuration information in time series for each VM.
  • the cloud configuration information management table 212 has VM ID 911, 912 configuration information valid period start time 912, configuration information valid period end time 913, and related device connection information shown in 914. Each row indicates the configuration information taken from the configuration information valid period start time 912 to the configuration information valid period end time 913 in the corresponding VM (the time information of both is not necessarily required and at any past time) It only needs to be able to search the configuration information).
  • the cloud configuration information management table 212 has a VM ID 911, and when referring to configuration information and changes thereof for individual VMs, the VM ID 911 can be referred to as key information.
  • the related device connection information 914 in the cloud configuration information management table 212 can indicate the relationship between resources using, for example, a resource identifier. Based on the resource identifier of the related device connection information 914, a processing event having a related resource identifier can be extracted and grouped from a plurality of processing events stored in the processing event management table 236 (FIG. 6). . The grouping result is stored as a processing event group management table 253 (FIG. 7).
  • FIG. 10 shows the configuration of the operation work management table 213.
  • the operation work management table 213 includes a VM ID 711, an execution time 611, an operation work identifier 1011, a process event type 612, and a process event parameter 613.
  • the operation work management table 213 manages the operation work information specified from the processing event group by the operation work detection unit 234 and is referred to from the operation work flow display unit 225.
  • the operation work management table 213 stores information in which the operation work is associated with the process event sequence stored in the process event group management table 253, the VM ID 711, the execution time 611, the process event type 612, The processing event parameter 613 has information equivalent to the information described in the processing event group management table of FIG.
  • the operation work identifier 1011 is identifier information for identifying the associated operation work for each processing event sequence. In the example of FIG. 10, it can be seen that the processing events from the top to the third line are a series of events of the same operation work.
  • FIG. 11 shows an overall processing flow from log data acquisition to operation work flow display in the operation work analysis server 104.
  • the operation work analysis server 104 acquires log data according to the input of the user 105 (S1111).
  • log data acquisition operation work analysis is performed by inputting external terminal connection information to be accessed for log data collection and sending a log data collection request, or by accepting input of a log data file held by the user 105.
  • the log data collection unit 231 When collecting log data from other terminals, the log data collection unit 231 obtains log data from other terminals based on the connection destination information (IP address, login user name, password, etc.) already entered by the user. The log data thus stored is stored in the log data management table 211 (S1121).
  • a method of acquiring log data already acquired on the virtual environment management terminal by file transfer or the like, or virtual environment management of the data center 101 via the virtual environment connection terminal 103 A method of connecting to the server 112 and acquiring log data is included.
  • the log data receiving unit 232 When performing the operation work analysis using the log data held by the user as input, the log data receiving unit 232 stores the log data input by the user in the log data management table 211 (S1122).
  • the cloud configuration information management unit 123 holds the latest cloud configuration information in cooperation with the virtual resource configuration management server 113, but the cloud configuration information is not linked or the latest cloud configuration If the information is not held, the cloud configuration information is acquired from the virtual resource configuration management server 113 and stored in the cloud configuration information management table 212 (S1112).
  • step S1113 uses the log data acquired in step S1121 or step S1122 and the log format management table 243 to extract processing events and stored in the processing event management table (S1113). Details of the processing flow of step S1113 will be described with reference to FIG.
  • the processing event grouping unit 251 uses the cloud configuration information managed in the cloud configuration information management table 212 to group the processing events extracted in S1113 into VM units and stores them in the processing event group management table 253. (S1114). Details of the processing flow of step S1114 will be described with reference to FIG.
  • the operation work specifying unit 252 specifies an operation work for each process event group managed by the process event group management table 253 using the operation work mapping table 237, and the result is the operation work management table. It is stored in 213 (S1115). Details of the processing flow of step S1115 will be described with reference to FIG.
  • the operation work flow display unit 225 refers to the operation work information stored in the operation work management table 213 for each processing event group (VM), and renders the information rearranged in time series (S1116). .
  • VM processing event group
  • S1116 time series
  • FIG. 12 shows a flow of processing event extraction processing from log data in the processing event extraction unit 233.
  • the log data management unit 124 refers to the log type of the log data, and reads event detection information matching the analysis target log data type from the log format management table 243 (S1211).
  • log lines including the event type specific log line detection key 522 defined in the log format management table 243 read in S1211 are detected (S1221).
  • a process event type is specified by extracting specific field data in the target log line, a character string matching process with a known process event type 523, and the like, and the target log type 521 is stored in the log format management table 243.
  • the detailed parameter detection information 512 defined for each processing event type 523 is read (S1222).
  • Extraction processing is executed for each extraction target parameter defined in the detailed parameter detection information 512 (S1231-1233).
  • the extraction process is performed by reading the target log file type 526 defined in the detailed parameter detection information 512 and using the parameter extraction process template information 527.
  • a file different from the log file in which the processing event was detected in S1221 may be used (543-544).
  • the extracted processing event stores the processing event name (S1222), the extraction parameter (extracted in S1231-S1233), and time information (such as the time stamp of the detection log line in S1222) in the processing event management table 236 (S1223).
  • the above is the flow of processing event extraction processing from log data in the processing event extraction unit 233.
  • FIG. 13 shows an operation work detection process flow in the operation work detection unit 234.
  • the in-cloud VM configuration information reference unit 321 acquires the configuration information tables 311a-c for each VM from the cloud configuration information management table 212 (S1311).
  • the VM related device ID acquisition unit 322 reads one table entry for each configuration information table 311. Each row indicates the configuration information that the VM having the target VM ID 911 took within the configuration information valid period (912, 913).
  • the process event group extraction unit 323 acquires the device ID and VM ID 911 defined in the related device connection information 914 (S1332).
  • the processing event detected in S1333 is stored in the processing event group management table 253 in association with the VM ID acquired in S1332 and the group ID 711 of the processing event group (S1334).
  • S1332-S1334 is performed for all table entry rows (S1335).
  • the operation work specifying unit 252 reads the operation work mapping table 237 (S1312), and the process event group reference unit 332 refers to one process event group from the process event group management table 253 (S1341).
  • the operation work mapping information read in S1312 is read one by one from the one with the highest mapping priority 811 (S1351), and the operation work mapping processing unit 333 performs the mapping process between the operation work and the process event sequence in the process event group. (S1352).
  • the process event sequence 814 corresponding to each operation work is detected from the process event sequence in the process event group.
  • the detection of the process event sequence is realized by applying, for example, the Brute force algorithm, but the present invention is not limited to this method, and an appropriate method may be used.
  • the detected process event subsequence is stored in the operation work management table together with the operation work identifier (S1353).
  • the operation work detection process flow in the operation work detection unit 234 has been described above.
  • the operation work detection process of FIG. 13 is performed on the automatically generated information in the process event management table of FIG.
  • processing event types and processing event parameters in the processing event management table may be processed based on data manually input by the operator.
  • FIG. 14 is an example of a GUI (Graphical User Interface) screen 1401 that the operation work visualization unit 121 presents to the user 105.
  • the GUI screen 1401 includes, for example, an operation work analysis operation unit 1411, an operation work trend analysis display unit 1412, and a setting information input unit 1413.
  • the operation work analysis operation unit 1411 displays and operates the operation work flow acquired as a result of the operation work analysis.
  • the operation work trend analysis display unit 1412 displays a frequency analysis for each operation work with respect to the operation work analysis result.
  • the operation work trend analysis display unit may provide an analysis process for the operation work analysis result performed in the past.
  • the setting information input unit 1413 is a functional unit that accepts a change input to setting information (for example, the log format management table 243 and the operation work mapping table 237) used for analysis processing for log data, and the change content is the setting information editing unit 221. Is reflected in each table. Specify the analysis target cloud environment or log data file, and start log data collection and analysis.
  • the operation work analysis operation unit 1411 includes an analysis target log data acquisition information input unit 1421, an operation work flow display panel operation unit 1422, and an operation work flow display panel unit 1423.
  • the analysis target log data acquisition information input unit 1421 receives other terminal connection information connected to the log data collection unit 231 and the log data file path to be passed to the log data reception unit 232 in order to acquire log data used for analysis processing. It is a functional part that accepts.
  • the operation workflow display panel operation unit 1422 operates the display contents of the flowchart displayed on the operation workflow display panel unit 1423.
  • Examples of the operation contents include the presence / absence of designation of a VM for which the operation work is to be grasped, designation of a period for displaying the operation work flow, and the like.
  • the operation work flow display panel unit 1423 refers to the operation work information managed in the operation work management table 213 for each VM ID 711 as an analysis result, and forms an order shaping flowchart based on the execution time 611 of the referenced operation work information. indicate. Note that the order 0 means no order.
  • the information processing system generates one or more system log data and specifies the system log data.
  • one or more processing event information or one or more operation work information is specified based on one or more parameters related to configuration information including a virtual resource identifier in the information processing system environment, and processing event information Alternatively, the operation efficiency can be improved by displaying the operation work information.
  • FIG. 15 is a series of sequence diagrams for reviewing the existing operation work status and examining improvement measures by grasping the data center operation work using the operation work analysis server.
  • the log data to be analyzed is automatically generated by daily cloud environment operation work by a data center operator.
  • the log data is acquired via the network by the log data collection unit 231, or the log data receiving unit 232 inputs the log data received from the data center operator in advance by the operation work analysis executor to perform analysis processing. .
  • the operational work flow obtained as an analysis result indicates the current operational work implementation status. Based on this information, the data center operator and the operation work analyst examine operation work improvement measures by automating frequently executed operation work.
  • FIG. 16 shows an example of the device configuration of the operation work analysis server 104.
  • the operation work analysis server 104 can be realized by using a general computer including a CPU 1621, a memory 1622, and an auxiliary storage device 1623.
  • each function which comprises each apparatus is embodied on the said computer, when CPU runs the program stored in the auxiliary storage device.
  • Each program may be stored in advance in the auxiliary storage device 1623 in the computer.
  • each program may be introduced into the storage device from another device via a medium that can be used by the computer via a communication interface 1624 such as a LAN interface or a media interface 1625 when necessary.
  • the medium refers to, for example, a communication medium (that is, a wired, wireless, optical, or other network, a carrier wave or a digital signal that propagates through the network), or an external storage medium 1613 that can be attached to and detached from the media interface 1625.
  • the operation work analysis server 104 is connected to the console 1633 via the input / output device 1626.
  • the external storage device (auxiliary storage device) 1623 operates including the log data management table 211 and the cloud configuration information management table 212 acquired via the virtual environment connection terminal 103 connected via the network 1631. It functions as a storage device for storing a log format management table 243, a processing event management table 236, a processing event group management table 253, and an operation work mapping table 237 used in the work analysis process.
  • the CPU 1621 manages the above-described information used in the operation work analysis, and functions as a controller that constitutes the operation work visualization unit 121, the log data analysis unit 122, the cloud configuration information management unit 123, and the log data management unit 124.
  • the console 1633 is a control target of the controller (CPU 1621) and functions as a display device that displays information according to instructions from the CPU 1621.
  • the operation work performed by the operation worker in the past from the system log data automatically generated by the virtualization software or the virtual environment management server according to the operation work for the cloud environment.
  • the identified operation work can be displayed in time series, the actual condition of the operation work for the cloud environment can be quickly and accurately performed.
  • operations can be performed from one or more virtualization software in a cloud environment or a system log generated by the virtual environment management server.
  • One or more processing events related to the can be identified.
  • the operation work that is the source of the process event is identified from one or more process events related to the operation be able to.
  • each server may be configured by a single computer, or any other part of an input device, an output device, a processing device, or a storage device may be connected via a network. You may comprise with a computer.
  • functions equivalent to those configured by software can be realized by hardware such as FPGA (Field Programmable Gate Array) and ASIC (Application Specific Integrated Circuit). Such an embodiment is also included in the scope of the present invention.
  • the present invention is not limited to the above-described embodiment, and includes various modifications.
  • a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment.
  • invention 1 In a management server that has an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using a resource of an information processing system,
  • the storage device Processing event management information for managing a plurality of processing events executed in the information processing system in association with a parameter including an identifier for identifying the resource used for the processing event; Storing configuration information management information indicating the relationship between the resources using the identifier;
  • the processor is A processing event grouping unit that refers to the configuration information management information, groups the plurality of processing events for each related processing event, and stores the grouped processing event group management information in the storage device. Management server or management method using it.
  • invention 2 The storage device Corresponding to the operation work, storing operation work mapping information for storing a plurality of processing events together with order information,
  • the processor is An operation work specifying unit that refers to the operation work mapping information, associates process events belonging to the same group of process event group management information with different operation works, and stores them in the storage device as operation work management information, A management server according to invention 1, or a management method using the management server.
  • the configuration information management information includes connection relation information between virtual resources that are resources, The processing event grouping unit Identifying one or more virtual resources in a connection relationship based on the connection relationship information between the virtual resources; The management server of invention 2, or the management method using the same.
  • connection relation information between the virtual resources includes connection relation information between virtual resources at a plurality of points in time
  • the processing event management information includes execution time information of each processing event
  • the processing event grouping unit further includes: Identifying connection relation information between the virtual resources for the execution time information; A management server according to invention 3, or a management method using the management server.
  • the management server that manages an operation work related to a virtual resource including at least a virtual machine, which is implemented in an information processing system to which a virtualization technology is applied.
  • the management server associates a processing event management table that manages one or more processing events executed in the information processing system, one or more processing events, and an operation work performed in the information processing system.
  • a mapping table and system configuration information related to a virtual resource to be operated by the information processing system are provided, and the processing event management table further includes a virtual resource identifier that is processed by each processing event.
  • the management server performs a matching process on the process event in the process event management table based on one or more virtual resource identifiers included in the system configuration information and one or more process events specified by the operation work mapping table.
  • An operation work detection unit is provided, and one or more operation work is specified from the processing event.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A problem to be addressed by the present invention is to extract a process event relating to an operation, and to identify a parameter which is associated with the process event. Provided is a management server, which comprises an input device, an output device, a processing device, and a storage device, and which manages operations which are executed by process events, using information processing system resources. With this server, the input device acquires one or more instances of log data which the information processing system has generated. The storage device stores event detection information which defines correspondences between event type detection keys, which are text strings in the log data, and process event types, and parameter detection information which defines correspondences between the process event types and rules for extracting parameters which are associated with resources, said rules being text strings in the log data. The processing device carries out a process event ascertainment process of identifying the occurrence and type of a process event, by searching for matches between instances in the log data and the event type detection keys, and a parameter extraction process of, using the extraction rules, extracting the parameters from the log data, in correspondence with the type of process event which has been identified by the process event ascertainment process. The processing device stores in the storage device process event management information in which the extracted parameters are associated with the process event types.

