CN110995482B - Alarm analysis method and device, computer equipment and computer readable storage medium - Google Patents
Alarm analysis method and device, computer equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110995482B CN110995482B CN201911189757.9A CN201911189757A CN110995482B CN 110995482 B CN110995482 B CN 110995482B CN 201911189757 A CN201911189757 A CN 201911189757A CN 110995482 B CN110995482 B CN 110995482B
- Authority
- CN
- China
- Prior art keywords
- alarm
- node
- topological graph
- alarm node
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H04L41/065—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis involving logical or physical relationship, e.g. grouping and hierarchies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
- H04L41/064—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis involving time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0681—Configuration of triggering conditions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the application discloses an alarm analysis method, an alarm analysis device, computer equipment and a computer readable storage medium, wherein the method is applied to a network management system, and the network management system comprises a plurality of nodes; the method comprises the following steps: acquiring a second association topological graph formed by at least one alarm node according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the nodes, and the alarm node is a node generating an alarm phenomenon in the nodes; acquiring the pointing relation of each alarm node in the second associated topological graph; and determining a root cause alarm node in the at least one alarm node according to the pointing relation. By implementing the method and the device, the efficiency of the alarm root cause analysis can be improved, and meanwhile, the system overhead of the alarm analysis process can be reduced.
Description
Technical Field
The present application relates to the field of data analysis technologies, and in particular, to an alarm analysis method, an alarm analysis device, a computer device, and a computer-readable storage medium.
Background
In the operation and maintenance technology, an alarm refers to a notification message generated by a managed network element when an abnormal event is detected, and the alarm can be regarded as a response of the network element to the abnormal event. With the rapid increase of the number of network elements, the gradual expansion of the network scale and the increasingly complex network architecture, a network generates massive alarm information every day during operation, and the alarm information needs to be analyzed to obtain root cause alarm information so as to locate a fault according to the root cause alarm. It can be understood that often only a small amount of alarm information in a large amount of alarm information is the root cause alarm information. The existing main root cause alarm analysis method mainly depends on the experience of operation and maintenance engineers and development engineers, and by means of rules accumulated by a large amount of experience, possible fault points are artificially guessed or checked, so that the root cause alarm information cannot be quickly found in a large amount of alarm information, and the efficiency of alarm root cause analysis is low.
Disclosure of Invention
The embodiment of the application provides an alarm analysis method, an alarm analysis device, computer equipment and a computer readable storage medium.
In a first aspect, an embodiment of the present application provides an alarm analysis method, which is applied to a network management system, where the network management system includes a plurality of nodes; the method comprises the following steps:
acquiring a second association topological graph formed by at least one alarm node according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the nodes, and the alarm node is a node generating an alarm phenomenon in the nodes;
acquiring the pointing relation of each alarm node in the second associated topological graph;
and determining a root cause alarm node in the at least one alarm node according to the pointing relation.
By implementing the embodiment of the application, the computer equipment acquires the second associated topological graph formed by at least one alarm node according to the first associated topological graph, and then acquires the directional relation of each alarm node in the second associated topological graph, so that the root cause alarm node can be determined according to the directional relation.
In a possible implementation manner, the second association topological graph includes a distance relationship between the alarm nodes; the obtaining of the pointing relationship of each alarm node in the second associated topological graph includes:
determining a relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and under the condition that the relative distance meets a set value, determining the direction relation between the alarm nodes according to the relative distance.
By implementing the embodiment of the application, the computer equipment acquires the second associated topological graph formed by at least one alarm node according to the first associated topological graph, and because the second associated topological graph comprises the distance relation between the alarm nodes, the relative distance between the reference alarm node and each alarm node contained in the second associated topological graph can be determined according to the distance relation, and then the direction relation is determined according to the relative distance.
In one possible implementation, the method further includes:
and under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph.
In a possible implementation manner, the second association topology map includes at least one alarm chain; determining a root cause alarm node in the at least one alarm node according to the pointing relationship, comprising:
and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
By implementing the embodiment of the application, the target alarm node is eliminated, and the alarm caused by the node in the second associated topological graph is eliminated, so that the target node corresponding to the root cause alarm can be quickly positioned, and the acquisition efficiency of the root cause alarm is improved.
In a possible implementation manner, before the obtaining a second associated topological graph formed by at least one alarm node according to the first associated topological graph, the method further includes:
acquiring alarm information reported by the at least one alarm node;
the obtaining of the second associated topological graph formed by at least one alarm node according to the first associated topological graph includes:
and extracting a second associated topological graph formed by the at least one alarm node from the first associated topological graph according to the alarm information.