Description

管理サーバ及びこれを用いた管理方法Management server and management method using the same
 本発明は、データセンタ等において、リソースに対する運用作業の実態把握を自動化する技術に関する。特に、計算リソースが仮想化されたクラウド環境において、仮想リソースに対する運用作業の実態把握を自動化するのに好適である。 The present invention relates to a technique for automating the actual grasp of operation work for resources in a data center or the like. In particular, it is suitable for automating the actual grasp of the operation work for the virtual resource in the cloud environment where the computing resource is virtualized.
 情報処理システムにおいて、ネットワーク、サーバ、ストレージなどの物理リソースを論理的に分割して複数の仮想的なリソースとして利用可能にする仮想化技術や、仮想化された上記リソース(仮想リソースと呼ぶ)を管理するソフトウェア(クラウド管理基盤と呼ぶ)の利用が普及した。その結果、データセンタ内に事前にプール化された物理リソースから仮想リソースを切り出して情報処理システムを構築し、そのシステムを利用者に提供するクラウドと呼ばれるサービス形態が可能となった。 In an information processing system, a virtualization technology that logically divides a physical resource such as a network, server, storage, etc. and makes it available as a plurality of virtual resources, or the virtualized resource (referred to as a virtual resource) The use of software to manage (referred to as cloud management infrastructure) has become widespread. As a result, a service form called a cloud is realized in which a virtual resource is cut out from physical resources pooled in advance in the data center to construct an information processing system and provide the system to the user.
 クラウド化されたデータセンタ(クラウド環境と呼ぶ)では、従来の物理リソースに対する運用作業に加え、仮想リソースに対する様々な運用作業が新たに必要となる。クラウド環境における仮想リソースに対する運用作業には、仮想マシン(VM)や仮想ネットワーク装置などの構築、仮想リソース間の接続関係の設定変更、VMの定時バックアップなどが含まれる。 In a cloud data center (referred to as a cloud environment), in addition to conventional operations for physical resources, various new operations for virtual resources are required. The operations for virtual resources in the cloud environment include construction of virtual machines (VMs) and virtual network devices, setting change of connection relation between virtual resources, scheduled backup of VMs, and the like.
 一般的に、仮想リソースに対する運用作業は、あらかじめ作成された手順書に基づき行われる。運用者は、手順書を参照して日々の運用を行うが、人的な運用作業の実施は作業ミスや効率低下を引き起こす。 Generally, operations for virtual resources are performed based on a procedure manual created in advance. The operator refers to the procedure manual and performs daily operations. However, the implementation of human operation work causes a work error and a decrease in efficiency.
 こうした問題を改善するためには、運用作業の現状を把握することが有効である。例えば、クラウド環境内で、過去に行われた個々の運用作業について、作業時刻や作業対象の仮想リソース(作業対象リソースと呼ぶ)を把握することが有効である。 把握 To improve these problems, it is effective to grasp the current state of operation work. For example, it is effective to grasp the work time and work target virtual resources (referred to as work target resources) for each operation work performed in the past in a cloud environment.
 仮想リソースに関する運用作業の現状把握は、運用作業者へのヒアリングや、運用作業手順書の調査により行うことが一般的であるが、こうした把握手法もまた人手により実施されるため、把握作業に時間がかかり人的エラーも発生するという問題がある。したがって、クラウド環境における仮想リソースに関する運用作業の把握を迅速化および容易化するためには、人手を介さずに運用作業を特定する必要がある。 The current status of the operation work related to virtual resources is generally conducted through interviews with the operation worker and investigation of the operation work procedure manual. And a human error occurs. Therefore, in order to speed up and facilitate the grasp of the operation work related to the virtual resource in the cloud environment, it is necessary to specify the operation work without human intervention.
 クラウド環境における仮想リソースに関する運用作業は、上述のVMの構築や定時バックアップのように、1つの業務目的を達成するための作業である。1つの運用作業は、運用作業者が、仮想環境管理サーバや仮想化ソフトウェアに対する、1つ以上のGUI(Graphical User Interface)操作やCLI(Command-Line Interface)コマンド入力相当の操作(以下、操作と呼ぶ)を実行することで達成される。各操作は、仮想環境管理サーバや仮想化ソフトウェア内で、1つ以上の処理イベントとして実行される。 The operation work related to virtual resources in the cloud environment is a work for achieving one business purpose, such as the above-described VM construction and scheduled backup. One operation work is an operation performed by an operator who performs one or more GUI (Graphical User Interface) operations or CLI (Command-Line Interface) command input operations (hereinafter referred to as operations and operations) on the virtual environment management server and virtualization software. To achieve this. Each operation is executed as one or more processing events in the virtual environment management server or virtualization software.
 これらの処理イベントは、その実行過程および結果が、出力時刻やデバック用メッセージ等とともに、複数行にわたってテキストデータとして出力されシステムログとして記録される。つまり、システムログには、操作に関する処理イベントのみならず、デバック用のテキストメッセージ等様々な情報が混在して記録される。 For these processing events, the execution process and result are output as text data over a plurality of lines together with the output time, debugging message, etc., and recorded as a system log. That is, the system log records not only processing events related to operations but also various information such as a text message for debugging.
 したがって、このようなシステムログを用いて運用作業を特定するには、システムログから、操作に関わる仮想化ソフトウェアや仮想環境管理サーバの内部処理単位での処理イベントを抽出する必要がある。また、抽出した処理イベントから、処理イベントのもととなる運用作業を特定する必要がある。 Therefore, in order to specify the operation work using such a system log, it is necessary to extract the processing event in the internal processing unit of the virtualization software or the virtual environment management server related to the operation from the system log. In addition, it is necessary to specify the operation work that is the source of the processing event from the extracted processing event.
 システムログから特定のキーにマッチするイベントを抽出する従来技術として、特許文献1がある。特許文献1では、ネットワークを介して接続された一つ以上の装置に対するログ監視を目的として、個々の機器が出力するシステムログデータを逐次的に中央サーバに収集し、複数の装置が出力したシステムログが混在したデータから、ログ中の特定文字列をキーにして関連する複数行のログ行をマージする。 Patent Document 1 is a conventional technique for extracting an event that matches a specific key from a system log. In Patent Document 1, for the purpose of monitoring logs for one or more devices connected via a network, system log data output by individual devices is sequentially collected in a central server and output by a plurality of devices. Merge multiple related log lines from log mixed data using a specific character string in the log as a key.
特開2012-94161号公報JP 2012-94161 A
 しかしながら、特許文献1は、特定文字列をキーに複数行をマージするだけであり、操作に関連する処理イベントを抽出することができない。また、処理イベントに関連するパラメータを特定することもできない。 However, Patent Document 1 only merges a plurality of lines using a specific character string as a key, and cannot extract a processing event related to an operation. In addition, parameters related to the processing event cannot be specified.
 本発明の課題は、操作に関連する処理イベントを抽出するとともに、処理イベントに関連するパラメータを特定することにある。 An object of the present invention is to extract a processing event related to an operation and specify a parameter related to the processing event.
 上記課題を解決するための本願発明の一側面は、入力装置、出力装置、処理装置、および記憶装置を有し、情報処理システムのリソースを用いた処理イベントにより実行される運用作業を管理する管理サーバである。このサーバでは、入力装置は、情報処理システムが生成した一つ以上のログデータを取得する。記憶装置は、処理イベントの種別と、ログデータ中の文字列であるイベント種検出キーとの対応関係を規定する、イベント検出情報と、処理イベントの種別と、ログデータ中の文字列であるリソースに関連するパラメータの抽出ルールとの対応関係を規定する、詳細パラメータ検出情報を格納する。処理装置は、ログデータとイベント種検出キーとのマッチングにより、処理イベントの存在およびその種別を特定する処理イベント把握処理と、処理イベント把握処理で特定した処理イベントの種別に対応して、抽出ルールを用い、ログデータから詳細パラメータを抽出するパラメータ抽出処理を行い、記憶装置に、処理イベントの種別に抽出した詳細パラメータを対応づけた、処理イベント管理情報を格納する。 One aspect of the present invention for solving the above-described problem is management that includes an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using resources of an information processing system It is a server. In this server, the input device acquires one or more log data generated by the information processing system. The storage device defines the correspondence between the type of processing event and the event type detection key that is a character string in the log data, the resource that is the event detection information, the type of processing event, and the character string in the log data The detailed parameter detection information that defines the correspondence relationship with the parameter extraction rule related to the is stored. The processing device uses an extraction rule corresponding to the type of the processing event identified by the processing event grasping process and the processing event grasping process specifying the existence and type of the processing event by matching the log data with the event kind detection key. Is used to perform parameter extraction processing for extracting detailed parameters from log data, and processing event management information in which the detailed parameters extracted for the types of processing events are associated with each other is stored in the storage device.
 本発明の他の一側面は、上記の管理サーバを用いた管理方法、あるいは、管理方法によって管理されるシステムである。 Another aspect of the present invention is a management method using the management server or a system managed by the management method.
 本発明の具体的な構成を例示すれば、詳細パラメータ検出情報は、抽出ルールとして、詳細パラメータの種別、詳細パラメータの種別に対応した抽出方法、詳細パラメータの種別に対応した詳細パラメータ抽出処理対象ログデータ種別、詳細パラメータの種別に対応した詳細パラメータ抽出処理コマンドを含む。パラメータ抽出処理は、処理イベント把握処理で特定した処理イベントの種別に対応する、1つ以上の詳細パラメータの種別を特定し、詳細パラメータの種別に対応する、抽出方法および詳細パラメータ抽出処理コマンドに従い、詳細パラメータの種別に対応する、詳細パラメータ抽出処理対象ログデータ種別で指定される1つ以上のログデータから、詳細パラメータを抽出する。 To illustrate a specific configuration of the present invention, the detailed parameter detection information includes, as an extraction rule, a detailed parameter type, an extraction method corresponding to the detailed parameter type, and a detailed parameter extraction processing target log corresponding to the detailed parameter type. Detailed parameter extraction processing commands corresponding to data types and detailed parameter types are included. The parameter extraction processing identifies one or more detailed parameter types corresponding to the processing event type specified in the processing event grasp processing, and corresponds to the detailed parameter type according to the extraction method and the detailed parameter extraction processing command. Detailed parameters are extracted from one or more log data specified by the detailed parameter extraction processing target log data type corresponding to the detailed parameter type.
 本発明のさらに具体的な構成を例示すれば、詳細パラメータは、リソースを一意に特定する識別子を含み、記憶装置はさらに、情報処理システムのリソースの関連性を、識別子を用いて規定する、構成情報管理情報を格納する。処理装置は、構成情報管理情報に基づいて、処理イベント管理情報のイベントの種類と詳細パラメータをグループ分けした、処理イベントグループ管理情報を、記憶装置に格納する、処理イベントグルーピング処理を行う。 To illustrate a more specific configuration of the present invention, the detailed parameter includes an identifier that uniquely identifies the resource, and the storage device further defines the relevance of the resource of the information processing system using the identifier. Stores information management information. Based on the configuration information management information, the processing device performs processing event grouping processing in which processing event group management information obtained by grouping event types and detailed parameters of processing event management information is stored in a storage device.
 本発明のさらに具体的な構成を例示すれば、記憶装置はさらに、処理イベントと運用作業とを対応付ける運用作業マッピング情報を格納し、処理装置は、運用作業マッピング情報に基づいて、処理イベントグループ管理情報の1つのグループに含まれる複数の処理イベントを、一つの運用作業に対応付ける、運用作業特定処理を行う。 To illustrate a more specific configuration of the present invention, the storage device further stores operation work mapping information for associating the processing event with the operation work, and the processing device manages the processing event group based on the operation work mapping information. An operation work specifying process is performed in which a plurality of process events included in one group of information are associated with one operation work.
 本発明のさらに具体的な構成を例示すれば、運用作業マッピング情報は、一つの運用作業に複数の処理イベントが対応付けられている場合、当該複数の処理イベントの順序性の情報を有する。 To illustrate a more specific configuration of the present invention, the operation work mapping information includes information on the order of the plurality of process events when a plurality of process events are associated with one operation work.
 本発明の他の一側面は、仮想化技術が適用された情報処理システムで実施された、少なくとも仮想マシンを含む仮想リソースに関する運用作業を管理する管理サーバである。この管理サーバは、情報処理システムが生成する1つ以上のシステムログデータに関して、情報処理システムで実行された運用作業に関する処理イベントの種別と、システムログデータ中の文字列パターンであるイベント種別文字列パターンとの対応関係と、情報処理システムで実行された運用作業に関する処理イベントの種別と、処理イベントに従属する作業対象の仮想リソースを示す、システムログ中の文字列パターンである詳細パラメータ文字列パターンとの対応関係が定義されたログフォーマット管理テーブルを備える。そして、システムログデータと、イベント種別文字列パターンとのマッチングにより、処理イベントの存在およびその種別を特定する処理イベント把握部と、システムログデータと、詳細パラメータ文字列パターンとのマッチングにより、特定した処理イベントの種別に応じて、運用作業に関する詳細パラメータを抽出するパラメータ抽出部とにより、詳細パラメータを含む運用作業に関する処理イベント情報を抽出し格納する。 Another aspect of the present invention is a management server that manages an operation related to a virtual resource including at least a virtual machine, implemented in an information processing system to which a virtualization technology is applied. This management server relates to one or more system log data generated by the information processing system, a type of processing event related to the operation work executed in the information processing system, and an event type character string that is a character string pattern in the system log data Detailed parameter character string pattern, which is a character string pattern in the system log, that indicates the correspondence with the pattern, the type of processing event related to the operation work executed in the information processing system, and the virtual resource that is the work target subordinate to the processing event A log format management table in which the correspondence relationship is defined. Then, by matching the system log data with the event type character string pattern, the processing event grasping unit for specifying the existence and type of the processing event, and the system log data and the detailed parameter character string pattern are specified. In accordance with the type of processing event, processing parameter information related to the operation work including the detailed parameters is extracted and stored by the parameter extraction unit that extracts detailed parameters related to the operation work.
 本発明によれば、操作に関連する処理イベントを抽出するとともに、処理イベントに関連するパラメータを特定することができる。 According to the present invention, it is possible to extract a processing event related to an operation and specify a parameter related to the processing event.
本発明実施例における運用作業分析システムの全体構成図である。1 is an overall configuration diagram of an operation work analysis system in an embodiment of the present invention. 本発明実施例における運用作業分析サーバの機能ブロック図である。It is a functional block diagram of the operation work analysis server in the embodiment of the present invention. 本発明実施例における運用作業検出部の機能ブロック図である。It is a functional block diagram of the operation work detection part in this invention Example. 本発明における分析処理の分析資料であるログデータの管理テーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the management table of the log data which is the analysis material of the analysis process in this invention. ログデータ管理テーブルに管理されるログデータの一例の表図である。It is a table | surface figure of an example of the log data managed by a log data management table. 分析対象であるログデータの加工処理内容を管理するテーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the table which manages the processing content of the log data which is analysis object. ログデータから取得した処理イベントを管理するテーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the table which manages the processing event acquired from log data. 処理イベントに対するグルーピング処理結果を管理するテーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the table which manages the grouping process result with respect to a process event. 処理イベントと運用作業間の対応付けを規定するマッピング情報の管理テーブル例の表図である。It is a table | surface figure of the example of a management table of the mapping information which prescribes | regulates the correspondence between a process event and an operation work. 本発明実施例で利用するクラウド構成情報管理テーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the cloud configuration information management table utilized by the Example of this invention. 処理イベントへの運用作業情報マッピング処理結果を管理するテーブルのデータモデル例の表図である。It is a table | surface figure of the example of a data model of the table which manages the operation work information mapping process result to a process event. 本発明実施例における処理全体のフローの一例の流れ図である。It is a flowchart of an example of the flow of the whole process in this invention Example. ログデータからの処理イベント抽出処理フローの一例の流れ図である。It is a flowchart of an example of a processing event extraction processing flow from log data. 処理イベントからの運用作業検出処理フローの一例の流れ図である。It is a flowchart of an example of the operation work detection process flow from a process event. 本発明実施例における運用作業分析機能のGUI画面例の平面図である。It is a top view of the example of a GUI screen of the operation work analysis function in the embodiment of the present invention. 本発明利用によるクラウドシステム運用状況把握の実施シーケンス図である。It is an implementation sequence diagram of grasping | ascertaining the operational status of the cloud system by utilization of this invention. 本発明が実行される計算機のハードウェア構成図である。It is a hardware block diagram of the computer with which this invention is performed.
 以下、実施例1について、データセンタの物理リソースを仮想化したクラウド環境に対して、運用作業者により過去に実施された仮想リソースに関する運用作業を分析・把握するケースを例にとって説明する。仮想リソースの運用作業の分析は、本実施例を具現化した運用作業分析サーバにより行われ、ログデータを基に、過去の運用作業を特定・把握する処理である。なお、実施例1で示すクラウド環境は本実施例適用箇所の一形態であり、適用先として、複数のデータセンタにまたがり構築されるクラウド環境も含む。 Hereinafter, Example 1 will be described by taking as an example a case of analyzing and grasping operation work related to virtual resources performed in the past by an operation worker in a cloud environment in which physical resources of a data center are virtualized. The analysis of the virtual resource operation work is performed by the operation work analysis server that embodies this embodiment, and is a process of identifying and grasping past operation work based on the log data. Note that the cloud environment shown in the first embodiment is one form of the application portion of the present embodiment, and includes a cloud environment constructed across a plurality of data centers as an application destination.
 図1は、第一実施例における運用作業分析システムの全体構成を示したものである。本実施例における運用作業分析システムの構成要素には、データセンタ101、データセンタ外ネットワーク102、仮想環境接続用端末103、運用作業分析サーバ104を含み、ユーザ105が運用作業を分析する。ユーザ105は運用作業分析サーバを操作して運用作業を把握することができる。 FIG. 1 shows the overall configuration of the operational work analysis system in the first embodiment. The components of the operation work analysis system in this embodiment include a data center 101, a network 102 outside the data center, a virtual environment connection terminal 103, and an operation work analysis server 104, and the user 105 analyzes the operation work. The user 105 can grasp the operation work by operating the operation work analysis server.
 本実施例が運用作業分析対象とするクラウド環境はデータセンタ101に構築されている。データセンタ101内の構成要素は、データセンタ内ネットワーク111、仮想環境管理サーバ112a-c、仮想リソース構成管理サーバ113、ネットワーク機器114、仮想化サーバ115a-d、SAN(Storage Area Network) 116、ストレージ117a-cを含む。 The cloud environment that is the operation work analysis target of this embodiment is constructed in the data center 101. The components in the data center 101 include a data center network 111, a virtual environment management server 112a-c, a virtual resource configuration management server 113, a network device 114, a virtualization server 115a-d, a SAN (Storage Area Network) 116, a storage 117a-c.
 データセンタ内ネットワーク111は、各種サーバ間の通信やデータセンタ外ネットワーク102との通信のための経路を提供している。 The data center internal network 111 provides a path for communication between various servers and communication with the network 102 outside the data center.
 SAN116は、FC(Fibre Channel)スイッチなどのSAN装置により構成され、ストレージ117a-cと仮想化サーバ115a-d間のストレージI/O(Input Output)の通信経路を提供する。 The SAN 116 is configured by a SAN device such as an FC (Fibre Channel) switch, and provides a storage I / O (Input Output) communication path between the storage 117a-c and the virtualization servers 115a-d.
 仮想化サーバ115a-dは、前述のネットワーク機器114を介して相互に接続し、また、データセンタ101の外部に接続する。また、後述のように、FCスイッチ等により実装されたSAN116を介して、ストレージ117a-cにアクセスする。仮想化サーバ115a-dは、NIC(Network Interface Card)やHBA(Host Bus Adapter)あるいはCNA(Converged Network Adapter)を搭載し、LANおよびSANにアクセスする。 The virtualization servers 115a-d are connected to each other via the network device 114 described above, and are connected to the outside of the data center 101. Further, as will be described later, the storage 117a-c is accessed via the SAN 116 implemented by an FC switch or the like. The virtualization servers 115a-d are equipped with NIC (Network Interface Card), HBA (Host Bus Adapter), or CNA (Converged Network Adapter), and access the LAN and SAN.
 仮想化サーバ115a-dは、仮想化ソフトウェアであるVMM(Virtual Machine Monitor)や、LPAR(Logical Partitioning)が搭載され、仮想化ソフトウェアにより複数の仮想マシン(VM)が生成される。各仮想マシンは、vNIC(Virtual Network Interface Card)、vHBA(Virtual Host Bus Adaptor)、vCNA(Virtual Converged Network Adapter)などの仮想的なインターフェースにより、同一仮想化サーバ上の他VMや、他仮想化サーバ、あるいはストレージ117にアクセスする。仮想化サーバ115a-dに搭載される仮想化ソフトウェアとして、VMware ESXi(登録商標)、Microsoft Hyper-V(登録商標)、Linux(登録商標) KVM(Kernel-based Virtual Machine)、Citrix Xen(登録商標)などを含む。 The virtualization servers 115a-d are equipped with virtual software VMM (Virtual Machine Monitor) and LPAR (Logical Partitioning), and a plurality of virtual machines (VMs) are generated by the virtualization software. Each virtual machine is a virtual interface on a virtual server such as vNIC (Virtual Network Interface Card), vHBA (Virtual Host Bus Adapter), vCNA (Virtual Converged Network Adapter), etc. Alternatively, the storage 117 is accessed. As virtualization software installed in the virtualization servers 115a-d, VMware ESXi (registered trademark), Microsoft Hyper-V (registered trademark), Linux (registered trademark) KVM (Kernel-based Virtual Machine), and Citrix Xen (registered trademark) ) Etc.
 ストレージ117a-cは、SAN116を介して、仮想化サーバ115a-cに外部記憶領域を提供する。ストレージ117a-cは、ストレージアクセスする物理ポートを仮想化するためのNPIV(N_Port ID Virtualization)、物理ストレージに構成された論理ボリュームであるLU(Logical Unit)を含む。ストレージ117a-cは、ストレージのポートと、LUおよびサーバを対応付けるLUN(Logical Unit Number)マスキングなどの機能を備えていてもよい。 The storage 117a-c provides an external storage area to the virtualization servers 115a-c via the SAN 116. The storages 117a-c include an NPIV (N_Port ID Virtualization) for virtualizing a physical port for storage access, and an LU (Logical Unit) that is a logical volume configured in the physical storage. The storages 117a-c may have a function such as LUN (Logical Unit Number) masking for associating storage ports with LUs and servers.
 仮想環境管理サーバ112a-cは、仮想化サーバ115a-dやストレージ117a-cなどの物理リソースや、それら物理リソースを活用して生成された仮想マシンや仮想ストレージなどの仮想リソースを管理する。仮想環境管理サーバ112a-cの機能を実現するソフトウェアの例として、VMware vCenter(登録商標)、Microsoft(登録商標) System Center Virtual Machine Manager、OpenStack(登録商標)などを含む。 The virtual environment management servers 112a-c manage physical resources such as the virtualization servers 115a-d and storages 117a-c, and virtual resources such as virtual machines and virtual storages generated using these physical resources. Examples of software that realizes the functions of the virtual environment management server 112a-c include VMware vCenter (registered trademark), Microsoft (registered trademark) System Center Virtual Machine Manager, OpenStack (registered trademark), and the like.
 仮想リソース構成管理サーバ113は、VM(Virutal Machine)やvNIC(Virtual Network Interface Card))やvDisk(Virtual Disk)などを含む、仮想リソースを対象に、仮想リソースの設定変更内容や、仮想リソース間の接続関係の更新などを、時系列的に収集・管理する機能を備えた構成管理サーバである。本実施例では、仮想リソース構成管理サーバ113はデータセンタ101内に存在するが、仮想リソース構成管理サーバ113の設置場所は問わない。仮想化ソフトウェアや仮想環境管理サーバに対して定期的に構成情報収集コマンドを発行して構成情報を収集してもよいし、あるいは仮想化ソフトウェアや仮想環境管理サーバから構成変更イベントに応じてオンデマンドで構成情報を収集してもよい。これらの収集した構成情報を時刻とともに履歴情報として管理できれば、いずれの方法を利用してもよい。 The virtual resource configuration management server 113 targets virtual resources including VMs (Virtual Machines), vNICs (Virtual Network Interface Cards), vDisks (Virtual Disks), etc. This is a configuration management server having a function for collecting and managing connection relation updates in a time series. In this embodiment, the virtual resource configuration management server 113 exists in the data center 101, but the installation location of the virtual resource configuration management server 113 is not limited. Configuration information may be collected periodically by issuing configuration information collection commands to the virtualization software or virtual environment management server, or on demand according to configuration change events from the virtualization software or virtual environment management server Configuration information may be collected at Any method may be used as long as the collected configuration information can be managed as history information together with the time.
 実施例1で取り上げるデータセンタ101上に構築されたクラウド環境は、上述の全ての機器を含む必要は無い。例えば、本実施例では、外部記憶領域として、SAN接続されたストレージ117a-cを想定したが、サーバ内蔵ディスクであってもよい。また、仮想環境管理サーバがない場合も想定される。以上が、データセンタ101内の構成要素である。 The cloud environment constructed on the data center 101 taken up in the first embodiment does not need to include all the devices described above. For example, in this embodiment, SAN-connected storages 117a-c are assumed as the external storage area, but a server built-in disk may be used. Further, a case where there is no virtual environment management server is also assumed. The above are the components in the data center 101.
 データセンタ外ネットワーク102は、データセンタ内ネットワーク111のようにデータセンタ外に設置されたL2スイッチやL3スイッチ、ファイアウォール、ルータ等により(非図示)、データセンタ外ネットワーク102に接続された端末からデータセンタ101へ接続する役割を持つ。データセンタ外ネットワーク102はインターネットなどの広域網に接続されていてもよい。また、上述のネットワーク機器の機能を用いて、データセンタ内外の接続にアクセス制御などの制限が掛けられていても良い。 The network 102 outside the data center is transmitted from a terminal connected to the network 102 outside the data center by an L2 switch, an L3 switch, a firewall, a router or the like (not shown) installed outside the data center like the network 111 inside the data center. It has a role of connecting to the center 101. The network 102 outside the data center may be connected to a wide area network such as the Internet. In addition, by using the function of the network device described above, a connection such as access control may be restricted for connections inside and outside the data center.
 仮想環境接続用端末103は、仮想環境管理サーバ112a-cへアクセスしてクラウド環境の運用作業を実施したり、仮想化ソフトウェアや仮想環境管理サーバが出力したログデータを収集したりする。 The virtual environment connection terminal 103 accesses the virtual environment management servers 112a-c to perform cloud environment operation, and collects log data output by the virtualization software and the virtual environment management server.
 運用作業分析サーバ104は、クラウド環境に分散して保持されるログデータを収集して、ログデータを分析し、運用作業を可視化する。運用作業分析サーバ104は、運用作業可視化部121、ログデータ分析部122、クラウド構成情報管理部123、ログデータ管理部124を備える。これら機能部の説明は図2で行う。なお、図1では、運用作業分析サーバ104は仮想環境接続用端末103に直接接続されているが、データセンタ外ネットワーク102またはデータセンタ内ネットワーク111に接続し、クラウド環境に分散して保持されるログデータを収集するように構成してもよい。 The operation work analysis server 104 collects log data distributed and held in the cloud environment, analyzes the log data, and visualizes the operation work. The operation work analysis server 104 includes an operation work visualization unit 121, a log data analysis unit 122, a cloud configuration information management unit 123, and a log data management unit 124. These functional units will be described with reference to FIG. In FIG. 1, the operation work analysis server 104 is directly connected to the virtual environment connection terminal 103. However, the operation work analysis server 104 is connected to the network 102 outside the data center or the network 111 inside the data center and is distributed and held in the cloud environment. You may comprise so that log data may be collected.
 以上が、データセンタ101外の構成要素の例である。 The above is an example of components outside the data center 101.
 図2は、運用作業分析サーバ104の構成例である。図2において、運用作業分析サーバ104は、構成要素として、運用作業可視化部121、ログデータ分析部122、クラウド構成情報管理部123、ログデータ管理部124、運用作業傾向分析部125、ログデータ管理テーブル211、クラウド構成情報管理テーブル212、運用作業管理テーブル213、傾向分析部214を有する。 FIG. 2 is a configuration example of the operation work analysis server 104. In FIG. 2, the operation work analysis server 104 includes, as components, an operation work visualization unit 121, a log data analysis unit 122, a cloud configuration information management unit 123, a log data management unit 124, an operation work trend analysis unit 125, and log data management. A table 211, a cloud configuration information management table 212, an operation work management table 213, and a trend analysis unit 214.
 運用作業分析サーバ104は、運用作業可視化部121を介してユーザ105からの運用分析開始要求を受ける。これを受け、運用作業可視化部121はログデータ管理部124による分析対象のログデータ取得を実行する。また、取得したログデータと、クラウド構成情報管理部123が管理する情報に対するログデータ分析部122の分析処理も実行する。分析結果は運用作業管理テーブル213に格納され、分析終了後は運用作業管理テーブル213の情報を運用作業可視化部121がユーザ105に提示する。また、各ログデータに対する運用作業分析の結果は、傾向分析部214に蓄えられ、各運用作業の頻度分析などの集計を行う。 The operation work analysis server 104 receives an operation analysis start request from the user 105 via the operation work visualization unit 121. In response to this, the operation work visualization unit 121 executes the acquisition of log data to be analyzed by the log data management unit 124. The log data analysis unit 122 also performs analysis processing on the acquired log data and information managed by the cloud configuration information management unit 123. The analysis result is stored in the operation work management table 213. After the analysis is completed, the operation work visualization unit 121 presents the information of the operation work management table 213 to the user 105. In addition, the results of the operation work analysis for each log data are stored in the trend analysis unit 214, and totalization such as frequency analysis of each operation work is performed.
 図2、図3では説明のために、機能を一つのブロックとして実施例の構成を表している。運用作業分析サーバ104など、実施例中でサーバと呼称される構成は、一般のコンピュータと同様に、入力装置、出力装置、処理装置(プロセッサまたはCPU)、記憶装置_(メモリ)を備えている。このような実施例の物理的な構成は、後に図16で説明する。本実施例では計算、処理、制御等の機能は、記憶装置に格納されたプログラムがプロセッサによって実行されることで、定められた処理を必要に応じて他のハードウェアと協働して実現する。実行するプログラムまたはその機能を実現する構成を、明細書や図面中では「機能」、「手段」、「部」、「モジュール」「ユニット」等と呼ぶ場合がある。 2 and 3 show the configuration of the embodiment with the function as one block for the sake of explanation. The configuration referred to as a server in the embodiment, such as the operation work analysis server 104, includes an input device, an output device, a processing device (processor or CPU), and a storage device_ (memory) as in a general computer. . The physical configuration of such an embodiment will be described later with reference to FIG. In the present embodiment, functions such as calculation, processing, and control are realized by a program stored in the storage device being executed by the processor, and in cooperation with other hardware as necessary. . A program to be executed or a configuration for realizing the function may be referred to as “function”, “means”, “unit”, “module”, “unit”, or the like in the specification and drawings.
 また以後の説明では「~テーブル」、「~リスト」、「~DB(Database)」、「~キュー」等の表現にて実施例の情報を説明することがあるが、これら情報はテーブル、リスト、DB、キュー、等のデータ構造以外で表現されてデータ相互の関係を定義していてもよい。そのため、データ構造に依存しないことを示すために「~テーブル」、「~リスト」、「~DB」、「~キュー」等について「~情報」と呼ぶことがある。また、データ相互の関係が保たれている限り、一つのテーブル等を分割してもよいし、複数のテーブル等を統合してもよい。 In the following description, the information of the embodiment may be described by expressions such as “˜table”, “˜list”, “˜DB (Database)”, “˜queue”, and the like. , DB, queue, etc. may be expressed other than the data structure to define the relationship between the data. Therefore, “˜table”, “˜list”, “˜DB”, “˜queue”, etc. may be referred to as “˜information” in order to show that they do not depend on the data structure. Moreover, as long as the relationship between the data is maintained, one table or the like may be divided, or a plurality of tables or the like may be integrated.
 なお、各情報の内容を説明する際に、「識別情報」、「識別子」、「名」、「名前」、「ID(IDentification)」という表現を用いるが、「識別情報」、「識別子」、「ID」は、任意の情報に固有かつ不変な識別符号であるが、「名」、「名称」は可変な識別符号である。また、「識別情報」、「識別子」、「ID」はお互いに置換が可能である。「名」、「名称」についてもお互いに置換が可能である。移行の説明における「ID」と「名」の差異を示す具体名例として、VM名とVM IDが挙げられる。VM名は、対象のVMを管理する運用者が、VMの用途などを考慮して自由に変更可能であり、同一クラウド環境での重複が許される場合がある。一方、VM IDは、同一クラウド環境で一意に対象を特定する為の情報である為、固有かつ不変である。 In describing the contents of each information, the expressions “identification information”, “identifier”, “name”, “name”, “ID (IDentification)” are used, but “identification information”, “identifier”, “ID” is an identification code that is unique and invariant to arbitrary information, but “name” and “name” are variable identification codes. In addition, “identification information”, “identifier”, and “ID” can be replaced with each other. “Name” and “name” can be replaced with each other. A VM name and a VM ID are given as specific name examples indicating the difference between “ID” and “name” in the description of migration. The VM name can be freely changed by an operator who manages the target VM in consideration of the usage of the VM, and duplication in the same cloud environment may be permitted. On the other hand, the VM ID is information for uniquely identifying a target in the same cloud environment, and is therefore unique and unchanging.
 運用作業分析サーバ104の各構成要素についての説明は以下のとおりである。 The description of each component of the operation work analysis server 104 is as follows.
 運用作業可視化部121は、上述のように、運用作業分析サーバ104とユーザ105のインターフェースの役割を果たす機能部である。運用作業可視化部121は、ユーザ105からの運用作業分析要求として、ログデータの収集要求、または、ログデータの入力を受ける。運用作業可視化部121はこの情報をログデータ管理部124に渡し、ログデータ管理部124によるログ取得・管理を開始する。ログデータの取得が終わると、運用作業可視化部はログデータ分析部122の処理実行を開始する。ログデータ分析部122による分析が完了すると、運用作業分析結果をユーザ105に提示する。このように、ユーザ105は、データ取得要求部223に他端末からのログデータ収集要求やユーザ保持ログデータの入力を行い、また、運用作業フロー表示部225により運用作業フローを可視化して提示される。 The operation work visualization unit 121 is a functional unit that serves as an interface between the operation work analysis server 104 and the user 105 as described above. The operation work visualization unit 121 receives a log data collection request or log data input as an operation work analysis request from the user 105. The operation work visualization unit 121 passes this information to the log data management unit 124 and starts log acquisition / management by the log data management unit 124. When the acquisition of the log data is finished, the operation work visualization unit starts processing execution of the log data analysis unit 122. When the analysis by the log data analysis unit 122 is completed, the operation work analysis result is presented to the user 105. As described above, the user 105 inputs a log data collection request from another terminal and user-retained log data to the data acquisition request unit 223, and the operation work flow is visualized and presented by the operation work flow display unit 225. The
 ログデータ分析部122は、分析対象となるログデータに対する種々の分析を実施する機能部である。運用作業可視化部121からの分析開始要求を受けると、ログデータ管理部124からのログデータ参照、クラウド構成情報管理部123からのクラウド構成情報参照を実施する。次に、参照した情報を基に、ログデータからの処理イベント抽出や、抽出結果からの運用作業の検出・特定を行う。特定した運用作業の情報を運用作業管理テーブル213に格納する。 The log data analysis unit 122 is a functional unit that performs various analyzes on log data to be analyzed. When an analysis start request is received from the operation work visualization unit 121, the log data reference from the log data management unit 124 and the cloud configuration information reference from the cloud configuration information management unit 123 are performed. Next, based on the referenced information, processing event extraction from log data and operation work detection / specification from the extraction result are performed. Information on the identified operation work is stored in the operation work management table 213.
 クラウド構成情報管理部123は、分析対象のクラウド環境を有するデータセンタ101にある仮想リソース構成管理サーバ113から、仮想リソースの設定や、仮想リソース間の接続関係の変更を収集し、任意の時刻のクラウドの構成情報を管理する。 The cloud configuration information management unit 123 collects virtual resource settings and changes in connection relations between virtual resources from the virtual resource configuration management server 113 in the data center 101 having the cloud environment to be analyzed, at any time. Manage cloud configuration information.
 管理する構成情報は、ログデータ分析部122から参照されログデータから運用作業を特定する処理で利用される。クラウド構成情報管理部123は、仮想リソース構成管理サーバ113による構成情報変更処理に連動して更新してもよい。あるいはデータ取得要求部223からのデータ取得要求において、明示的に構成情報を更新してもよい。クラウド構成情報が最新のものになるように管理されれば、いずれの方法を用いてもかまわない。 The configuration information to be managed is referred to by the log data analysis unit 122 and used in the process of specifying the operation work from the log data. The cloud configuration information management unit 123 may update in conjunction with the configuration information change process by the virtual resource configuration management server 113. Alternatively, the configuration information may be explicitly updated in the data acquisition request from the data acquisition request unit 223. Any method can be used as long as the cloud configuration information is managed to be the latest.
 ログデータ管理部124は、運用作業の特定に用いるログデータの収集及び管理を行う。 The log data management unit 124 collects and manages log data used for specifying operation work.
 ログデータ管理テーブル211は、運用作業分析処理に利用するログデータの収集及び管理を行う。外部ネットワークを経由して取得した、または、ユーザ105が入力した分析対象ログデータに関して、ログデータの種類やログデータへのファイルパスなどを保持する。ログデータ管理テーブル211は図4A,図4Bにおいて説明する。 The log data management table 211 collects and manages log data used for operation work analysis processing. Regarding the analysis target log data acquired via the external network or input by the user 105, the log data type, the file path to the log data, and the like are stored. The log data management table 211 will be described with reference to FIGS. 4A and 4B.
 クラウド構成情報管理テーブル212は、クラウド構成情報管理部123が収集する仮想リソースの設定情報や接続関係を保持するテーブルである。クラウド構成情報管理テーブル212は図9で説明する。 The cloud configuration information management table 212 is a table that holds virtual resource setting information and connection relationships collected by the cloud configuration information management unit 123. The cloud configuration information management table 212 will be described with reference to FIG.
 運用作業管理テーブル213は、ログデータ分析部によって検出・特定された運用作業情報を格納する。運用作業管理テーブル213に格納された情報は、運用作業分析が完了した後に、運用作業可視化部121により参照され、可視化される。運用作業管理テーブル213については図10において説明する。 The operation work management table 213 stores operation work information detected and specified by the log data analysis unit. The information stored in the operation work management table 213 is referenced and visualized by the operation work visualization unit 121 after the operation work analysis is completed. The operation work management table 213 will be described with reference to FIG.
 傾向分析部214は、運用作業分析サーバ104が実施した運用作業分析結果を蓄積し、分析結果に対する集計処理や傾向分析処理などを実施する。集計処理や傾向分析は、例えば、ユーザ毎、運用作業ごとなど、設定した項目に従い数を集計したり、2つ以上の運用作業が連続して実施された場合を集計し、関連性の強い運用作業の組を推定したりする処理などである。 The trend analysis unit 214 accumulates the operation work analysis results performed by the operation work analysis server 104, and performs aggregation processing and trend analysis processing on the analysis results. Aggregation processing and trend analysis, for example, counts the number according to the set items, such as for each user and each operation work, or totals the cases when two or more operation work is performed continuously, and is highly relevant operation For example, a process for estimating a set of tasks.
 (運用作業可視化部121)
 運用作業可視化部121は、設定情報編集部221、傾向分析表示部222、データ取得要求部223、分析開始要求部224、運用作業フロー表示部225を含む。運用作業分析処理は、データ取得要求部223がユーザ105から分析対象ログデータの指定を受け取りログデータの取得を開始し、ログデータ取得後に分析開始要求部224がログデータ分析部122の分析処理を実行する。また、分析処理の終了後、運用作業フロー表示部225が分析結果を表示する。設定情報編集部221、傾向分析表示部222は運用分析処理の実行には直接関与しない。 (Operation Work Visualization Unit 121)
The operation work visualization unit 121 includes a setting information editing unit 221, a trend analysis display unit 222, a data acquisition request unit 223, an analysis start request unit 224, and an operation work flow display unit 225. In the operation work analysis process, the data acquisition request unit 223 receives the specification of the analysis target log data from the user 105 and starts acquiring the log data. After the log data acquisition, the analysis start request unit 224 performs the analysis process of the log data analysis unit 122. Execute. Further, after the analysis process is completed, the operation work flow display unit 225 displays the analysis result. The setting information editing unit 221 and the trend analysis display unit 222 are not directly involved in the execution of the operation analysis process.
 設定情報編集部221は、ログデータの分析に必要な設定情報(ログフォーマット管理テーブル243、運用作業マッピングテーブル237のインタラクティブな編集を可能とするユーザインタフェースを提供する(図14の設定情報入力部1413に運用作業マッピングテーブル237の編集画面の例を記載する)。 The setting information editing unit 221 provides a user interface that enables interactive editing of the setting information (log format management table 243 and operation work mapping table 237 required for analysis of log data (setting information input unit 1413 in FIG. 14). Shows an example of the edit screen of the operation work mapping table 237).
 分析開始要求部224は、ログデータに対する分析処理をログデータ分析部122に要求する。 The analysis start request unit 224 requests the log data analysis unit 122 to analyze the log data.
 データ取得要求部223は、ユーザ105からのログデータ分析要求を受け、分析に必要な各データの収集要求を発行する。ログデータ管理部に対して、ユーザが保持するログデータがユーザインタフェースに入力された際には、ログデータ受付部232にこのログデータを入力し、ログデータが入力されなかった際には、ユーザからの入力情報(ログデータを持つリモートサーバへのアクセス情報など)を含むログデータ取得要求をログデータ収集部231に発行する。また、クラウド構成情報管理部123に対しては、クラウド構成情報の収集要求を発行する。 The data acquisition request unit 223 receives a log data analysis request from the user 105 and issues a collection request for each data necessary for the analysis. When the log data held by the user is input to the log data management unit, the log data is input to the log data receiving unit 232, and when the log data is not input, the user A log data acquisition request including input information (such as access information to a remote server having log data) is issued to the log data collection unit 231. Also, a cloud configuration information collection request is issued to the cloud configuration information management unit 123.
 傾向分析表示部222は、傾向分析部214による分析結果を表示する機能である。表示例は図14の1412である。 The trend analysis display unit 222 is a function for displaying the analysis result by the trend analysis unit 214. A display example is 1412 in FIG.
 運用作業フロー表示部225は、ログデータ分析部122による分析結果が格納される運用作業管理テーブル213を参照し、得られた分析結果を表示する機能を提供する。 The operation work flow display unit 225 provides a function of displaying the obtained analysis result with reference to the operation work management table 213 in which the analysis result by the log data analysis unit 122 is stored.
 (ログデータ管理部124)
 ログデータ管理部124は、運用作業分析処理に利用するログデータの収集及び管理を行う。ログデータ管理部124は、ログデータ収集部231とログデータ受付部232を有する。データ取得要求部223からの要求内容に応じて、ログデータ収集部231による運用作業分析サーバ外からのログデータ収集か、ログデータ受付部232によるユーザ105が入力したログデータの受付を行う。 (Log data management unit 124)
The log data management unit 124 collects and manages log data used for operation work analysis processing. The log data management unit 124 includes a log data collection unit 231 and a log data reception unit 232. Depending on the request content from the data acquisition request unit 223, the log data collection unit 231 collects log data from outside the operation work analysis server, or the log data reception unit 232 accepts log data input by the user 105.
 ログデータ受付部232はユーザ105が運用作業可視化部121を介して入力した分析対象のログデータを受け付ける。受け付けたログデータはログデータ管理テーブル211に格納される。 The log data receiving unit 232 receives the log data to be analyzed input by the user 105 via the operation work visualization unit 121. The received log data is stored in the log data management table 211.
 ログデータ収集部231は、データ取得要求部223において、ユーザから入力された分析対象(リモートサーバへのアクセス情報や取得対象のログファイル指定(非図示))に基づき、仮想環境接続用端末103などの運用作業分析サーバ外に存在するログデータの収集や、クラウド環境に対する直接的なログデータ収集を行う。収集したログデータはログデータ管理テーブル211に格納される。 The log data collection unit 231 uses the data acquisition request unit 223 based on the analysis target (access information to the remote server or designation of the log file to be acquired (not shown)) input by the user, etc. Collect log data that exists outside the operational work analysis server and log data directly to the cloud environment. The collected log data is stored in the log data management table 211.
 (ログデータ分析部122)
 ログデータ分析部122は、処理イベント抽出部233、運用作業検出部234、運用作業マッピングテーブル管理部235、処理イベント管理テーブル236、運用作業マッピングテーブル237を有する。 (Log data analysis unit 122)
The log data analysis unit 122 includes a processing event extraction unit 233, an operation work detection unit 234, an operation work mapping table management unit 235, a processing event management table 236, and an operation work mapping table 237.
 ログデータ分析部122では、処理イベント抽出部233が、ログデータ管理部124からの分析対象ログデータの参照や、ログデータからの処理イベント抽出、抽出処理イベントの処理イベント管理テーブル236へ格納する。格納された処理イベントを参照し、運用作業マッピングテーブル管理部235が管理する運用作業マッピングテーブル237の情報に従って、運用作業検出部234が運用作業を特定する。また、運用作業検出部234は、運用作業と処理イベントの対応関係を特定すると、特定結果を順じ運用作業管理テーブル213に格納する。 In the log data analysis unit 122, the process event extraction unit 233 stores the analysis target log data from the log data management unit 124, the process event extraction from the log data, and the process event management table 236 of the extraction process event. With reference to the stored processing event, the operation work detection unit 234 identifies the operation work according to the information of the operation work mapping table 237 managed by the operation work mapping table management unit 235. When the operation work detection unit 234 specifies the correspondence between the operation work and the processing event, the operation work detection unit 234 sequentially stores the specified results in the operation work management table 213.
 処理イベント抽出部233は、分析対象のログデータから、処理イベントと処理イベントに付随するパラメータを抽出する。抽出処理イベントとは仮想リソースの運用作業者による運用操作に応じて、仮想環境管理サーバ112、若しくは、仮想化サーバ115による内部処理単位である。運用作業者の1つの運用操作により1つ以上の処理イベントが処理され、処理結果はテキスト形式でログデータに出力される。処理イベントに付随するパラメータには、例えば、処理イベントの処理対象である仮想リソースの識別子(VMやvDiskの識別子など)を含む。 Processing event extraction unit 233 extracts processing events and parameters associated with the processing events from the log data to be analyzed. The extraction processing event is an internal processing unit by the virtual environment management server 112 or the virtualization server 115 in accordance with an operation operation by the virtual resource operator. One or more processing events are processed by one operation operation of the operation worker, and the processing result is output to the log data in a text format. The parameter associated with the processing event includes, for example, an identifier of a virtual resource that is a processing target of the processing event (such as an identifier of VM or vDisk).