In one possible implementation, the method further includes:
and under the condition that the similarity between a second associated topological graph generated in the current preset time range and a second associated topological graph generated in the last preset time range is greater than a preset threshold value, determining the root cause alarm node in the last preset time range as the root cause alarm node in the current preset time range.
By implementing the embodiment of the application, considering that the alarm event has certain regularity in practical application, the target node for generating the root cause alarm is determined through the similarity between the corresponding associated topological graphs in the adjacent preset time range, and the acquisition efficiency of the root cause alarm can be improved.
In one possible implementation, the method further includes:
and outputting the prompt information corresponding to the root cause alarm node.
In a second aspect, an embodiment of the present application provides an alarm analysis apparatus, where the apparatus is applied to a network management system, where the network management system includes a plurality of nodes; the device includes:
the alarm node comprises a first acquisition unit, a second acquisition unit and a control unit, wherein the first acquisition unit is used for acquiring a second association topological graph formed by at least one alarm node according to a first association topological graph, the first association topological graph is used for representing the association relation of the plurality of nodes, and the alarm node is a node generating an alarm phenomenon in the plurality of nodes;
the second obtaining unit is used for obtaining the pointing relation of each alarm node in the second associated topological graph;
and the first alarm determining unit is used for determining a root cause alarm node in the at least one alarm node according to the direction relation.
In a possible implementation manner, the second association topological graph includes a distance relationship between the alarm nodes; the second acquisition unit includes a relative distance determination unit and a directional relationship determination unit, wherein
The relative distance determining unit is used for determining the relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and the pointing relationship determining unit is used for determining the pointing relationship between the alarm nodes according to the relative distance under the condition that the relative distance meets a set value.
In a possible implementation manner, the second obtaining unit further includes an updating unit, configured to:
and under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph.
In a possible implementation manner, the second association topology includes at least one alarm chain; the first alarm determination unit is specifically configured to:
and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
In a possible implementation manner, the apparatus further includes a third obtaining unit, configured to obtain alarm information reported by at least one alarm node before the first obtaining unit obtains, according to the first associated topological graph, a second associated topological graph formed by the at least one alarm node;
the first obtaining unit is specifically configured to:
and extracting a second associated topological graph formed by the at least one alarm node from the first associated topological graph according to the alarm information.
In one possible implementation, the apparatus further includes:
and the second alarm determining unit is used for determining the root cause alarm node in the previous preset time range as the root cause alarm node in the current preset time range under the condition that the similarity between the second associated topological graph generated in the current preset time range and the second associated topological graph generated in the previous preset time range is greater than a preset threshold value.
In one possible implementation, the apparatus further includes:
and the output unit is used for outputting the prompt information corresponding to the root cause alarm node.
In a third aspect, an embodiment of the present application provides a computer device, including a processor and a memory, where the processor and the memory are connected to each other, where the memory is used to store a computer program that supports a terminal to execute the above method, and the computer program includes program instructions, and the processor is configured to call the program instructions to execute the method of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program, the computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program comprising program instructions, which, when executed by a processor, cause the processor to perform the method of the first aspect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below.
Fig. 1 is a schematic diagram of a first association topology provided by an embodiment of the present application;
FIG. 2 is a schematic flow chart diagram of an alarm analysis method provided in an embodiment of the present application;
FIG. 3A is a diagram of a second association topology provided by an embodiment of the application;
FIG. 3B is a schematic diagram of another second association topology provided by an embodiment of the present application;
FIG. 3C is a schematic diagram of another second association topology provided by an embodiment of the present application;
FIG. 3D is a schematic diagram of another second association topology provided by an embodiment of the present application;
fig. 3E is a schematic diagram of a second association topology corresponding to an example provided in the embodiment of the present application;
fig. 3F is a schematic diagram of a second association topology corresponding to another example provided in the embodiment of the present application;
FIG. 4 is a schematic block diagram of an alarm analysis apparatus provided in an embodiment of the present application;
FIG. 5 is a schematic block diagram of a computer device according to another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
In this embodiment of the present application, the network management system includes at least one computer device cluster, and taking one of the computer device clusters as an example, the computer device cluster may include one server and a plurality of nodes. In practical applications, the alarm generated by each computer device cluster may be regarded as an individual alarm set, and the computer device may determine the root cause alarm node in the alarm set by using the scheme described in the present application for the alarm set.
In the embodiment of the present application, the node may be various network elements, a server, and the like.
In the embodiment of the present application, the first association topology may be constructed according to an association relationship between nodes or an association relationship between a node and a server. As shown in fig. 1, the computer device cluster includes a server and 4 nodes, where node 1, node 2, node 3, and node 4 are 4 nodes dependent on server a, node 4 is dependent on node 2, node 2 is dependent on node 3, and node 1 is an independent node and does not generate a dependency relationship with other nodes.
In the embodiment of the present application, the existence of the association between two entities may be represented by identifying "1", and the absence of the association between two entities may be represented by identifying "0". The association between the entities in the computer cluster shown in fig. 1 may be as shown in table 1:
TABLE 1
| Node | 1 | Node 2 | Node 3 | Node 4 | |
|
1 | 1 | 1 | 1 | 1 | |
|
1 | 1 | 0 | 0 | 0 | |
Node 2 | 1 | 0 | 1 | 1 | 1 | |
Node 3 | 1 | 0 | 1 | 1 | 0 | |
Node 4 | 1 | 0 | 1 | 0 | 1 |
In the embodiment of the application, because the association relationship exists among the nodes, when a certain node generates an alarm by mistake, other nodes with association may also generate an alarm. For example, an application is installed on a server, and when the application generates an error alarm, the server may also generate an alarm. And under the condition that the alarm generated by a certain node causes the triggering alarms of other nodes, the node which initially generates the alarm is the root cause alarm node.
In the embodiment of the application, when the node is abnormal, the node reports the alarm information to the computer equipment. Those skilled in the art will appreciate that the alarm is propagated along the first associated topological graph, for example, in the embodiment shown in fig. 1, when the node 2 and the node 3 alarm, the node 3 is the root alarm node, i.e. the node 3 is the trigger alarm of the node 2. If a node is an independent node (e.g., node 1), that is, there is no association between the node and other nodes, in this case, when an alarm is generated on the node, it may be determined that the node is a root cause alarm node, that is, the alarm generated by the node is a root cause alarm.
In the following, a schematic flow chart of an alarm analysis method provided in the embodiment of the present application shown in fig. 2 is described in detail how to determine a root cause alarm node in the embodiment of the present application, which may include, but is not limited to, the following steps:
step S200, a second association topological graph formed by at least one alarm node is obtained according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the plurality of nodes, and the alarm node is a node generating an alarm phenomenon in the plurality of nodes.
In the embodiment of the present application, a first association topology shown in fig. 1 is taken as an example, where a node 1 is normal; the node 2, the node 3, the node 4, and the server a may report the alarm information to the computer device, and in this case, a second association topology map (as shown in fig. 3A) formed by at least one alarm node is obtained based on the first association topology map shown in fig. 1, so that the root cause alarm node may be determined based on the second association topology map shown in fig. 3A.
Referring to fig. 3A, when the node 2, the node 3, the node 4, and the server a among the nodes in fig. 1 generate an alarm, for convenience of description, the node generating the alarm is labeled in fig. 3A, and the node generating the alarm is referred to as an alarm node.
In practical applications, when the node 2, the node 3 and the node 4 generate alarms, the computer device may obtain alarm information generated by each alarm node, so that the second associated topological graph formed by the alarm nodes may be extracted from the first associated topological graph according to the alarm information.
In a possible implementation manner, the computer device may obtain the alarm information reported by at least one alarm node within a preset time range. Specifically, the preset time range may be preset by the computer device, or may be set by the computer device according to the acquired alarm rule, and the embodiment of the present application is not particularly limited. Taking the preset time range as the preset time range of the computer device as an example, the preset time range of the computer device may be half an hour, and in this case, the computer device counts the alarm information generated by the alarm node in the time range every half an hour. Taking the preset time range as an example set by the computer device according to the acquired alarm rule, the computer device determines that the number of alarms occurring in the time period from 8:00 to 9:00 is the largest, and in this case, the time range set by the computer device may be 5 minutes, that is: and the computer equipment counts the alarm information generated by the alarm nodes in the time range every 5 minutes in the time period from 8:00 to 9:00 so as to determine the root cause alarm nodes as soon as possible and avoid large-area service downtime.
In this embodiment of the present application, the second association topological graph may include at least one alarm chain, for example, as shown in fig. 3B, the second association topological graph includes one alarm chain, and the alarm chain may be represented as: node 4-node 2-node 3; for another example, as shown in fig. 3C, the second association topology includes two alarm chains, where alarm chain 1 may be represented as: node 4-node 2-node 3-node 5; alarm chain 2 may be represented as node 4-node 2-node 1.
And S302, acquiring the pointing relation of each alarm node in the second associated topological graph.
In the embodiment of the application, the second association topological graph includes a distance relationship between the alarm nodes, and the distance relationship is used for describing an association degree between the alarm entities. The distance relationship is infinite if there is no association between two alarm nodes, and the distance relationship is unit length 1 if there is an association between two alarm nodes. Here, the description about determining the distance relationship between the alerting entities is only an example and should not be construed as a limitation.