 運用作業検出部234は、処理イベント抽出部233により抽出した処理イベントから運用作業を特定し、特定した運用作業情報を、運用作業管理テーブル213に保持する。 The operation work detection unit 234 specifies an operation work from the processing event extracted by the processing event extraction unit 233, and holds the specified operation work information in the operation work management table 213.
 運用作業マッピングテーブル管理部235は、運用作業マッピングテーブル237が保持する運用作業と処理イベントのマッピングする情報の参照・編集を行う。運用作業マッピングテーブル237が保持する運用作業と処理イベントのマッピング情報は、ユーザ105による情報追記や新規作成などの編集作業が可能である。本実施例では、設定情報編集部221がユーザ105とのインターフェースを果たし、GUI画面(設定情報入力部1413)への入力内容が運用作業マッピングテーブル管理部235に渡されて運用作業マッピングテーブル237が編集される。別の実施形態として、GUIを利用せず、ユーザ105が運用作業分析サーバ104以外の環境で作成したテクストファイルなどを読み込み、運用作業マッピングテーブル237の編集や新規作成などが実施可能であってもよい。 The operation work mapping table management unit 235 refers to and edits information for mapping the operation work and the processing event held in the operation work mapping table 237. The operation work and processing event mapping information held in the operation work mapping table 237 can be edited by the user 105 such as information addition or new creation. In this embodiment, the setting information editing unit 221 serves as an interface with the user 105, and the input content to the GUI screen (setting information input unit 1413) is passed to the operation work mapping table management unit 235, and the operation work mapping table 237 is stored. Edited. As another embodiment, even if the user 105 can read a text file or the like created in an environment other than the operation work analysis server 104 without using the GUI, and can edit or newly create the operation work mapping table 237. Good.
 処理イベント管理テーブル236は、処理イベント抽出部233により抽出した処理イベントと処理イベントに付随するパラメータを保持し、運用作業検出部234により参照される。処理イベント管理テーブル236の構成については、図6で説明する。 The processing event management table 236 holds the processing event extracted by the processing event extraction unit 233 and parameters associated with the processing event, and is referred to by the operation work detection unit 234. The configuration of the processing event management table 236 will be described with reference to FIG.
 運用作業マッピングテーブル237は、処理イベント列と運用作業の対応づけ情報を保持し、運用作業検出部234により参照される。運用作業マッピングテーブル237の構成については、図8で説明する。 The operation work mapping table 237 holds processing event sequences and operation work correspondence information, and is referred to by the operation work detection unit 234. The configuration of the operation work mapping table 237 will be described with reference to FIG.
 (処理イベント抽出部233)
 処理イベント抽出部233は、処理イベント把握部241、パラメータ抽出部242、ログフォーマット管理テーブル243を有する。処理イベント抽出部233は、分析対象ログデータのフォーマットに合わせた分析処理情報をログフォーマット管理テーブル243から参照する。この情報を基に、処理イベント把握部241が分析対象ログデータからの処理イベント把握し、パラメータ抽出部242が把握した各処理イベントのパラメータを抽出する。 (Processing event extraction unit 233)
The processing event extraction unit 233 includes a processing event grasping unit 241, a parameter extraction unit 242, and a log format management table 243. The processing event extraction unit 233 refers to the analysis processing information matched with the format of the analysis target log data from the log format management table 243. Based on this information, the processing event grasping unit 241 grasps the processing event from the analysis target log data, and the parameter extracting unit 242 extracts the parameters of each processing event.
 処理イベント把握部241は、分析対象のログデータから、運用作業に関係のある処理イベントを検出する。 The processing event grasping unit 241 detects a processing event related to the operation work from the log data to be analyzed.
 パラメータ抽出部242は、処理イベント把握部241が検出した処理イベント毎に、処理イベントに付随するパラメータを抽出する。 The parameter extraction unit 242 extracts parameters associated with the processing event for each processing event detected by the processing event grasping unit 241.
 ログフォーマット管理テーブル243は、処理イベント把握部241とパラメータ抽出部242で実行されるログデータに対する処理内容を管理する。ログフォーマット管理テーブル243については図5で説明する。 The log format management table 243 manages processing contents for log data executed by the processing event grasping unit 241 and the parameter extracting unit 242. The log format management table 243 will be described with reference to FIG.
 処理イベント抽出部233の詳細処理については図12で説明する。 Detailed processing of the processing event extraction unit 233 will be described with reference to FIG.
 (運用作業検出部234)
 運用作業検出部234は、処理イベントグルーピング部251、運用作業特定部252、処理イベントグループ管理テーブル253を有する。運用作業検出部234は、処理イベント管理テーブル236に格納された処理イベントのデータ集合に対して、処理イベントグルーピング部によるグルーピング処理を行い、グループ化した処理イベント列を処理イベントグループ管理テーブル253に格納する。運用作業特定部252は、各グループ化処理イベント列に対して、処理イベントの部分列と運用作業のマッピング処理を行う。 (Operation work detection unit 234)
The operation work detection unit 234 includes a process event grouping unit 251, an operation work specifying unit 252, and a process event group management table 253. The operation work detection unit 234 performs grouping processing by the processing event grouping unit on the processing event data set stored in the processing event management table 236, and stores the grouped processing event sequence in the processing event group management table 253. To do. The operation work specifying unit 252 performs a mapping process between a process event partial sequence and an operation work for each grouping process event sequence.
 処理イベントグルーピング部251は、処理イベント管理テーブル236に格納されている処理イベントのデータ集合とクラウド構成情報管理部123に格納されているクラウド構成情報を参照する。クラウド構成情報から、VMやシステムの識別子情報を取得し、この識別子情報を基に処理イベントのデータ集合をグルーピングする。そして、グルーピング結果を処理イベントグループ管理テーブル253に格納する。 The processing event grouping unit 251 refers to the data set of processing events stored in the processing event management table 236 and the cloud configuration information stored in the cloud configuration information management unit 123. The VM and system identifier information is acquired from the cloud configuration information, and the processing event data set is grouped based on the identifier information. The grouping result is stored in the processing event group management table 253.
 運用作業特定部252は、始めに運用作業マッピングテーブル237を参照する。処理イベントグルーピング部251によりグループ化された処理イベント列ごとに、参照した運用作業マッピング情報を基に処理イベントの部分列と運用作業のマッピング箇所を検出する。検出したマッピング情報は運用作業管理テーブル213に格納する。 The operation work specifying unit 252 first refers to the operation work mapping table 237. For each processing event sequence grouped by the processing event grouping unit 251, the processing event subsequence and the operation work mapping location are detected based on the referenced operation work mapping information. The detected mapping information is stored in the operation work management table 213.
 処理イベントグループ管理テーブル253は、処理イベントグルーピング部251によりグループ化された処理イベント列に対して、各グループを識別する情報を付加して処理イベントグループを管理する。運用作業検出部234のより詳細な説明は図3にて行う。 The processing event group management table 253 manages the processing event group by adding information for identifying each group to the processing event sequence grouped by the processing event grouping unit 251. A more detailed description of the operation work detection unit 234 will be given with reference to FIG.
 (運用作業検出部234)
 図3に運用作業検出部234の構成を示す。運用作業検出部234は、処理イベントグルーピング部251、運用作業特定部252、処理イベントグループ管理テーブル253、を有する。また、運用作業検出部234は、一時的な情報として、各VM構成情報テーブル311a-cを含む。 (Operation work detection unit 234)
FIG. 3 shows the configuration of the operation work detection unit 234. The operation work detection unit 234 includes a process event grouping unit 251, an operation work specifying unit 252, and a process event group management table 253. Further, the operation work detection unit 234 includes VM configuration information tables 311a-c as temporary information.
 (処理イベントグルーピング部251)
 処理イベントグルーピング部251は、クラウド内VM構成情報参照部321、VM関連機器ID取得部322、処理イベントグループ抽出部323を有する。 (Processing event grouping unit 251)
The processing event grouping unit 251 includes an in-cloud VM configuration information reference unit 321, a VM related device ID acquisition unit 322, and a processing event group extraction unit 323.
 処理イベントグルーピング部251は、クラウド内VM構成情報参照部321により、クラウド構成情報管理テーブル212をVMごとに参照する。VM関連機器ID取得部322が、参照したVM単位の構成情報から任意のVMとVMに接続された機器の識別子情報を取得し、取得した識別子をキー情報に処理イベント管理テーブル236を参照し、参照結果をグループ化して処理イベントグループ管理テーブル253に格納する。 The processing event grouping unit 251 uses the in-cloud VM configuration information reference unit 321 to refer to the cloud configuration information management table 212 for each VM. The VM related device ID acquisition unit 322 acquires identifier information of an arbitrary VM and a device connected to the VM from the configuration information of the referenced VM unit, refers to the processing event management table 236 using the acquired identifier as key information, The reference results are grouped and stored in the processing event group management table 253.
 クラウド内VM構成情報参照部321は、クラウド構成情報管理テーブル212のテーブル情報をVM毎に参照する。処理イベントグルーピング部251は、処理イベントをVM毎にグルーピングする為に、各VMの構成情報テーブル311a-cに管理されているVM IDとVMに関連する機器IDを利用する。各VM構成情報テーブル311a-cは、図9のクラウド構成管理テーブルが有する情報について、VM ID911の値が共通する行データを同一VMの構成情報テーブル311a-cとして取得したものである。 The in-cloud VM configuration information reference unit 321 refers to the table information of the cloud configuration information management table 212 for each VM. The processing event grouping unit 251 uses the VM ID and the device ID related to the VM managed in the configuration information tables 311a-c of each VM in order to group the processing events for each VM. Each VM configuration information table 311a-c is obtained by acquiring row data having the same VM ID 911 value as the configuration information table 311a-c of the same VM with respect to the information included in the cloud configuration management table of FIG.
 VM関連機器ID取得部322は、各VM構成情報テーブル311a-cから処理イベントグループ抽出部323の処理で必要な情報(VMや関連機器の識別子情報や、構成情報変更時刻など)を抽出し、処理イベントグループ抽出部323に入力する。 The VM related device ID acquisition unit 322 extracts information (VM and related device identifier information, configuration information change time, etc.) necessary for processing by the processing event group extraction unit 323 from each VM configuration information table 311a-c, The data is input to the processing event group extraction unit 323.
 処理イベントグループ抽出部323は、VM関連機器ID取得部322から入力された情報をキー情報として、処理イベント管理テーブル236から参照する。参照結果には、VMに対する処理イベントのほか、関連機器に対する処理イベントも含まれている。上記の参照結果は、グループ識別子としてVM識別子を新たに付加して、処理イベントグループ管理テーブル253に格納する。 The processing event group extraction unit 323 refers to the processing event management table 236 using the information input from the VM related device ID acquisition unit 322 as key information. The reference result includes a processing event for a related device in addition to a processing event for a VM. The above reference result is stored in the processing event group management table 253 by newly adding a VM identifier as a group identifier.
 (運用作業特定部252)
 運用作業特定部252は運用作業マッピングテーブル参照部331、処理イベントグループ参照部332、運用作業マッピング処理部333を有する。 (Operation work specifying unit 252)
The operation work specifying unit 252 includes an operation work mapping table reference unit 331, a processing event group reference unit 332, and an operation work mapping processing unit 333.
 運用作業特定部252は、運用作業マッピングテーブル参照部331が運用作業マッピングテーブル237を参照する。次に、処理イベントグループ参照部332が処理イベントグループ管理テーブル253から各処理イベントグループを参照する。運用作業マッピング処理部333は、参照した処理イベントグループの処理イベント列から、運用作業マッピングテーブルに定義された運用作業と処理イベント列のマッピング情報に合致する処理イベント部分列を検出し、検出結果を運用作業管理テーブル213に格納する。 In the operation work specifying unit 252, the operation work mapping table reference unit 331 refers to the operation work mapping table 237. Next, the processing event group reference unit 332 refers to each processing event group from the processing event group management table 253. The operation work mapping processing unit 333 detects a process event subsequence that matches the mapping information of the operation work and the process event sequence defined in the operation work mapping table from the process event sequence of the referenced process event group, and displays the detection result. Stored in the operation work management table 213.
 運用作業マッピングテーブル参照部331は運用作業マッピングテーブル237を参照する。 The operation work mapping table reference unit 331 refers to the operation work mapping table 237.
 処理イベントグループ参照部332は、処理イベントグループ管理テーブル253に格納された処理イベントから、グループID711の値が共通する行データを1つの処理イベントグループとし、処理イベントグループ毎に参照する。 The processing event group reference unit 332 sets the row data having the same group ID 711 as one processing event group from the processing events stored in the processing event group management table 253, and refers to each processing event group.
 運用作業マッピング処理部333は、処理イベントグループ参照部332が参照した各処理イベントグループと、運用作業マッピングテーブル237を基に作業マッピング処理を実施する。 The operation work mapping processing unit 333 performs work mapping processing based on each processing event group referred to by the processing event group reference unit 332 and the operation work mapping table 237.
 処理イベントグループ管理テーブル253は、処理イベントグルーピング部251によりグループ化された処理イベント列に対して、各グループを識別する情報を付加して処理イベントグループを管理する。処理イベントグループ管理テーブル253の詳細については図7で説明する。運用作業検出部234の処理フローの詳細は図13で説明する。 The processing event group management table 253 manages the processing event group by adding information for identifying each group to the processing event sequence grouped by the processing event grouping unit 251. Details of the processing event group management table 253 will be described with reference to FIG. Details of the processing flow of the operation work detection unit 234 will be described with reference to FIG.
 (ログデータ管理テーブル211)
 図4Aはログデータ管理テーブル211の構成例を示す。ログデータ管理テーブル211は、運用作業分析に用いられる個々のログデータ(本実施例ではファイルとして管理されるものとする)について、ログデータ種別411、ログデータ取得ID412、取得日時413、ログデータ参照情報414を管理する。また、各行データ431、432、433はそれぞれ1つのログデータファイルを管理する。 (Log data management table 211)
FIG. 4A shows a configuration example of the log data management table 211. The log data management table 211 is a log data type 411, a log data acquisition ID 412, an acquisition date and time 413, and log data reference for individual log data (used as a file in this embodiment) used for operational work analysis. Information 414 is managed. Each row data 431, 432, 433 manages one log data file.
 ログデータ種別411は、各ログデータファイルのクラウド環境種421、ログファイル種422を有する。ログデータの書式は、クラウド環境を実現する為の仮想化ソフトウェアや仮想環境管理サーバ、システムログやイベントログなどのログ規格毎に異なっており、ログデータを利用した運用作業分析処理には、ログファイル毎に適切な処理を選択的に実施する必要がある。 The log data type 411 includes a cloud environment type 421 and a log file type 422 for each log data file. The format of log data differs depending on the log standard such as virtualization software, virtual environment management server, system log, event log, etc. to realize cloud environment. It is necessary to selectively perform appropriate processing for each file.
 クラウド環境種421、ログファイル種422の情報は、分析に用いるログ種別にログフォーマット管理テーブル243を選択するために用いる。 Information on the cloud environment type 421 and the log file type 422 is used to select the log format management table 243 as the log type used for analysis.
 ログデータ取得ID412は、ログデータ管理テーブル211のログデータ間の関連性を識別する為の情報である。本実施例の適用による1回の運用作業分析では、単一のクラウド環境に対する運用作業分析であっても、複数種類のログデータを用いる場合があり、ログデータ取得ID412はこれらを関連付ける。ログデータ収集部231、若しくは、ログデータ受付部232が1回のログデータ取得で得た複数種類のログデータファイルは、同じログデータ取得ID412をキー情報として保持する。 The log data acquisition ID 412 is information for identifying the relationship between log data in the log data management table 211. In one operation work analysis according to the application of the present embodiment, a plurality of types of log data may be used even in the operation work analysis for a single cloud environment, and the log data acquisition ID 412 associates them. The log data collection unit 231 or the log data reception unit 232 holds the same log data acquisition ID 412 as key information for a plurality of types of log data files obtained by one log data acquisition.
 取得日時413は各ログデータファイルの取得日時を示す。ログデータ参照情報414は、取得したログデータファイルを参照する為のファイルパス情報である。行データ431の414で対応付けられたログデータファイルの例を441に示す。 Acquisition date 413 indicates the acquisition date of each log data file. The log data reference information 414 is file path information for referring to the acquired log data file. An example of the log data file associated with the row data 431 414 is shown at 441.
 図4Bにログデータの一例を示す。ログデータは、システムを構成するデバイスやソフトウェアによって生成される。ログデータは運用作業の実行の結果、クラウド基盤上で実行された処理イベントの実行履歴である。ログデータは通常、デバイスやソフトウェア上で実行された処理イベントについて、処理イベントの実行結果・経過を1行単位のテキストデータに、複数行にわたり記される。ログデータは1行単位で記される情報として、実行結果や中間状態がログデータとして記された時刻データや処理イベントの名称(vm.startVmやvolume.ExportDiskなど)、処理イベントのID(本実施例ではopID=xxxと表記される)等が含まれる。ログデータに含まれる情報は、仮想環境管理サーバや仮想化サーバ内部で実行された処理イベント情報が含まれているが、運用作業を直接示唆する情報(VMの定時バックアップなど)は含まれていない。 Fig. 4B shows an example of log data. Log data is generated by a device or software constituting the system. The log data is an execution history of processing events executed on the cloud platform as a result of execution of operation work. In general, log data is recorded on a plurality of lines of text data in units of one line for execution results and progress of processing events for processing events executed on a device or software. The log data is information written in units of one line, time data in which execution results and intermediate states are recorded as log data, processing event names (vm.startVm, volume.ExportDisk, etc.), processing event ID (this implementation) In the example, it is expressed as opID = xxx). The information included in the log data includes processing event information executed inside the virtual environment management server and virtualization server, but does not include information that directly suggests the operation work (such as scheduled VM backup). .
 (ログフォーマット管理テーブル243)
 図5はログフォーマット管理テーブル243の構成を示したものである。ログフォーマット管理テーブル243は、運用作業分析のために収集したログデータから、仮想化サーバ115a-d、または、仮想環境管理サーバ112で実行された処理イベントを抽出するために必要なテーブルである。ログフォーマット管理テーブル243は、イベント検出情報511と詳細パラメータ検出情報512を有する。 (Log format management table 243)
FIG. 5 shows the configuration of the log format management table 243. The log format management table 243 is a table necessary for extracting processing events executed by the virtualization servers 115a to 115d or the virtual environment management server 112 from log data collected for operational work analysis. The log format management table 243 includes event detection information 511 and detailed parameter detection information 512.
 イベント検出情報511は主に処理イベント把握部241に参照され、イベント把握に利用される。詳細パラメータ検出情報512は、処理イベント把握部241で把握された各処理イベントについて、処理イベントに付随するパラメータを取得するために、パラメータ抽出部242で参照される。 The event detection information 511 is mainly referred to by the processing event grasping unit 241 and used for event grasping. The detailed parameter detection information 512 is referred to by the parameter extraction unit 242 in order to acquire a parameter associated with the processing event for each processing event grasped by the processing event grasping unit 241.
 イベント検出情報511は、対象ログ種521、イベント種特定ログ行検出キー522、処理イベント種別523を有する。対象ログ種521は、クラウド環境種531、ログファイル種532を有する。イベント検出情報511は、分析対象ログファイルに対して処理イベントに関するログ行を検出する為のイベント種特定ログ行検出キー522を一意に決定するために利用され、処理イベント把握部241にログデータファイルが入力された際に、当該ログファイルに付随するログデータ種別411と合致するイベント検出情報511を持つ行が選択される。処理イベント把握部241は、選択されたログ行に含まれるイベント種特定ログ行検出キー522を用いて、入力ログデータ内から、処理イベントの有無を検出し、なおかつ、検出した各処理イベントのイベント種別が含まれるログ行を取得する。 The event detection information 511 includes a target log type 521, an event type specific log line detection key 522, and a processing event type 523. The target log type 521 includes a cloud environment type 531 and a log file type 532. The event detection information 511 is used to uniquely determine an event type specific log row detection key 522 for detecting a log row related to a processing event with respect to the analysis target log file, and the log data file is stored in the processing event grasping unit 241. Is input, a row having event detection information 511 that matches the log data type 411 attached to the log file is selected. The process event grasping unit 241 uses the event type specific log line detection key 522 included in the selected log line to detect the presence / absence of a process event from the input log data and to detect the event of each detected process event. Get the log line that contains the type.
 (詳細パラメータ検出情報512)
 詳細パラメータ検出情報512は、抽出対象パラメータ524、抽出方法525、対象ログファイル種526、パラメータ抽出処理雛形情報527を有する。処理イベント把握部241が検出した処理イベント毎に、その処理イベントの処理イベント種別に応じて、取得すべきパラメータについての抽出方法525、パラメータ情報が含まれる対象ログファイル種526、対象ログファイルに対するパラメータ抽出処理雛形情報527が定義されている。抽出方法525は、収集したログ行からのキーバリュー値の検出のほか、特定のログ行間の差分比較やクラウド構成情報管理テーブル212の参照など、処理イベントに関連したログ行以外への処理が規定されていても良い。 (Detailed parameter detection information 512)
The detailed parameter detection information 512 includes an extraction target parameter 524, an extraction method 525, a target log file type 526, and parameter extraction processing template information 527. For each processing event detected by the processing event grasping unit 241, an extraction method 525 for a parameter to be acquired, a target log file type 526 including parameter information, and a parameter for the target log file according to the processing event type of the processing event Extraction processing template information 527 is defined. In the extraction method 525, in addition to the detection of the key value value from the collected log rows, the processing other than the log row related to the processing event is regulated, such as the difference comparison between specific log rows and the reference to the cloud configuration information management table 212. May be.
 詳細パラメータ検出情報512で規定可能な処理情報について、543によるパラメータ抽出を例とすれば、仮想リソースの設定情報変更の処理イベントなどにおいて、処理イベントを検出したログファイル以外のログファイルに対するパラメータ抽出処理が規定されていても良い。抽出方法についても、特定ログ行のキーバリュー値取得だけでなく、複数のログ行におけるキーバリュー値の差分や比較により、パラメータの抽出処理が規定されていても良い。 For the processing information that can be defined by the detailed parameter detection information 512, if the parameter extraction by 543 is taken as an example, the parameter extraction processing for log files other than the log file that detected the processing event in the processing event of the virtual resource setting information change or the like May be specified. As for the extraction method, parameter extraction processing may be defined not only by acquiring key value values of specific log lines but also by differences or comparison of key value values in a plurality of log lines.
 ログフォーマット管理テーブル243は、システムの管理者が手作業等で作成し、運用作業分析サーバ104の記憶装置に格納しておくことができる。ログフォーマット管理テーブル243のイベント検出情報511を利用することで、ログファイルから処理イベントとその種類を検出することができる。 The log format management table 243 can be created manually by the system administrator and stored in the storage device of the operation work analysis server 104. By using the event detection information 511 of the log format management table 243, it is possible to detect the processing event and its type from the log file.