In this embodiment of the application, a distance relationship corresponding to each alarm node in the second association topology shown in fig. 3A may be as shown in table 2:
TABLE 2
Server A | Node 2 | Node 3 | Node 4 | |
Server A | 0 | 1 | 1 | 2、3 |
Node 2 | 1 | 0 | 1 | 1 |
Node 3 | 1 | 1 | 0 | 2 |
Node 4 | 2、3 | 1 | 2 | 0 |
In this embodiment of the application, a distance relationship corresponding to each alarm node in the second association topology shown in fig. 3B may be as shown in table 3:
TABLE 3
Node 2 | Node 3 | Node 4 | |
Node 2 | 0 | 1 | 1 |
Node 3 | 1 | 0 | 2 |
Node 4 | 1 | 2 | 0 |
In the embodiment of the present application, the distance relationship corresponding to each alarm node in the second association topology diagram shown in fig. 3C may be as shown in table 4:
TABLE 4
|
Node 2 | Node 3 | Node 4 | Node 5 | |
|
0 | 1 | Infinity(s) | 2 | Infinity(s) |
Node 2 | 1 | 0 | 1 | 1 | 2 |
Node 3 | Infinity(s) | 1 | 0 | 2 | 1 |
Node 4 | 2 | 1 | 2 | 0 | 3 |
Node 5 | Infinity(s) | 2 | 1 | 3 | 0 |
As shown in table 4, when the distance relationship is 1, it means that two nodes are directly connected; when the distance relation is larger than 1, the two nodes are indirectly connected. Taking the distance relationship between the node 1 and the node 3 as an example, when the distance relationship between the node 1 and the node 3 is infinite, it indicates that there is no association relationship between the node 1 and the node 3.
In a possible implementation manner, the implementation process of obtaining the pointing relationship of each alarm node in the second association topology may include: determining a relative distance between the reference node and each alarm node contained in the second associated topological graph; the reference alarm node is any one of at least one alarm node; and then, under the condition that the relative distance meets a set value, determining the direction relation between the alarm nodes according to the relative distance. Here, the set value may be 1 or-1.
Taking the second associated topological graph shown in fig. 3B as an example, taking the node 2 as a reference alarm node, the computer device determines the relative distances between the node 2 and the nodes 3 and 4, respectively; wherein, the relative distance between the node 2 and the node 3 is 1, and since the relative distance between the node 2 and the node 3 satisfies the set value, in this case, the computer device determines that the pointing relationship between the node 2 and the node 3 is: node 2 points to node 3; in addition, the relative distance between the node 2 and the node 4 is-1, and since the relative distance between the node 2 and the node 4 satisfies the set value, in this case, the computer device determines that the pointing relationship between the node 2 and the node 4 is that the node 4 points to the node 2, so that the pointing relationships pointed by the three alarm nodes can be determined as follows: alarm node 4 → alarm node 2 → alarm node 3.
In a possible implementation manner, the implementation process of obtaining the pointing relationship of each alarm node in the second association topology may further include: determining a relative distance between the reference node and each alarm node contained in the second associated topological graph; the reference alarm node is any one of at least one alarm node; and then, under the condition that the relative distance meets a set value, determining the direction relation between the alarm nodes according to the relative distance. And under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph, namely, the relative distance between the reference node and each alarm node contained in the second associated topological graph is determined through iterative execution, and under the condition that the relative distance meets the set value, the pointing relationship between the alarm nodes is determined according to the relative distance. Here, the set value may be 1 or-1.
Taking the second associated topological graph shown in fig. 3B as an example, taking the node 4 as a reference alarm node, and the computer device determines the relative distances between the node 4 and the nodes 2 and 3, respectively; wherein, the relative distance between the node 4 and the node 2 is 1, and since the relative distance between the node 4 and the node 2 satisfies the set value, in this case, the computer device determines that the pointing relationship between the node 4 and the node 2 is: node 4 points to node 2; in addition, the relative distance between the node 4 and the node 3 is 2, and since the relative distance between the node 4 and the node 3 does not satisfy the set value, in this case, the computer device selects the warning node 3 as the next reference warning node, it can be understood that the warning node 3 is a warning node in the second association topology map for which no direction relationship is determined. Wherein, the relative distance between the node 3 and the node 2 is-1, and since the relative distance between the node 3 and the node 2 satisfies the set value, in this case, the computer device determines that the pointing relationship between the node 3 and the node 2 is: node 2 points to node 3. In summary, it can be determined that the pointing relationships pointed to by the three alarm nodes are as follows: alarm node 4 → alarm node 2 → alarm node 3.
And step S304, determining a root cause alarm node in the at least one alarm node according to the pointing relationship. In this embodiment of the present application, the implementation process of determining a root cause alarm node in at least one alarm node according to the direction relationship may include: and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
In a possible implementation manner, under the condition that the second associated topological graph contains a single alarm chain, sequentially excluding target alarm nodes according to the direction relation until the excluded target alarm node is the last alarm node in the second associated topological graph, and determining the last alarm node in the second associated topological graph as the root cause alarm node.
Taking the second association topological graph shown in fig. 3B as an example, the second association topological graph includes a single alarm chain, where the direction relationship between each alarm node in the alarm chain is: alarm node 4 → alarm node 2 → alarm node 3. In this case, the computer device excludes the alarm node 4, the alarm node 2, and the alarm node 3 in sequence until the excluded alarm node 3 is the last alarm node in the second associated topological graph, and at this time, determines the alarm node 3 as the root cause alarm node. In the implementation mode, the alarm phenomenon caused by the node in the second associated topological graph is eliminated by eliminating the target alarm node, so that the root cause alarm node can be quickly positioned, and the acquisition efficiency of the root cause alarm is improved.
In a possible implementation manner, under the condition that the second associated topological graph includes a plurality of alarm chains, the last alarm node on each alarm chain is sequentially obtained according to the direction relation, and the last alarm node on each alarm chain is determined as the root cause alarm node. Taking the second association topological graph shown in fig. 3C as an example, the second association topological graph includes two alarm chains, where the direction relationship between each alarm node in the alarm chain 1 is: alarm node 4 → alarm node 2 → alarm node 3 → alarm node 5; the pointing relationship between each alarm node in the alarm chain 2 is as follows: alarm node 4 → alarm node 2 → alarm node 1. In this case, the computer device sequentially obtains the last alarm node in each alarm chain according to the direction relationship, where the last alarm node in the alarm chain 1 is the alarm node 5, and the last alarm node in the alarm chain 2 is the alarm node 1, and then the computer device determines the alarm node 5 and the alarm node 1 as root cause alarm nodes. It can be understood that, in the case that the determined root cause alarm nodes are different on each alarm chain, a plurality of root cause alarm nodes are represented.
In a possible implementation manner, under the condition that the second associated topological graph includes a plurality of alarm chains, the last alarm node on each alarm chain is sequentially obtained according to the direction relation, and the last alarm node on each alarm chain is determined as the root cause alarm node. Taking the second association topological graph shown in fig. 3D as an example, the second association topological graph includes two alarm chains, where the pointing relationship between each alarm node in the alarm chain 1 is: alarm node 4 → alarm node 2 → alarm node 3 → alarm node 5; the pointing relationship between each alarm node in the alarm chain 2 is as follows: alarm node 4 → alarm node 2 → alarm node 1 → alarm node 5. In this case, the computer device sequentially obtains the last alarm node on each alarm chain according to the direction relationship, where the last alarm node in the alarm chain 1 is the alarm node 5, and the last alarm node in the alarm chain 2 is the alarm node 5, and then the computer device determines the alarm node 5 as the root cause alarm node. It can be understood that, in the case that the determined root cause alarm nodes are the same on each alarm chain, only one root cause alarm node is indicated.
In order to facilitate better understanding of the technical solutions described in the present application, the following description is made with reference to specific examples:
(1) example one
As shown in fig. 3E, the second association topological graph is formed by a plurality of alarm nodes extracted from the first association topological graph by the computer device according to the alarm information reported by the node. Fig. 3E includes three alarm sets, where alarm set 1 is composed of server a, application 2, application 3, and application 4; the alarm set 2 is composed of a server B and an application 7; the alarm set 3 is formed by an application 5. In the figure, the dotted line represents no association relationship between two alarm entities, and the solid line represents association relationship between two alarm entities. Taking the alarm set 1 as an example, the second associated topological graph corresponding to the alarm set includes two alarm chains, where the direction relationship between each alarm node in the alarm chain is: application 4 → application 2 → application 3 → server a; the pointing relationship between each alarm node in the alarm chain 2 is as follows: application 4 → application 2 → server A. In this case, the computer device sequentially obtains the last alarm node on each alarm chain according to the direction relationship, where the last alarm node in the alarm chain 1 is the server a, and the last alarm node in the alarm chain 2 is the server a, and then the computer device determines the server a as the root cause alarm node. It will thus be appreciated that the alarm generated by server a may trigger an alarm to occur at application 2 and may in turn trigger an alarm to occur at application 4.