 また、ログフォーマット管理テーブル243の詳細パラメータ検出情報512が示すルールを用いることにより、処理イベントに関連する詳細パラメータを抽出することができる。例えば、ルールには、処理イベントに対応して、抽出すべきパラメータの種類あるいはパラメータ名、抽出方法、対象となるログファイル種、パラメータ抽出処理の雛形等の少なくとも一つを含む。対象となるログファイル種を規定しておくことで、抽出すべきパラメータが別のファイルにあるような場合でも、処理イベント種別に対応する詳細パラメータを、ログファイルから抽出することができる。具体的な抽出処理は、ルールが保持する情報の文字列とログファイル中の文字列のマッチング処理によって、ログファイル中の文字列パターンである、詳細パラメータ文字列パターンを抽出することにより実行することができる。 Further, by using the rules indicated by the detailed parameter detection information 512 of the log format management table 243, it is possible to extract detailed parameters related to the processing event. For example, the rule includes at least one of the type or parameter name of the parameter to be extracted, the extraction method, the target log file type, the model of the parameter extraction process, and the like corresponding to the processing event. By defining the target log file type, detailed parameters corresponding to the processing event type can be extracted from the log file even when the parameter to be extracted is in another file. The specific extraction process is executed by extracting the detailed parameter character string pattern, which is the character string pattern in the log file, by matching the character string of the information held in the rule with the character string in the log file. Can do.
 (処理イベント管理テーブル236)
 図6は処理イベント管理テーブル236の構成を示したものである。処理イベント管理テーブル236は、処理イベント抽出部233によって抽出された各処理イベントをテーブル形式で構造化し、行単位で管理するものである。処理イベント管理テーブル236は、各処理イベントに関する情報として、実行時間611、処理イベント種別612、処理イベントパラメータ613を有する。 (Processing event management table 236)
FIG. 6 shows the configuration of the processing event management table 236. The processing event management table 236 is configured to structure each processing event extracted by the processing event extraction unit 233 in a table format and manage it in units of rows. The processing event management table 236 includes an execution time 611, a processing event type 612, and a processing event parameter 613 as information regarding each processing event.
 実行時間611は、処理イベント抽出部233により抽出された各処理イベントの実行時刻の情報である。処理イベント種別612は各処理イベントの処理イベント種名である。処理イベントパラメータ613は、各処理イベント毎に、パラメータ抽出部242が取得した各パラメータが、パラメータ名とパラメータの値と対応付けられて格納されたものである。処理イベント毎のパラメータ数は固定長である必要はなく、可変長であってもよい。パラメータ名としてはリソースの種別(Disk IDなど)や変更対象項目の種別(メモリサイズなど)があり、パラメータとしてはリソースの識別子(Disk-23など)や変更対象項目の変更後の設定値(4096 MBなど)がある。 The execution time 611 is information on the execution time of each processing event extracted by the processing event extraction unit 233. The process event type 612 is a process event type name of each process event. The processing event parameter 613 is obtained by storing each parameter acquired by the parameter extraction unit 242 in association with a parameter name and a parameter value for each processing event. The number of parameters for each processing event need not be a fixed length, but may be a variable length. The parameter name includes the type of resource (such as Disk ID) and the type of change target item (such as memory size), and the parameter includes a resource identifier (such as Disk-23) and a set value after change of the change target item (4096). MB).
 (処理イベントグループ管理テーブル253)
 図7は処理イベントグループ管理テーブル253の構成を示したものである。処理イベントグループ管理テーブル253は、処理イベントグルーピング部251によってグルーピングされた処理イベントを有する。処理イベントグループ管理テーブル253によって管理される処理イベントグループは、VM ID711をグループIDとして有する。この他、実行時間611、処理イベント種別612、処理イベントパラメータ613を有するが、これらの情報は処理イベント管理テーブル236と同様の列データである。処理イベントグループ管理テーブル253においても、各行が1つの処理イベントに対応している。処理イベントグループ管理テーブル253から1つの処理イベントグループを参照する際は、VM ID711を検索キー情報として用いることにより参照できる。 (Processing event group management table 253)
FIG. 7 shows the configuration of the processing event group management table 253. The processing event group management table 253 includes processing events grouped by the processing event grouping unit 251. The processing event group managed by the processing event group management table 253 has a VM ID 711 as a group ID. In addition, although it has an execution time 611, a processing event type 612, and a processing event parameter 613, these pieces of information are the same column data as the processing event management table 236. Also in the processing event group management table 253, each row corresponds to one processing event. When referring to one processing event group from the processing event group management table 253, the VM ID 711 can be referred to as search key information.
 (運用作業マッピングテーブル237)
 図8は、運用作業マッピングテーブル237の構成を示したものである。運用作業マッピングテーブル管理部235が管理する運用作業マッピングテーブル237は、運用作業特定部252から参照され、処理イベントと運用作業の対応関係を特定する処理に用いられる。運用作業マッピングテーブル237は、マッピング優先度811、運用作業名812、運用作業識別子813、処理イベント列814、順序性815、関連付け時間範囲817、重複818に対する定義情報を有する。 (Operation work mapping table 237)
FIG. 8 shows the configuration of the operation work mapping table 237. The operation work mapping table 237 managed by the operation work mapping table management unit 235 is referred to by the operation work specifying unit 252 and used for processing for specifying the correspondence between the processing event and the operation work. The operation work mapping table 237 has definition information for mapping priority 811, operation work name 812, operation work identifier 813, processing event sequence 814, order 815, association time range 817, and overlap 818.
 マッピング優先度811は、運用作業特定処理において、優先的にマッピングされる必要のある作業を定義する。異なる運用作業のマッピング情報を示す821、824を例にとると、同様の処理イベント列814に対して、異なる運用作業が対応付けの候補となる場合がある。これを解決するために、優先的にマッピングされるべき処理イベントと運用作業を指定する情報がマッピング優先度811であり、運用作業特定処理は、マッピング優先度811が高い運用作業から順に実施される(本実施例では優先度の数値が小さい運用作業から順に実施される)。 The mapping priority 811 defines work that needs to be preferentially mapped in the operation work specifying process. Taking 821 and 824 indicating mapping information of different operation tasks as an example, different operation tasks may be candidates for association with respect to the same processing event sequence 814. In order to solve this, the information specifying the processing event and the operation work to be preferentially mapped is the mapping priority 811, and the operation work specifying process is performed in order from the operation work having the highest mapping priority 811. (In the present embodiment, the operation work is performed in order from the smallest priority value).
 運用作業名812、運用作業識別子813は運用作業を識別する為の情報である。処理イベント列814は、運用作業に該当する処理イベント部分列を定義したものである。順序性815は、運用作業に対応する処理イベント列において、各処理イベントの登場するべき順序を定義する。815で定義された順序で処理イベントが出現しない処理イベント列は運用作業と対応付けない。機器ID種816は、各処理イベントが対象としていた仮想リソース種を定義する。 The operation work name 812 and the operation work identifier 813 are information for identifying the operation work. The process event sequence 814 defines a process event subsequence corresponding to the operation work. The order 815 defines the order in which each processing event should appear in the processing event sequence corresponding to the operation work. A process event sequence in which process events do not appear in the order defined in 815 is not associated with an operation work. The device ID type 816 defines the virtual resource type targeted by each processing event.
 関連付け時間範囲817は、運用作業に対応する処理イベント部分列について、先頭の処理イベントから終端の処理イベントまでが完了するまでの時間範囲の上限を定めたものである。関連付け時間範囲817の情報に基づいて、時間的に大きく離れた異なる複数のイベントが、1つの運用作業として特定されないようにすることもできる。図8の例では、運用作業名812に対応して関連付け時間範囲817を定めているが、機器ID種816に対応して定めてもよい。機器ID種816に対応して定める方式では、例えば、ハードディスク容量に機種ごとの差があるような場合に有効である。また、関連付け時間範囲817は固定値としてもよいし、オペレータによる操作等により可変としてもよい。 The association time range 817 defines the upper limit of the time range from the first processing event to the end processing event for the processing event subsequence corresponding to the operation work. Based on the information in the association time range 817, a plurality of different events greatly separated in time can be prevented from being identified as one operation work. In the example of FIG. 8, the association time range 817 is determined corresponding to the operation work name 812, but may be determined corresponding to the device ID type 816. The method determined in accordance with the device ID type 816 is effective, for example, when there is a difference in the hard disk capacity for each model. The association time range 817 may be a fixed value or may be variable by an operation by an operator.
 重複818は、運用作業に対応する処理イベント列の中で重複が許されるかを定義するものである。1回のみ出現すべきイベントに対しては「無」を、1回以上繰り返し出現してもよいイベントに対しては「有」のフラグを立てる。重複818の情報を用いることで、ひとつの運用作業が作業内容に応じて異なる個数の処理イベントを発生させる場合であっても、システムログから適切に運用作業を検出することができる。 Duplicate 818 defines whether duplication is allowed in the process event sequence corresponding to the operation work. A flag of “No” is set for an event that should appear only once, and a “Yes” flag is set for an event that may appear once or more. By using the information of the duplication 818, it is possible to appropriately detect the operation work from the system log even when one operation work generates a different number of processing events according to the work content.
 後に図13で説明するように、本実施例における具体的な運用作業特定処理は、処理イベントグループ管理テーブル253(図7)に格納された処理イベントグループ内の処理イベントを、実行時間611により時系列順序に並べた処理イベント列から、運用作業マッピングテーブル237(図8)に規定する順序性や時間範囲などの制約条件に従って、処理イベント列814を検出する処理である。検出した結果は、運用作業管理テーブル213(図10)に格納される。 As will be described later with reference to FIG. 13, the specific operation work specifying process in the present embodiment is a process event in the process event group stored in the process event group management table 253 (FIG. 7) according to the execution time 611. This is a process for detecting the process event sequence 814 from the process event sequence arranged in the sequence order according to the constraints such as the order and time range defined in the operation work mapping table 237 (FIG. 8). The detected result is stored in the operation work management table 213 (FIG. 10).
 (クラウド構成情報管理テーブル212)
 図9は、クラウド構成情報管理テーブル212の構成を示したものである。クラウド構成情報管理テーブル212は、データセンタ101内のクラウド環境に存在するVMや仮想DIskなどの仮想リソースの構成情報を有する。本実施例のクラウド構成情報テーブルの例では、個々のVMに対して関連付けられる機器は固定長である必要は無く可変であってもよい。クラウド構成情報管理テーブル212は、各VMについて、時系列に沿った構成情報の変化を保持する。 (Cloud configuration information management table 212)
FIG. 9 shows the configuration of the cloud configuration information management table 212. The cloud configuration information management table 212 includes configuration information of virtual resources such as VMs and virtual DIsks that exist in the cloud environment in the data center 101. In the example of the cloud configuration information table of the present embodiment, the devices associated with individual VMs do not need to have a fixed length and may be variable. The cloud configuration information management table 212 holds changes in configuration information in time series for each VM.
 クラウド構成情報管理テーブル212はVM ID911、912構成情報有効期間開始時刻912、構成情報有効期間終了時刻913、及び、914に示した関連機器接続情報を有する。各行はそれぞれ、該当するVMにおける、構成情報有効期間開始時刻912から構成情報有効期間終了時刻913まで取っていた構成情報を示す(両者の時刻情報を必ずしも持つ必要はなく、任意の過去の時刻における構成情報を検索できればよい)。 The cloud configuration information management table 212 has VM ID 911, 912 configuration information valid period start time 912, configuration information valid period end time 913, and related device connection information shown in 914. Each row indicates the configuration information taken from the configuration information valid period start time 912 to the configuration information valid period end time 913 in the corresponding VM (the time information of both is not necessarily required and at any past time) It only needs to be able to search the configuration information).
 931-933は当該VMに対して2度の構成変更が行われたことを示す。クラウド構成情報管理テーブル212は、VM ID911を有しており、個別のVMについて、構成情報及びその変化を参照する場合には、VM ID911をキー情報として参照することができる。クラウド構成情報管理テーブル212の関連機器接続情報914は、例えばリソースの識別子を用いて、リソース相互の関連性を示すことができる。関連機器接続情報914のリソースの識別子に基づいて、処理イベント管理テーブル236(図6)に格納された複数の処理イベントから、関連するリソースの識別子を持つ処理イベントを抽出し、グルーピングすることができる。グルーピング結果は、処理イベントグループ管理テーブル253(図7)として格納する。 931-933 indicates that the configuration change has been made twice for the VM. The cloud configuration information management table 212 has a VM ID 911, and when referring to configuration information and changes thereof for individual VMs, the VM ID 911 can be referred to as key information. The related device connection information 914 in the cloud configuration information management table 212 can indicate the relationship between resources using, for example, a resource identifier. Based on the resource identifier of the related device connection information 914, a processing event having a related resource identifier can be extracted and grouped from a plurality of processing events stored in the processing event management table 236 (FIG. 6). . The grouping result is stored as a processing event group management table 253 (FIG. 7).
 (運用作業管理テーブル213)
 図10は、運用作業管理テーブル213の構成を示す。運用作業管理テーブル213は、VM ID711、実行時間611、運用作業識別子1011、処理イベント種別612、処理イベントパラメータ613を有している。運用作業管理テーブル213は、運用作業検出部234によって処理イベントグループから特定した運用作業情報を管理し、運用作業フロー表示部225から参照される。 (Operation work management table 213)
FIG. 10 shows the configuration of the operation work management table 213. The operation work management table 213 includes a VM ID 711, an execution time 611, an operation work identifier 1011, a process event type 612, and a process event parameter 613. The operation work management table 213 manages the operation work information specified from the processing event group by the operation work detection unit 234 and is referred to from the operation work flow display unit 225.
 運用作業管理テーブル213は、処理イベントグループ管理テーブル253に格納されている処理イベント列に対して、運用作業を対応付けた情報が格納されるため、VM ID711、実行時間611、処理イベント種別612、処理イベントパラメータ613については、図7の処理イベントグループ管理テーブルで説明した情報と同等の情報を有している。 Since the operation work management table 213 stores information in which the operation work is associated with the process event sequence stored in the process event group management table 253, the VM ID 711, the execution time 611, the process event type 612, The processing event parameter 613 has information equivalent to the information described in the processing event group management table of FIG.
 運用作業識別子1011については、各処理イベント列について、対応付けられた運用作業を識別する為の識別子情報である。図10の例では、上から3行目までの処理イベントが、同一の運用作業の一連のイベントであることが分かる。 The operation work identifier 1011 is identifier information for identifying the associated operation work for each processing event sequence. In the example of FIG. 10, it can be seen that the processing events from the top to the third line are a series of events of the same operation work.
 (運用作業分析サーバ104における全体処理フロー)
 図11は、運用作業分析サーバ104における、ログデータ取得から運用作業フローの表示までの全体処理フローを示したものである。運用作業分析サーバ104は、ユーザ105の入力によりログデータ取得を実施する(S1111)。ログデータ取得の例として、ログデータ収集の為にアクセスする外部端末接続情報入力とログデータ収集要求の発信か、ユーザ105が持つログデータファイルの入力受けつけにより運用作業分析が実施される。 (Overall processing flow in the operation work analysis server 104)
FIG. 11 shows an overall processing flow from log data acquisition to operation work flow display in the operation work analysis server 104. The operation work analysis server 104 acquires log data according to the input of the user 105 (S1111). As an example of log data acquisition, operation work analysis is performed by inputting external terminal connection information to be accessed for log data collection and sending a log data collection request, or by accepting input of a log data file held by the user 105.
 他端末からのログデータ収集を行う場合は、ログデータ収集部231がユーザ入力済みの接続先情報(IPアドレスやログインユーザ名・パスワードなど)を基に他端末からのログデータ取得を行い、取得したログデータはログデータ管理テーブル211に格納する(S1121)。端末からのログデータ取得の方法については、仮想環境管理端末上に既に取得されたログデータをファイル転送などで取得する方法や、仮想環境接続用端末103を経由してデータセンタ101の仮想環境管理サーバ112に接続し、ログデータを取得する方法などを含む。 When collecting log data from other terminals, the log data collection unit 231 obtains log data from other terminals based on the connection destination information (IP address, login user name, password, etc.) already entered by the user. The log data thus stored is stored in the log data management table 211 (S1121). As for log data acquisition method from the terminal, a method of acquiring log data already acquired on the virtual environment management terminal by file transfer or the like, or virtual environment management of the data center 101 via the virtual environment connection terminal 103 A method of connecting to the server 112 and acquiring log data is included.
 ユーザが保持するログデータを入力として運用作業分析を実施する場合は、ユーザにより入力されたログデータをログデータ受付部232がログデータ管理テーブル211へ格納する(S1122)。 When performing the operation work analysis using the log data held by the user as input, the log data receiving unit 232 stores the log data input by the user in the log data management table 211 (S1122).
 本実施例では、クラウド構成情報管理部123が仮想リソース構成管理サーバ113と連携して最新のクラウド構成情報を保持しているが、クラウド構成情報の連携を行っていない、若しくは、最新のクラウド構成情報を保持していない場合は、仮想リソース構成管理サーバ113からクラウド構成情報を取得し、クラウド構成情報管理テーブル212に格納する(S1112)。 In the present embodiment, the cloud configuration information management unit 123 holds the latest cloud configuration information in cooperation with the virtual resource configuration management server 113, but the cloud configuration information is not linked or the latest cloud configuration If the information is not held, the cloud configuration information is acquired from the virtual resource configuration management server 113 and stored in the cloud configuration information management table 212 (S1112).
 次に、ステップS1121、または、ステップS1122で取得したログデータとログフォーマット管理テーブル243を用いて、処理イベントの抽出及び処理イベント管理テーブルへの格納を行う(S1113)。ステップS1113の処理フローの詳細は図12で説明する。 Next, using the log data acquired in step S1121 or step S1122 and the log format management table 243, processing events are extracted and stored in the processing event management table (S1113). Details of the processing flow of step S1113 will be described with reference to FIG.
 次に、処理イベントグルーピング部251が、クラウド構成情報管理テーブル212に管理されているクラウド構成情報を用いて、S1113で抽出した処理イベントをVM単位にグルーピングして処理イベントグループ管理テーブル253に格納する(S1114)。ステップS1114の処理フローの詳細は図13で説明する。 Next, the processing event grouping unit 251 uses the cloud configuration information managed in the cloud configuration information management table 212 to group the processing events extracted in S1113 into VM units and stores them in the processing event group management table 253. (S1114). Details of the processing flow of step S1114 will be described with reference to FIG.
 次に、運用作業特定部252は、処理イベントグループ管理テーブル253にて管理される各処理イベントグループに対して、運用作業マッピングテーブル237を用いて運用作業特定を行い、その結果を運用作業管理テーブル213に格納する(S1115)。ステップS1115の処理フローの詳細は図13で説明する。 Next, the operation work specifying unit 252 specifies an operation work for each process event group managed by the process event group management table 253 using the operation work mapping table 237, and the result is the operation work management table. It is stored in 213 (S1115). Details of the processing flow of step S1115 will be described with reference to FIG.
 最後に、運用作業フロー表示部225は、運用作業管理テーブル213に格納されている運用作業情報について、処理イベントグループ(VM)毎に参照し、時系列順に並び替えたものを描画する(S1116)。以上が全体処理フローの流れである。 Finally, the operation work flow display unit 225 refers to the operation work information stored in the operation work management table 213 for each processing event group (VM), and renders the information rearranged in time series (S1116). . The above is the flow of the entire processing flow.
 (処理イベント抽出処理のフロー)
 図12は、処理イベント抽出部233における、ログデータからの処理イベント抽出処理のフローを示したものである。処理イベント抽出処理では、ログデータ管理部124からログデータのログ種別を参照し、分析対象ログデータ種に合致するイベント検出情報をログフォーマット管理テーブル243から読み込む(S1211)。 (Processing event extraction process flow)
FIG. 12 shows a flow of processing event extraction processing from log data in the processing event extraction unit 233. In the process event extraction process, the log data management unit 124 refers to the log type of the log data, and reads event detection information matching the analysis target log data type from the log format management table 243 (S1211).
 次に、ログデータの先頭行から順に、S1211で読み込んだログフォーマット管理テーブル243に定義されている、イベント種特定ログ行検出キー522を含むログ行を検出する(S1221)。 Next, in order from the first line of the log data, log lines including the event type specific log line detection key 522 defined in the log format management table 243 read in S1211 are detected (S1221).
 検出したログ行について、対象ログ行内の特定のフィールドデータ抽出や、既知の処理イベント種別523との文字列マッチング処理などにより処理イベント種を特定し、ログフォーマット管理テーブル243上に、対象ログ種521、処理イベント種別523毎に定義されている、詳細パラメータ検出情報512を読み込む(S1222)。 For the detected log line, a process event type is specified by extracting specific field data in the target log line, a character string matching process with a known process event type 523, and the like, and the target log type 521 is stored in the log format management table 243. The detailed parameter detection information 512 defined for each processing event type 523 is read (S1222).
 詳細パラメータ検出情報512に定義されている抽出対象パラメータ毎に抽出処理を実行する(S1231-1233)。抽出処理は詳細パラメータ検出情報512に定義されている対象ログファイル種526を読み込み、パラメータ抽出処理雛形情報527を用いて実施する。抽出対象のパラメータによっては、S1221で処理イベントの検出を行ったログファイルとは異なるファイルを利用する場合がある(543-544)。 Extraction processing is executed for each extraction target parameter defined in the detailed parameter detection information 512 (S1231-1233). The extraction process is performed by reading the target log file type 526 defined in the detailed parameter detection information 512 and using the parameter extraction process template information 527. Depending on the parameters to be extracted, a file different from the log file in which the processing event was detected in S1221 may be used (543-544).
 抽出した処理イベントは、処理イベント名(S1222)、抽出パラメータ(S1231-S1233で抽出)、時刻情報(S1222の検出ログ行のタイムスタンプなど)を処理イベント管理テーブル236に格納する(S1223)。以上が、処理イベント抽出部233における、ログデータからの処理イベント抽出処理のフローである。 The extracted processing event stores the processing event name (S1222), the extraction parameter (extracted in S1231-S1233), and time information (such as the time stamp of the detection log line in S1222) in the processing event management table 236 (S1223). The above is the flow of processing event extraction processing from log data in the processing event extraction unit 233.
 (運用作業検出処理のフロー)
 図13は、運用作業検出部234における運用作業検出処理フローを示したものである。運用作業検出処理では、クラウド内VM構成情報参照部321が、クラウド構成情報管理テーブル212からVM毎の構成情報テーブル311a-cを取得する(S1311)。 (Operation work detection process flow)
FIG. 13 shows an operation work detection process flow in the operation work detection unit 234. In the operation work detection process, the in-cloud VM configuration information reference unit 321 acquires the configuration information tables 311a-c for each VM from the cloud configuration information management table 212 (S1311).
 次にS1311で取得した構成情報テーブル311a-cを1つずつ読み込み、それぞれに対して下記のS1331-S1335の処理を繰り返し実行する(S1321)。 Next, the configuration information tables 311a-c acquired in S1311 are read one by one, and the following processes of S1331 to S1335 are repeatedly executed for each (S1321).
 VM関連機器ID取得部322は、構成情報テーブル311毎に、テーブルエントリを1行読み込む。各行は、対象のVM ID911をもつVMが構成情報有効期間内(912、913)に取っていた構成情報を示している。処理イベントグループ抽出部323は、関連機器接続情報914に定義された機器IDとVM ID911を取得し(S1332)する。 The VM related device ID acquisition unit 322 reads one table entry for each configuration information table 311. Each row indicates the configuration information that the VM having the target VM ID 911 took within the configuration information valid period (912, 913). The process event group extraction unit 323 acquires the device ID and VM ID 911 defined in the related device connection information 914 (S1332).
 処理イベント管理テーブル236に格納されている処理イベントから、構成情報有効期間内(912、913)の実行時間611を持ち、且つ、S1332で取得した機器IDやVM IDを持つ処理イベントを検出する(S1333)。 From the processing events stored in the processing event management table 236, a processing event having an execution time 611 within the configuration information validity period (912, 913) and having the device ID or VM ID acquired in S1332 is detected ( S1333).
 S1333で検出した処理イベントを、S1332で取得したVM IDを処理イベントグループのグループID711と関連付けて処理イベントグループ管理テーブル253に格納する(S1334)。 The processing event detected in S1333 is stored in the processing event group management table 253 in association with the VM ID acquired in S1332 and the group ID 711 of the processing event group (S1334).
 S1332-S1334の処理を全てのテーブルエントリ行に対して実施する(S1335)。 The processing of S1332-S1334 is performed for all table entry rows (S1335).
 次に、運用作業特定部252が、運用作業マッピングテーブル237を読み込み(S1312)、処理イベントグループ参照部332は、処理イベントグループ管理テーブル253から1つの処理イベントグループを参照する(S1341)。 Next, the operation work specifying unit 252 reads the operation work mapping table 237 (S1312), and the process event group reference unit 332 refers to one process event group from the process event group management table 253 (S1341).
 S1312で読み込んだ運用作業マッピング情報について、マッピング優先度811が高いものから1つずつ読み込み(S1351)、運用作業マッピング処理部333による、運用作業と処理イベントグループ内の処理イベント列のマッピング処理を行う(S1352)。マッピング処理は、処理イベントグループ内の処理イベント列の中から、各運用作業に対応する処理イベント列814の検出を行う。処理イベント列の検出は例えばBrute forceアルゴリズムの適用により実現するが、この方法に限らず適宜の方法を用いればよい。 The operation work mapping information read in S1312 is read one by one from the one with the highest mapping priority 811 (S1351), and the operation work mapping processing unit 333 performs the mapping process between the operation work and the process event sequence in the process event group. (S1352). In the mapping process, the process event sequence 814 corresponding to each operation work is detected from the process event sequence in the process event group. The detection of the process event sequence is realized by applying, for example, the Brute force algorithm, but the present invention is not limited to this method, and an appropriate method may be used.
 検出した処理イベント部分列は運用作業識別子と共に、運用作業管理テーブルへ格納する(S1353)。 The detected process event subsequence is stored in the operation work management table together with the operation work identifier (S1353).
 S1352-S1353の処理を、各処理イベントグループに対して、運用作業マッピング情報の優先度順に、マッピング作業を繰り返す(S1354)ことで、処理イベントグループの処理イベント列を運用作業で置換した運用作業情報を得る(S1342)。以上が運用作業検出部234における運用作業検出処理フローである。本実施例では、図13の運用作業検出処理は、自動生成された図6の処理イベント管理テーブルの情報に対して行うものとした。他の方法としては、処理イベント管理テーブルの処理イベント種別や処理イベントパラメータを、オペレータが手動で入力したデータを基に処理を行ってもよい。 The operation work information obtained by replacing the process event sequence of the process event group with the operation work by repeating the mapping work in the order of the priority of the operation work mapping information for each process event group in the processes of S1352 to S1353 (S1354). Is obtained (S1342). The operation work detection process flow in the operation work detection unit 234 has been described above. In this embodiment, the operation work detection process of FIG. 13 is performed on the automatically generated information in the process event management table of FIG. As another method, processing event types and processing event parameters in the processing event management table may be processed based on data manually input by the operator.
 (GUI画面1401)
 図14は、運用作業可視化部121が、ユーザ105に対して提示するGUI(Graphical User Interface)画面1401の一例である。GUI画面1401は、例えば、運用作業分析操作部1411、運用作業傾向分析表示部1412、設定情報入力部1413を含む。 (GUI screen 1401)
FIG. 14 is an example of a GUI (Graphical User Interface) screen 1401 that the operation work visualization unit 121 presents to the user 105. The GUI screen 1401 includes, for example, an operation work analysis operation unit 1411, an operation work trend analysis display unit 1412, and a setting information input unit 1413.
 運用作業分析操作部1411は、運用作業分析の結果として取得した運用作業フローを表示や操作を実行する。 The operation work analysis operation unit 1411 displays and operates the operation work flow acquired as a result of the operation work analysis.
 運用作業傾向分析表示部1412は、運用作業分析結果に対する運用作業毎の頻度分析などを表示する。また運用作業傾向分析表示部は過去に実施した運用作業分析結果に対する分析処理を提供しても良い。 The operation work trend analysis display unit 1412 displays a frequency analysis for each operation work with respect to the operation work analysis result. The operation work trend analysis display unit may provide an analysis process for the operation work analysis result performed in the past.
 設定情報入力部1413は、ログデータに対する分析処理に利用する設定情報(例えば、ログフォーマット管理テーブル243や運用作業マッピングテーブル237)に対する変更入力を受け付ける機能部であり、変更内容は設定情報編集部221を通じて各テーブルに反映される。分析対象のクラウド環境かログデータファイルを指定し、ログデータ収集及び分析を開始する。 The setting information input unit 1413 is a functional unit that accepts a change input to setting information (for example, the log format management table 243 and the operation work mapping table 237) used for analysis processing for log data, and the change content is the setting information editing unit 221. Is reflected in each table. Specify the analysis target cloud environment or log data file, and start log data collection and analysis.
 運用作業分析操作部1411は、分析対象ログデータ取得情報入力部1421、運用作業フロー表示パネル操作部1422、運用作業フロー表示パネル部1423を有する。 The operation work analysis operation unit 1411 includes an analysis target log data acquisition information input unit 1421, an operation work flow display panel operation unit 1422, and an operation work flow display panel unit 1423.
 分析対象ログデータ取得情報入力部1421は、分析処理に利用するログデータ取得のために、ログデータ収集部231が接続する他端末接続情報や、ログデータ受付部232へ渡すログデータのファイルパスを受け付ける機能部である。 The analysis target log data acquisition information input unit 1421 receives other terminal connection information connected to the log data collection unit 231 and the log data file path to be passed to the log data reception unit 232 in order to acquire log data used for analysis processing. It is a functional part that accepts.
 運用作業フロー表示パネル操作部1422は、運用作業フロー表示パネル部1423に表示されたフローチャートの表示内容を操作する。操作内容の例は、運用作業を把握したいVMの指定の有無や、運用作業フローを表示する期間の指定などである。 The operation workflow display panel operation unit 1422 operates the display contents of the flowchart displayed on the operation workflow display panel unit 1423. Examples of the operation contents include the presence / absence of designation of a VM for which the operation work is to be grasped, designation of a period for displaying the operation work flow, and the like.
 運用作業フロー表示パネル部1423は、分析結果として、運用作業管理テーブル213に管理される運用作業情報をVM ID711毎に参照し、参照した運用作業情報の実行時間611を基に順序整形フローチャート状に表示する。なお、順序性0は順序性を持たないことを表す。 The operation work flow display panel unit 1423 refers to the operation work information managed in the operation work management table 213 for each VM ID 711 as an analysis result, and forms an order shaping flowchart based on the execution time 611 of the referenced operation work information. indicate. Note that the order 0 means no order.
 このように、本実施例では情報処理システムで実施された仮想リソースに対する運用作業を特定し表示する管理方法について、情報処理システムは一つ以上のシステムログデータを生成し、システムログデータの指定を入力として、情報処理システム環境における仮想リソースの識別子を含む構成情報に関する1つ以上のパラメータに基づいて、1つ以上の処理イベント情報、または、1つ以上の運用作業情報を特定し、処理イベント情報または運用作業情報を表示することで、作業効率を高めることができる。 As described above, in this embodiment, regarding the management method for specifying and displaying the operation work for the virtual resource performed in the information processing system, the information processing system generates one or more system log data and specifies the system log data. As input, one or more processing event information or one or more operation work information is specified based on one or more parameters related to configuration information including a virtual resource identifier in the information processing system environment, and processing event information Alternatively, the operation efficiency can be improved by displaying the operation work information.
 (データセンタ運用作業のシーケンス図)
 図15は、運用作業分析サーバを利用したデータセンタ運用作業の把握により、既存の運用作業状況の振り返りや改善策検討をする一連のシーケンス図である。分析対象のログデータは、データセンタ運用者による日々のクラウド環境の運用作業によって自動的に生成されている。ログデータは、ログデータ収集部231によりネットワーク経由で取得する、あるいは運用作業分析実施者が予めデータセンタ運用者から渡されたログデータをログデータ受付部232に入力することにより、分析処理を行う。分析結果として得られる運用作業フローは、現状の運用作業実施状況を示している。この情報を基に、データセンタ運用者と運用作業分析実施者が、頻繁に実行される運用作業の自動化による運用作業改善策検討などを行う。 (Data center operation sequence diagram)
FIG. 15 is a series of sequence diagrams for reviewing the existing operation work status and examining improvement measures by grasping the data center operation work using the operation work analysis server. The log data to be analyzed is automatically generated by daily cloud environment operation work by a data center operator. The log data is acquired via the network by the log data collection unit 231, or the log data receiving unit 232 inputs the log data received from the data center operator in advance by the operation work analysis executor to perform analysis processing. . The operational work flow obtained as an analysis result indicates the current operational work implementation status. Based on this information, the data center operator and the operation work analyst examine operation work improvement measures by automating frequently executed operation work.
 (運用作業分析サーバ104の装置構成)
 図16に、運用作業分析サーバ104の装置構成の例を示す。図16において、運用作業分析サーバ104は、CPU1621、メモリ1622、補助記憶装置1623を備える一般的な計算機を用いて実現できる。さらに、各装置を構成するそれぞれの機能は、CPUが補助記憶装置に格納されているプログラムを実行することにより、上記計算機上に具現化される。各プログラムは、あらかじめ、上記計算機内の補助記憶装置1623に格納されていてもよい。あるいは、各プログラムは、必要なときにLANインターフェースなどの通信インターフェース1624やメディアインターフェース1625を経由して上記計算機が利用可能な媒体を介し、他の装置から上記記憶装置に導入されてもよい。媒体とは、たとえば、通信媒体(すなわち有線、無線、光などのネットワーク、または当該ネットワークを伝搬する搬送波やディジタル信号)、またはメディアインターフェース1625に着脱可能な外部記憶媒体1613を指す。なお、運用作業分析サーバ104は、入出力装置1626を介してコンソール1633に接続している。 (Apparatus configuration of the operation work analysis server 104)
FIG. 16 shows an example of the device configuration of the operation work analysis server 104. In FIG. 16, the operation work analysis server 104 can be realized by using a general computer including a CPU 1621, a memory 1622, and an auxiliary storage device 1623. Furthermore, each function which comprises each apparatus is embodied on the said computer, when CPU runs the program stored in the auxiliary storage device. Each program may be stored in advance in the auxiliary storage device 1623 in the computer. Alternatively, each program may be introduced into the storage device from another device via a medium that can be used by the computer via a communication interface 1624 such as a LAN interface or a media interface 1625 when necessary. The medium refers to, for example, a communication medium (that is, a wired, wireless, optical, or other network, a carrier wave or a digital signal that propagates through the network), or an external storage medium 1613 that can be attached to and detached from the media interface 1625. The operation work analysis server 104 is connected to the console 1633 via the input / output device 1626.
 この際、外部記憶装置(補助記憶装置)1623は、ネットワーク1631を解して接続される仮想環境接続用端末103を介して取得したログデータ管理テーブル211やクラウド構成情報管理テーブル212を始め、運用作業分析過程で利用されるログフォーマット管理テーブル243、処理イベント管理テーブル236、処理イベントグループ管理テーブル253、運用作業マッピングテーブル237を格納する記憶装置として機能する。CPU1621は、運用作業分析で用いられる上述の情報を管理すると共に、運用作業可視化部121、ログデータ分析部122、クラウド構成情報管理部123、ログデータ管理部124を構成するコントローラとして機能する。また、コンソール1633は、コントローラ(CPU1621)の制御対象であって、CPU1621の指示による情報を表示する表示装置として機能する。 At this time, the external storage device (auxiliary storage device) 1623 operates including the log data management table 211 and the cloud configuration information management table 212 acquired via the virtual environment connection terminal 103 connected via the network 1631. It functions as a storage device for storing a log format management table 243, a processing event management table 236, a processing event group management table 253, and an operation work mapping table 237 used in the work analysis process. The CPU 1621 manages the above-described information used in the operation work analysis, and functions as a controller that constitutes the operation work visualization unit 121, the log data analysis unit 122, the cloud configuration information management unit 123, and the log data management unit 124. The console 1633 is a control target of the controller (CPU 1621) and functions as a display device that displays information according to instructions from the CPU 1621.
 以上説明した実施例によれば、クラウド環境に対する運用作業に応じて、仮想化ソフトウェアや仮想環境管理サーバにより自動生成されたシステムログデータから、運用作業者が過去に実施した運用作業を特定可能できる。また、特定した運用作業を時系列に表示できるため、クラウド環境に対する運用作業の実態調査を迅速、正確に行える。 According to the embodiment described above, it is possible to identify the operation work performed by the operation worker in the past from the system log data automatically generated by the virtualization software or the virtual environment management server according to the operation work for the cloud environment. . In addition, since the identified operation work can be displayed in time series, the actual condition of the operation work for the cloud environment can be quickly and accurately performed.
 すなわち、仮想化技術を適用する情報処理システムで実施された仮想リソースの運用作業を管理する管理サーバにおいて、クラウド環境における一つ以上の仮想化ソフトウェアや仮想環境管理サーバが生成したシステムログから、操作に関わる一つ以上の処理イベントを特定することができる。 In other words, in a management server that manages the operation of virtual resources performed in an information processing system to which virtualization technology is applied, operations can be performed from one or more virtualization software in a cloud environment or a system log generated by the virtual environment management server. One or more processing events related to the can be identified.
 また、仮想化技術を適用する情報処理システムで実施された仮想リソースの運用作業を管理する管理サーバにおいて、操作に関わる一つ以上の処理イベントから、処理イベントのもととなる運用作業を特定することができる。 Also, in the management server that manages the virtual resource operation work performed in the information processing system to which the virtualization technology is applied, the operation work that is the source of the process event is identified from one or more process events related to the operation be able to.
 以上の実施例で説明した構成において各サーバは、単体のコンピュータで構成してもよいし、あるいは、入力装置、出力装置、処理装置、記憶装置の任意の部分が、ネットワークで接続された他のコンピュータで構成されてもよい。 In the configuration described in the above embodiments, each server may be configured by a single computer, or any other part of an input device, an output device, a processing device, or a storage device may be connected via a network. You may comprise with a computer.
 本実施例中、ソフトウェアで構成した機能と同等の機能は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)などのハードウェアでも実現できる。そのような態様も本願発明の範囲に含まれる。 In this embodiment, functions equivalent to those configured by software can be realized by hardware such as FPGA (Field Programmable Gate Array) and ASIC (Application Specific Integrated Circuit). Such an embodiment is also included in the scope of the present invention.
 本発明は上記した実施形態に限定されるものではなく、様々な変形例が含まれる。例えば、ある実施例の構成の一部を他の実施例の構成に置き換えることが可能であり、また、ある実施例の構成に他の実施例の構成を加えることが可能である。また、各実施例の構成の一部について、他の実施例の構成の追加・削除・置換をすることが可能である。 The present invention is not limited to the above-described embodiment, and includes various modifications. For example, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace the configurations of other embodiments with respect to a part of the configurations of the embodiments.
 (補足)
 本明細書に含まれる発明概念を以下に示す。 (Supplement)
The inventive concept included in this specification is shown below.
 (発明1)
 入力装置、出力装置、処理装置、および記憶装置を有し、情報処理システムのリソースを用いた処理イベントにより実行される運用作業を管理する管理サーバにおいて、
 前記記憶装置は、
 前記情報処理システムで実行された複数の処理イベントを、当該処理イベントに用いられた前記リソースを識別する識別子等を含むパラメータと対応付けて管理する処理イベント管理情報と、
 前記識別子を用いて前記リソース相互の関連性を示す構成情報管理情報を格納し、
 前記処理装置は、
 前記構成情報管理情報を参照し、前記複数の処理イベントを関連性のある処理イベントごとにグループ分けして、処理イベントグループ管理情報として前記記憶装置に格納する、処理イベントグルーピング部を備える、
 管理サーバあるいはそれを用いた管理方法。 (Invention 1)
In a management server that has an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using a resource of an information processing system,
The storage device
Processing event management information for managing a plurality of processing events executed in the information processing system in association with a parameter including an identifier for identifying the resource used for the processing event;
Storing configuration information management information indicating the relationship between the resources using the identifier;
The processor is
A processing event grouping unit that refers to the configuration information management information, groups the plurality of processing events for each related processing event, and stores the grouped processing event group management information in the storage device.
Management server or management method using it.
 (発明2)
 前記記憶装置は、
 前記運用作業に対応して、複数の処理イベントを順序情報とともに格納する運用作業マッピング情報を格納し、
 前記処理装置は、
 前記運用作業マッピング情報を参照し、処理イベントグループ管理情報の同一グループに属する処理イベントを、異なる前記運用作業に対応付け、運用作業管理情報として前記記憶装置に格納する運用作業特定部を備える、
 発明1に記載の管理サーバあるいはそれを用いた管理方法。 (Invention 2)
The storage device
Corresponding to the operation work, storing operation work mapping information for storing a plurality of processing events together with order information,
The processor is
An operation work specifying unit that refers to the operation work mapping information, associates process events belonging to the same group of process event group management information with different operation works, and stores them in the storage device as operation work management information,
A management server according to invention 1, or a management method using the management server.
 (発明3)
 前記構成情報管理情報は、リソースである仮想リソース間の接続関係情報を含み、
 前記処理イベントグルーピング部は、
 前記仮想リソース間の接続関係情報に基づき接続関係にある1つ以上の仮想リソースを特定する、
 発明2に記載の管理サーバあるいはそれを用いた管理方法。 (Invention 3)
The configuration information management information includes connection relation information between virtual resources that are resources,
The processing event grouping unit
Identifying one or more virtual resources in a connection relationship based on the connection relationship information between the virtual resources;
The management server of invention 2, or the management method using the same.
 (発明4)
 前記仮想リソース間の接続関係情報は、複数の時点における仮想リソース間の接続関係情報を含み、
 前記処理イベント管理情報は、各処理イベントの実行時間情報を含み、
 前記処理イベントグルーピング部は、さらに、
 前記実行時間情報に対する前記仮想リソース間の接続関係情報を特定する、
 発明3に記載の管理サーバあるいはそれを用いた管理方法。 (Invention 4)
The connection relation information between the virtual resources includes connection relation information between virtual resources at a plurality of points in time,
The processing event management information includes execution time information of each processing event,
The processing event grouping unit further includes:
Identifying connection relation information between the virtual resources for the execution time information;
A management server according to invention 3, or a management method using the management server.
 (発明5)
 仮想化技術が適用された情報処理システムで実施された少なくとも仮想マシンを含む仮想リソースに関する運用作業を管理する管理サーバである。この管理サーバは、情報処理システムで実行された1つ以上の処理イベントを管理する処理イベント管理テーブルと、1つ以上の処理イベントと、情報処理システムで実施された運用作業と、を対応付ける運用作業マッピングテーブルと、情報処理システムで実施された運用作業対象の仮想リソースに関するシステム構成情報を備え、処理イベント管理テーブルは、さらに、各処理イベントが処理対象とした仮想リソース識別子を備える。この管理サーバは、処理イベント管理テーブル内の処理イベントに対して、システム構成情報に含まれる1つ以上の仮想リソース識別子と運用作業マッピングテーブルが指定する1つ以上の処理イベントに基づいてマッチング処理を行う運用作業検出部を備え、処理イベントから1つ以上の運用作業を特定する。 (Invention 5)
It is a management server that manages an operation work related to a virtual resource including at least a virtual machine, which is implemented in an information processing system to which a virtualization technology is applied. The management server associates a processing event management table that manages one or more processing events executed in the information processing system, one or more processing events, and an operation work performed in the information processing system. A mapping table and system configuration information related to a virtual resource to be operated by the information processing system are provided, and the processing event management table further includes a virtual resource identifier that is processed by each processing event. The management server performs a matching process on the process event in the process event management table based on one or more virtual resource identifiers included in the system configuration information and one or more process events specified by the operation work mapping table. An operation work detection unit is provided, and one or more operation work is specified from the processing event.
 データセンタ等において、リソースに対する運用作業の実態把握を自動化する分野に適用が可能である。 It can be applied to the field of automating the actual situation of the operation work for resources in data centers.
 101データセンタ、102データセンタ外ネットワーク、103仮想環境接続用端末、104運用作業分析サーバ、105ユーザ、111データセンタ内ネットワーク、112a-c仮想環境管理サーバ、113仮想リソース構成管理サーバ、114ネットワーク機器、115a-d仮想化サーバ、116SAN、117a-cストレージ装置、121運用作業可視化部、122ログデータ分析部、123クラウド構成情報管理部、124ログデータ管理部、211ログデータ管理テーブル、212クラウド構成情報管理テーブル、213運用作業管理テーブル、221設定情報編集部、222分析結果傾向推定部、223データ取得要求部、224分析開始要求部、225運用作業フロー表示部、231ログデータ収集部、232ログデータ受付部、233処理イベント抽出部、234運用作業検出部、235運用作業マッピングテーブル管理部、236処理イベント管理テーブル、運用作業マッピングテーブル管理部、241処理イベント把握部、242パラメータ抽出部、243ログフォーマット管理テーブル、251処理イベントグルーピング部、252運用作業特定部、253処理イベントグループ管理テーブル、237運用作業マッピングテーブル、311a-c各VM構成情報テーブル、321クラウド内VM構成情報参照部、322VM関連機器ID取得部、323処理イベントグループ抽出部、331運用作業マッピングテーブル参照部、332処理イベントグループ参照部、333運用作業マッピング処理部、1411運用作業分析操作部、1412運用作業傾向分析表示部、1413設定情報入力部、1421分析対象ログデータ取得情報入力部、1422運用作業フロー表示パネル操作部、1423運用作業フロー表示パネル部、1621CPU、1622メモリ、1623補助記憶装置、1624通信インターフェース、1625メディアインターフェース、1626入出力装置、1631ネットワーク、1632外部記憶装置、1533コンソール 101 data center, 102 data center external network, 103 virtual environment connection terminal, 104 operation work analysis server, 105 users, 111 data center network, 112ac virtual environment management server, 113 virtual resource configuration management server, 114 network equipment 115a-d virtualization server, 116SAN, 117a-c storage device, 121 operation work visualization unit, 122 log data analysis unit, 123 cloud configuration information management unit, 124 log data management unit, 211 log data management table, 212 cloud configuration Information management table, 213 operation work management table, 221 setting information editing unit, 222 analysis result trend estimation unit, 223 data acquisition request unit, 224 analysis start request unit, 225 operation work flow display unit, 231 log data collection unit, 232 log Data reception unit, 233 processing event extraction unit, 234 operation work detection unit, 235 operation work mapping table management unit, 236 processing event management table, operation work mapping table management unit, 241 processing event grasping unit, 242 parameter extraction unit, 243 Log format management table, 251 processing event grouping unit, 252 operation work specifying unit, 253 processing event group management table, 237 operation work mapping table, 311a-c VM configuration information table, 321 VM configuration information reference unit in cloud 322 VM related Device ID acquisition unit, 323 processing event group extraction unit, 331 operation work mapping table reference unit, 332 processing event group reference unit, 333 operation work mapping processing unit, 1411 operation work analysis operation unit, 1412 operation work trend analysis Display unit, 1413 setting information input unit, 1421 analysis target log data acquisition information input unit, 1422 operation work flow display panel operation unit, 1423 operation work flow display panel unit, 1621 CPU, 1622 memory, 1623 auxiliary storage device, 1624 communication interface, 1625 media interface, 1626 input / output device, 1631 network, 1632 external storage device, 1533 console