(2) Example two
As shown in fig. 3F, the alarm information is extracted from the first association topology graph according to the alarm information reported by the node, and the second association topology graph is formed by a plurality of alarm nodes. As can be appreciated from fig. 3F, the relationship between the three is layer-by-layer dependent from the bottommost system to the topmost application, with a pointing relationship on attribution. Taking the alarm chain application A, mysql (relational database management system), system as an example, the pointing relationship between each alarm node in the alarm chain can be determined: application A → mysql → System. In this case, the computer device obtains the last alarm node in the alarm chain according to the direction relationship, and determines the system as the root cause alarm node. Therefore, the alarm generated by the insufficient memory of the system can trigger mysql to generate an alarm, and further trigger the application A to generate an alarm.
According to the alarm analysis method provided by the embodiment of the application, the computer equipment can obtain the second associated topological graph formed by at least one alarm node according to the first associated topological graph, and then obtain the direction relation of each alarm node in the second associated topological graph, so that the root cause alarm node can be determined according to the direction relation.
In addition, it should be noted that, in the embodiment of the present application, the reason for acquiring the root cause alarm node based on the second associated topological graph rather than the first associated topological graph is as follows: the first association topological graph only describes the association relation among a plurality of entities, but not comprises the distance relation among the entity characterizing the alarm. Moreover, the structure of the first association topological graph is too complex to be able to quickly locate the root cause alarm node compared with the structure of the second association topological graph.
In a possible implementation manner, after the computer device determines the root cause alarm node in the at least one alarm node, the computer device may output prompt information of the root cause alarm node to prompt an operation and maintenance person to repair the root cause alarm node. In this embodiment of the present application, outputting the prompt information of the root cause alarm node may include the following several implementation manners: (1) displaying a root cause alarm node through a display screen of the computer equipment; (2) and the computer equipment feeds back the information to the operation and maintenance personnel in a voice broadcasting mode so as to prompt the operation and maintenance personnel to repair the root cause alarm node.
In a possible implementation manner, the computer device may determine a target node corresponding to a root cause alarm based on similarities between associated topological graphs corresponding to different preset time ranges, specifically, the computer device obtains alarm information reported by at least one alarm node in a current preset time range, then constructs an associated topological graph formed by at least one alarm node in the current preset time range based on the first associated topological graph, and calculates, for example, by using Apriori algorithm, a similarity between an associated topological graph corresponding to alarm history information generated in a previous preset time range and an associated topological graph corresponding to alarm information generated in the current preset time range, where the similarity between the associated topological graph corresponding to alarm information generated in the current preset time range and the associated topological graph corresponding to alarm history information generated in the previous preset time range is greater than a preset threshold (for example, the preset threshold value is 0.9), the root cause alarm node in the last preset time range is determined as the root cause alarm node in the current preset time range. In this implementation manner, in consideration of the fact that in practical application, an alarm event has certain regularity, a root cause alarm node is determined to be generated according to the similarity between corresponding second associated topological graphs in adjacent preset time ranges, and the obtaining efficiency of the root cause alarm can be improved.
In summary, the root cause alarm analysis method provided in the embodiment of the present application directly performs root cause analysis in combination with the associated topological graph to determine the target node corresponding to the root cause alarm, without performing analysis in a series of disordered data, so that operation and maintenance personnel can perform root cause analysis at the fastest speed, and the problem that the root cause alarm cannot be processed in time when an alarm tide occurs is effectively avoided.
While the method of the embodiments of the present application has been described in detail, in order to better implement the above-described aspects of the embodiments of the present application, the following provides a corresponding apparatus for implementing the above-described aspects in a coordinated manner.
Referring to fig. 4, fig. 4 is a diagram of an alarm analysis apparatus 40 provided in an embodiment of the present application, where the alarm analysis apparatus is applied to a network management system, where the network management system includes a plurality of nodes; the apparatus 40 may include:
a first obtaining unit 400, configured to obtain a second association topological graph formed by at least one alarm node according to a first association topological graph, where the first association topological graph is used to represent an association relationship between the plurality of nodes, and the alarm node is a node that generates an alarm phenomenon in the plurality of nodes;
a second obtaining unit 402, configured to obtain a pointing relationship of each alarm node in the second associated topological graph;
a first alarm determining unit 404, configured to determine a root cause alarm node in the at least one alarm node according to the direction relationship.
In a possible implementation manner, the second association topological graph includes a distance relationship between the alarm nodes; the second obtaining unit 402 comprises a relative distance determining unit and a directional relation determining unit, wherein
The relative distance determining unit is used for determining the relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and the pointing relationship determining unit is used for determining the pointing relationship between the alarm nodes according to the relative distance under the condition that the relative distance meets a set value.
In a possible implementation manner, the second obtaining unit 402 further includes an updating unit, configured to:
and under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph.
In a possible implementation manner, the second association topology includes at least one alarm chain; the first alarm determining unit 404 is specifically configured to:
and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
In a possible implementation manner, the apparatus 40 further includes a third obtaining unit 406, configured to obtain the alarm information reported by at least one alarm node before the first obtaining unit 400 obtains a second associated topological graph formed by the at least one alarm node according to the first associated topological graph;
the first obtaining unit 400 is specifically configured to:
and extracting a second associated topological graph formed by the at least one alarm node from the first associated topological graph according to the alarm information.
In one possible implementation, the apparatus 40 may further include:
the second alarm determining unit 408 is configured to determine the root cause alarm node in the previous preset time range as the root cause alarm node in the current preset time range, when a similarity between the second associated topological graph generated in the current preset time range and the second associated topological graph generated in the previous preset time range is greater than a preset threshold.
In one possible implementation, the apparatus 40 may further include:
and the output unit 4010 element is used for outputting the prompt information corresponding to the root cause alarm node.
By implementing the embodiment of the application, the computer equipment acquires the second associated topological graph formed by at least one alarm node according to the first associated topological graph, and then acquires the directional relation of each alarm node in the second associated topological graph, so that the root cause alarm node can be determined according to the directional relation.
In order to better implement the above solution of the embodiments of the present application, the present application further provides a computer device, which is described in detail below with reference to the accompanying drawings:
as shown in fig. 5, which is a schematic structural diagram of a computer device provided in the embodiment of the present application, the computer device 50 may include a processor 501, a memory 504, and a communication module 505, and the processor 501, the memory 504, and the communication module 505 may be connected to each other through a bus 506. The Memory 504 may be a Random Access Memory (RAM) Memory or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The memory 504 may optionally be at least one memory system located remotely from the processor 501. The memory 504 is used for storing application program codes and can comprise an operating system, a network communication module, a user interface module and a data processing program, and the communication module 505 is used for information interaction with external equipment; the processor 501 is configured to call the program code, and perform the following steps:
acquiring a second association topological graph formed by at least one alarm node according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the nodes, and the alarm node is a node generating an alarm phenomenon in the nodes;
acquiring the pointing relation of each alarm node in the second associated topological graph;
and determining a root cause alarm node in the at least one alarm node according to the pointing relationship.
The second association topological graph comprises distance relations among the alarm nodes; the obtaining, by the processor 501, a pointing relationship of each alarm node in the second association topology may include:
determining a relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and determining the direction relation between the alarm nodes according to the relative distance under the condition that the relative distance meets a set value.
Wherein the processor 501 is further configured to:
and under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph.
Wherein the second associated topological graph comprises at least one alarm chain; the processor 501 determines a root cause alarm node among the at least one alarm node according to the pointing relationship, which may include:
and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
Before the processor 501 obtains a second associated topological graph formed by at least one alarm node according to the first associated topological graph, the method may further include:
acquiring alarm information reported by the at least one alarm node;
the obtaining, by the processor 501, a second associated topological graph formed by at least one alarm node according to the first associated topological graph may include:
and extracting a second associated topological graph formed by the at least one alarm node from the first associated topological graph according to the alarm information.
Wherein the processor 501 is further configured to:
and under the condition that the similarity between a second associated topological graph generated in the current preset time range and a second associated topological graph generated in the last preset time range is greater than a preset threshold value, determining the root cause alarm node in the last preset time range as the root cause alarm node in the current preset time range.
Wherein the processor 501 is further configured to:
and outputting the prompt information corresponding to the root cause alarm node.
It should be noted that, for the execution step of the processor in the computer device 50 in this embodiment, reference may be made to the specific implementation manner of the operation of the computer device in the embodiment of fig. 2 in each method embodiment described above, and details are not described here again.
In a specific implementation, the computer device 50 may be specifically a terminal, and may also be a server, which is not specifically limited in this embodiment of the application.
It should be understood that the application scenario to which the method provided in the embodiment of the present application may be applied is only an example, and is not limited to this in practical application.
It should also be understood that reference to first, second, third, and various numerical numbers in this application is only for ease of description and distinction and is not intended to limit the scope of this application.
It should be understood that the term "and/or" in this application is only one type of association relationship that describes the associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this application generally indicates that the former and latter related objects are in an "or" relationship.
In addition, in each embodiment of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiment of the present application. Although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Those of ordinary skill in the art will appreciate that the various illustrative elements and method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of each functional module is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules as needed, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules and units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, and may be located in one place, or may be distributed on a plurality of network units. Some or all of the elements may be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.
In addition, functional units related to the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in a form of hardware, or may be implemented in a form of software functional unit, which is not limited in this application.
The present embodiments also provide a computer storage medium having instructions stored therein, which when executed on a computer or a processor, cause the computer or the processor to perform one or more steps of the method according to any one of the above embodiments. Based on the understanding that the constituent modules of the above-mentioned apparatus, if implemented in the form of software functional units and sold or used as independent products, may be stored in the computer-readable storage medium, and based on this understanding, the technical solutions of the present application, in essence, or a part contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of software products, and the computer products are stored in the computer-readable storage medium.