Claims (11)

  1.  入力装置、出力装置、処理装置、および記憶装置を有し、情報処理システムのリソースを用いた処理イベントにより実行される運用作業を管理する管理サーバにおいて、
     前記入力装置は、
     前記情報処理システムが生成した一つ以上のログデータを取得し、
     前記記憶装置は、
     前記処理イベントの種別と、前記ログデータ中の文字列であるイベント種検出キーとの対応関係を規定する、イベント検出情報と、
     前記処理イベントの種別と、前記ログデータ中の文字列である前記リソースに関連するパラメータの抽出ルールとの対応関係を規定する、パラメータ検出情報を格納し、
     前記処理装置は、
     前記ログデータと前記イベント種検出キーとのマッチングにより、前記処理イベントの存在およびその種別を特定する処理イベント把握処理と、
     前記処理イベント把握処理で特定した処理イベントの種別に対応して、前記抽出ルールを用い、前記ログデータから前記パラメータを抽出するパラメータ抽出処理を行い、
     前記記憶装置に、
     前記処理イベントの種別に抽出した前記パラメータを対応づけた、処理イベント管理情報を格納する、
     管理サーバ。     In a management server that has an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using a resource of an information processing system,
    The input device is:
    Obtaining one or more log data generated by the information processing system;
    The storage device
    Event detection information that defines the correspondence between the type of the processing event and an event type detection key that is a character string in the log data;
    Storing parameter detection information that defines a correspondence relationship between the type of the processing event and an extraction rule of a parameter related to the resource that is a character string in the log data;
    The processor is
    By matching the log data with the event type detection key, a processing event grasping process for specifying the existence of the processing event and its type,
    Corresponding to the type of process event specified in the process event grasping process, the extraction rule is used to perform a parameter extraction process for extracting the parameter from the log data,
    In the storage device,
    Storing processing event management information in which the extracted parameters are associated with the type of processing event;
    Management server.
  2.  前記パラメータ検出情報は、前記抽出ルールとして、
     前記パラメータの種別、前記パラメータの種別に対応した抽出方法、前記パラメータの種別に対応したパラメータ抽出処理対象ログデータ種別、および、前記パラメータの種別に対応したパラメータ抽出処理コマンドを含み、
     前記パラメータ抽出処理は、
     前記処理イベント把握処理で特定した処理イベントの種別に対応する、1つ以上の前記パラメータの種別を特定し、
     前記パラメータの種別に対応する、前記抽出方法およびパラメータ抽出処理コマンドに従い、
     前記パラメータの種別に対応する、前記パラメータ抽出処理対象ログデータ種別で指定される1つ以上のログデータから、前記パラメータを抽出する、
     請求項1記載の管理サーバ。     The parameter detection information is, as the extraction rule,
    The parameter type, an extraction method corresponding to the parameter type, a parameter extraction processing target log data type corresponding to the parameter type, and a parameter extraction processing command corresponding to the parameter type,
    The parameter extraction process includes:
    Identifying one or more parameter types corresponding to the type of process event identified in the process event grasping process;
    According to the extraction method and parameter extraction processing command corresponding to the parameter type,
    Extracting the parameter from one or more log data specified by the parameter extraction target log data type corresponding to the parameter type;
    The management server according to claim 1.
  3.  前記パラメータは、
     前記リソースを一意に特定する識別子を含み、
     前記記憶装置はさらに、
     前記情報処理システムのリソースの関連性を、前記識別子を用いて規定する、構成情報管理情報を格納し、
     前記処理装置は、
     前記構成情報管理情報に基づいて、前記処理イベント管理情報のイベントの種類とパラメータをグループ分けした、処理イベントグループ管理情報を、前記記憶装置に格納する、処理イベントグルーピング処理を行う、
     請求項2記載の管理サーバ。     The parameter is
    Including an identifier that uniquely identifies the resource;
    The storage device further includes
    Storing configuration information management information that defines relevance of resources of the information processing system using the identifier;
    The processor is
    Based on the configuration information management information, the event type and parameters of the processing event management information are grouped, processing event group management information is stored in the storage device, and processing event grouping processing is performed.
    The management server according to claim 2.
  4.  前記記憶装置はさらに、
     前記処理イベントと前記運用作業とを対応付ける運用作業マッピング情報を格納し、
     前記処理装置は、
     前記運用作業マッピング情報に基づいて、前記処理イベントグループ管理情報の1つのグループに含まれる複数の処理イベントを、一つの前記運用作業に対応付ける、運用作業特定処理を行う、
     請求項3記載の管理サーバ。     The storage device further includes
    Storing operation work mapping information associating the processing event with the operation work;
    The processor is
    Based on the operation work mapping information, an operation work specifying process is performed for associating a plurality of process events included in one group of the process event group management information with one operation work.
    The management server according to claim 3.
  5.  前記運用作業マッピング情報は、
     一つの前記運用作業に複数の前記処理イベントが対応付けられている場合、当該複数の処理イベントの順序性の情報を有する、
     請求項4記載の管理サーバ。     The operation work mapping information is:
    When a plurality of the processing events are associated with one operation work, the information includes order information of the plurality of processing events.
    The management server according to claim 4.
  6.  入力装置、出力装置、処理装置、および記憶装置を有し、情報処理システムのリソースを用いた処理イベントにより実行される運用作業を管理する管理サーバを用いた管理方法において、
     前記入力装置は、
     前記情報処理システムが生成した一つ以上のログデータを取得し、
     前記記憶装置は、
     前記処理イベントの種別と、前記ログデータ中の文字列であるイベント種検出キーとの対応関係を規定する、イベント検出情報と、
     前記処理イベントの種別と、前記ログデータ中の文字列である前記リソースに関連するパラメータの抽出ルールとの対応関係を規定する、パラメータ検出情報を格納し、
     前記処理装置は、
     前記ログデータと前記イベント種検出キーとのマッチングにより、前記処理イベントの存在およびその種別を特定する処理イベント把握処理と、
     前記処理イベント把握処理で特定した処理イベントの種別に対応して、前記抽出ルールを用い、前記ログデータから前記パラメータを抽出するパラメータ抽出処理を行い、
     前記記憶装置に、
     前記処理イベントの種別に抽出した前記パラメータを対応づけた、処理イベント管理情報を格納する、
     管理方法。     In a management method using a management server that has an input device, an output device, a processing device, and a storage device, and manages an operation work executed by a processing event using a resource of an information processing system,
    The input device is:
    Obtaining one or more log data generated by the information processing system;
    The storage device
    Event detection information that defines the correspondence between the type of the processing event and an event type detection key that is a character string in the log data;
    Storing parameter detection information that defines a correspondence relationship between the type of the processing event and an extraction rule of a parameter related to the resource that is a character string in the log data;
    The processor is
    By matching the log data with the event type detection key, a processing event grasping process for specifying the existence of the processing event and its type,
    Corresponding to the type of process event specified in the process event grasping process, the extraction rule is used to perform a parameter extraction process for extracting the parameter from the log data,
    In the storage device,
    Storing processing event management information in which the extracted parameters are associated with the type of processing event;
    Management method.
  7.  前記パラメータ検出情報は、前記抽出ルールとして、
     前記パラメータの種別、前記パラメータの種別に対応した抽出方法、前記パラメータの種別に対応したパラメータ抽出処理対象ログデータ種別、および、前記パラメータの種別に対応したパラメータ抽出処理コマンドを含み、
     前記パラメータ抽出処理は、
     前記処理イベント把握処理で特定した処理イベントの種別に対応する、1つ以上の前記パラメータの種別を特定し、
     前記パラメータの種別に対応する、前記抽出方法およびパラメータ抽出処理コマンドに従い、
     前記パラメータの種別に対応する、前記パラメータ抽出処理対象ログデータ種別で指定される1つ以上のログデータから、前記パラメータを抽出する、
     請求項6記載の管理方法。     The parameter detection information is, as the extraction rule,
    The parameter type, an extraction method corresponding to the parameter type, a parameter extraction processing target log data type corresponding to the parameter type, and a parameter extraction processing command corresponding to the parameter type,
    The parameter extraction process includes:
    Identifying one or more parameter types corresponding to the type of process event identified in the process event grasping process;
    According to the extraction method and parameter extraction processing command corresponding to the parameter type,
    Extracting the parameter from one or more log data specified by the parameter extraction target log data type corresponding to the parameter type;
    The management method according to claim 6.
  8.  前記パラメータは、
     前記リソースを一意に特定する識別子を含み、
     前記記憶装置はさらに、
     前記情報処理システムのリソースの関連性を、前記識別子を用いて規定する、構成情報管理情報を格納し、
     前記処理装置は、
     前記構成情報管理情報に基づいて、前記処理イベント管理情報のイベントの種類とパラメータをグループ分けした、処理イベントグループ管理情報を、前記記憶装置に格納する、処理イベントグルーピング処理を行う、
     請求項7記載の管理方法。     The parameter is
    Including an identifier that uniquely identifies the resource;
    The storage device further includes
    Storing configuration information management information that defines relevance of resources of the information processing system using the identifier;
    The processor is
    Based on the configuration information management information, the event type and parameters of the processing event management information are grouped, processing event group management information is stored in the storage device, and processing event grouping processing is performed.
    The management method according to claim 7.
  9.  前記記憶装置はさらに、
     前記処理イベントと前記運用作業とを対応付ける運用作業マッピング情報を格納し、
     前記処理装置は、
     前記運用作業マッピング情報に基づいて、前記処理イベントグループ管理情報の1つのグループに含まれる複数の処理イベントを、一つの前記運用作業に対応付ける、運用作業特定処理を行う、
     請求項8記載の管理方法。     The storage device further includes
    Storing operation work mapping information associating the processing event with the operation work;
    The processor is
    Based on the operation work mapping information, an operation work specifying process is performed for associating a plurality of process events included in one group of the process event group management information with one operation work.
    The management method according to claim 8.
  10.  前記運用作業マッピング情報は、
     一つの前記運用作業に複数の前記処理イベントが対応付けられている場合、当該複数の処理イベントの順序性の情報を有する、
     請求項9記載の管理方法。     The operation work mapping information is:
    When a plurality of the processing events are associated with one operation work, the information includes order information of the plurality of processing events.
    The management method according to claim 9.
  11.  入力装置、出力装置、処理装置、および記憶装置を有し、
     情報処理システムのリソースを用いた処理イベントにより実行される運用作業を管理する管理サーバを用いた管理方法において、
     前記記憶装置は、
      前記情報処理システムで実行された複数の処理イベントを、当該処理イベントに用いられた前記リソースを識別する識別子を含むパラメータと対応付けて管理する処理イベント管理情報、または、
      前記識別子を用いて前記リソース相互の関連性を示す構成情報管理情報を参照し、前記複数の処理イベントを関連性のある処理イベントごとにグループ分けした、処理イベントグループ管理情報に対して、
      前記運用作業に対応して、複数の処理イベントを順序情報とともに格納する運用作業マッピング情報を参照し、
      前記処理イベントグループ管理情報の同一グループに属する処理イベントを、異なる前記運用作業に対応付けた、運用作業管理情報を、
     格納し、
     前記出力装置は、
     前記処理イベント管理情報、または、前記運用作業管理情報を表示することを特徴とする管理方法。     An input device, an output device, a processing device, and a storage device;
    In the management method using the management server that manages the operation work executed by the processing event using the resource of the information processing system,
    The storage device
    Process event management information for managing a plurality of process events executed in the information processing system in association with a parameter including an identifier for identifying the resource used for the process event, or
    With reference to the configuration information management information indicating the relevance of the resources using the identifier, for the processing event group management information, the plurality of processing events are grouped for each related processing event,
    In response to the operation work, refer to the operation work mapping information that stores a plurality of processing events together with order information,
    Operation work management information in which process events belonging to the same group of the process event group management information are associated with different operation work,
    Store and
    The output device is
    A management method comprising displaying the processing event management information or the operation work management information.
PCT/JP2016/070711 2015-10-30 2016-07-13 Management server and management method employing same WO2017073119A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
MYPI2018701647A MY191557A (en) 2015-10-30 2016-07-13 Management server and management method employing same
CN201680060252.0A CN108139965B (en) 2015-10-30 2016-07-13 Management server and management method using the same

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015214623A JP6564305B2 (en) 2015-10-30 2015-10-30 Management server and management method using the same
JP2015-214623 2015-10-30

Publications (1)

Publication Number Publication Date
WO2017073119A1 true WO2017073119A1 (en) 2017-05-04

Family

ID=58631432

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/070711 WO2017073119A1 (en) 2015-10-30 2016-07-13 Management server and management method employing same

Country Status (4)

Country Link
JP (1) JP6564305B2 (en)
CN (1) CN108139965B (en)
MY (1) MY191557A (en)
WO (1) WO2017073119A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110347569A (en) * 2019-06-28 2019-10-18 浙江吉利控股集团有限公司 A kind of performance data of server acquisition method and device
CN110692068A (en) * 2017-05-31 2020-01-14 本田技研工业株式会社 Skill information processing system, method and device
CN111124796A (en) * 2018-10-30 2020-05-08 发那科株式会社 Data generation device, debugging device, data generation method, and data generation program
CN112445937A (en) * 2020-11-30 2021-03-05 成都新潮传媒集团有限公司 Json log generation method and device and computer readable storage medium

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7021508B2 (en) * 2017-11-14 2022-02-17 富士フイルムビジネスイノベーション株式会社 Information processing equipment, server equipment, business systems and programs
JP7092998B2 (en) 2018-04-26 2022-06-29 富士通株式会社 Analytical program and analytical method
JP7176296B2 (en) * 2018-08-23 2022-11-22 株式会社リコー Communication terminal, communication system, log data transmission method, program
JP7206735B2 (en) * 2018-09-20 2023-01-18 富士フイルムビジネスイノベーション株式会社 Information processing device and program
JP7109346B2 (en) * 2018-11-29 2022-07-29 株式会社日立製作所 Performance data management device
CN110347437A (en) * 2019-07-16 2019-10-18 深圳市同泰怡信息技术有限公司 A kind of method and apparatus and equipment adjusting server platform service state
CN113837721A (en) * 2021-09-18 2021-12-24 广州市日京信息科技有限公司 Process management method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010238194A (en) * 2009-03-31 2010-10-21 Fujitsu Ltd Operation management system, device, program, and method for analyzing process
JP2012208565A (en) * 2011-03-29 2012-10-25 Sumitomo Electric System Solutions Co Ltd Log management method, log management device, and program
JP2013092979A (en) * 2011-10-27 2013-05-16 Nippon Telegr & Teleph Corp <Ntt> Log analysis system, log analysis apparatus, log analysis method, and log analysis program
JP2014048860A (en) * 2012-08-31 2014-03-17 Hitachi Systems Ltd Operation work automation system, operation work automation method and operation work automation program

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6584491B1 (en) * 1999-06-25 2003-06-24 Cisco Technology, Inc. Arrangement for monitoring a progress of a message flowing through a distributed multiprocess system
US8612372B2 (en) * 2008-08-29 2013-12-17 International Business Machines Corporation Detection rule-generating facility
CN103189866B (en) * 2010-09-17 2017-01-18 甲骨文国际公司 Support for a parameterized query/view in complex event processing
CN104268068A (en) * 2014-09-24 2015-01-07 浪潮电子信息产业股份有限公司 Server log information acquisition method
CN104484262A (en) * 2014-11-27 2015-04-01 国家电网公司 Automatic management method for IT (information technology) data center server system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010238194A (en) * 2009-03-31 2010-10-21 Fujitsu Ltd Operation management system, device, program, and method for analyzing process
JP2012208565A (en) * 2011-03-29 2012-10-25 Sumitomo Electric System Solutions Co Ltd Log management method, log management device, and program
JP2013092979A (en) * 2011-10-27 2013-05-16 Nippon Telegr & Teleph Corp <Ntt> Log analysis system, log analysis apparatus, log analysis method, and log analysis program
JP2014048860A (en) * 2012-08-31 2014-03-17 Hitachi Systems Ltd Operation work automation system, operation work automation method and operation work automation program

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110692068A (en) * 2017-05-31 2020-01-14 本田技研工业株式会社 Skill information processing system, method and device
CN111124796A (en) * 2018-10-30 2020-05-08 发那科株式会社 Data generation device, debugging device, data generation method, and data generation program
CN110347569A (en) * 2019-06-28 2019-10-18 浙江吉利控股集团有限公司 A kind of performance data of server acquisition method and device
CN112445937A (en) * 2020-11-30 2021-03-05 成都新潮传媒集团有限公司 Json log generation method and device and computer readable storage medium
CN112445937B (en) * 2020-11-30 2023-11-14 成都新潮传媒集团有限公司 Json log generation method and device and computer readable storage medium

Also Published As

Publication number Publication date
JP6564305B2 (en) 2019-08-21
CN108139965A (en) 2018-06-08
CN108139965B (en) 2021-02-12
JP2017084270A (en) 2017-05-18
MY191557A (en) 2022-06-30

Similar Documents

Publication Publication Date Title
JP6564305B2 (en) Management server and management method using the same
US9507686B2 (en) System, method, and computer program product for monitoring health of computer system assets
US10222983B2 (en) Storage management computer and management method of storage apparatus
TWI524206B (en) Program analysis/verification service providing system, method for controlling system, control program, control program for causing computer to operate, program analysis/verification device and program analysis/verification tool management device
US20170279840A1 (en) Automated event id field analysis on heterogeneous logs
US20120117226A1 (en) Monitoring system of computer and monitoring method
JP2005062941A (en) Method for analyzing performance information
WO2015006358A1 (en) Database modeling and analysis
US11416278B2 (en) Presenting hypervisor data for a virtual machine with associated operating system data
JP2014048673A (en) Workflow generation server and method
US20160034289A1 (en) Computer system and processing method of the same
US10503500B2 (en) Inquiry response system and inquiry response method
US11734098B2 (en) Computer-readable recording medium storing failure cause identification program and method of identifying failure cause
US10235005B2 (en) Method of generating display name of objects to be managed
US11762833B2 (en) Data discovery of personal data in relational databases
US11153183B2 (en) Compacted messaging for application performance management system
US10521261B2 (en) Management system and management method which manage computer system
US20220100771A1 (en) Automatic transformation of time series data at ingestion
US20160366021A1 (en) User interface for an application performance management system
Barakat et al. Windows forensic investigations using powerforensics tool
Huffman Windows Performance Analysis Field Guide
WO2015019488A1 (en) Management system and method for analyzing event by management system
US20180165380A1 (en) Data processing system and data processing method
US20190108082A1 (en) Management system, management apparatus, and management method
US20170249176A1 (en) Systems and methods for configuration knowledge search

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859356

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859356

Country of ref document: EP

Kind code of ref document: A1