The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory, of the computer device according to the foregoing embodiment. The computer-readable storage medium may be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the computer-readable storage medium may include both an internal storage unit and an external storage device of the computer device. The computer-readable storage medium is used for storing the computer program and other programs and data required by the computer device. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the above embodiments of the methods when the computer program is executed. And the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.
The modules in the device can be merged, divided and deleted according to actual needs.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (9)
1. An alarm analysis method is characterized by being applied to a network management system, wherein the network management system comprises a plurality of nodes; the method comprises the following steps:
acquiring a second association topological graph formed by at least one alarm node according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the nodes, and the alarm node is a node generating an alarm phenomenon in the nodes;
acquiring the pointing relation of each alarm node in the second associated topological graph;
determining a root cause alarm node in the at least one alarm node according to the pointing relation;
the second association topological graph comprises the distance relation between the alarm nodes; the obtaining of the pointing relationship of each alarm node in the second associated topological graph includes:
determining a relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and under the condition that the relative distance meets a set value, determining the direction relation between the alarm nodes according to the relative distance.
2. The method of claim 1, wherein the method further comprises:
and under the condition that the relative distance does not meet the set value, updating the reference alarm node, wherein the updated reference alarm node is any one of the alarm nodes of which the pointing relationship is not determined in the second associated topological graph.
3. The method of claim 1, wherein the second associative topology map comprises at least one alarm chain; determining a root cause alarm node in the at least one alarm node according to the pointing relationship, comprising:
and sequentially acquiring the last alarm node on each alarm chain according to the direction relation, and determining the last alarm node on each alarm chain as the root cause alarm node.
4. The method according to claim 1, wherein before obtaining a second associated topology map formed by at least one alarming node according to the first associated topology map, the method further comprises:
acquiring alarm information reported by the at least one alarm node;
the obtaining of the second associated topological graph formed by at least one alarm node according to the first associated topological graph includes:
and extracting a second associated topological graph formed by the at least one alarm node from the first associated topological graph according to the alarm information.
5. The method of any one of claims 1-4, further comprising:
and under the condition that the similarity between a second associated topological graph generated in the current preset time range and a second associated topological graph generated in the last preset time range is greater than a preset threshold value, determining the root cause alarm node in the last preset time range as the root cause alarm node in the current preset time range.
6. The method of claim 1, wherein the method further comprises:
and outputting the prompt information corresponding to the root cause alarm node.
7. An alarm analysis device is applied to a network management system, wherein the network management system comprises a plurality of nodes; the device comprises:
the first obtaining unit is used for obtaining a second association topological graph formed by at least one alarm node according to a first association topological graph, wherein the first association topological graph is used for representing the association relation of the plurality of nodes, and the alarm node is a node which generates an alarm phenomenon in the plurality of nodes;
the second obtaining unit is used for obtaining the pointing relation of each alarm node in the second associated topological graph;
the first alarm determining unit is used for determining a root cause alarm node in the at least one alarm node according to the direction relation;
the second association topological graph comprises the distance relation between the alarm nodes; the second acquisition unit includes a relative distance determination unit and a directional relationship determination unit, wherein:
the relative distance determining unit is used for determining the relative distance between a reference alarm node and each alarm node contained in the second associated topological graph; wherein the reference alarm node is any one of the at least one alarm node;
and the pointing relationship determining unit is used for determining the pointing relationship between the alarm nodes according to the relative distance under the condition that the relative distance meets a set value.
8. A computer device comprising a processor and a memory, the processor and the memory being interconnected, wherein the memory is configured to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any one of claims 1-6.
9. A computer-readable storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the method according to any of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911189757.9A CN110995482B (en) | 2019-11-27 | 2019-11-27 | Alarm analysis method and device, computer equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911189757.9A CN110995482B (en) | 2019-11-27 | 2019-11-27 | Alarm analysis method and device, computer equipment and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110995482A CN110995482A (en) | 2020-04-10 |
CN110995482B true CN110995482B (en) | 2022-06-21 |
Family
ID=70087723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911189757.9A Active CN110995482B (en) | 2019-11-27 | 2019-11-27 | Alarm analysis method and device, computer equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110995482B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113541980B (en) * | 2020-04-14 | 2023-07-14 | 中国移动通信集团浙江有限公司 | Network slice fault root cause positioning method, device, computing equipment and storage medium |
CN113839804B (en) * | 2020-06-24 | 2023-03-10 | 华为技术有限公司 | Network fault determination method and network equipment |
CN114500227B (en) * | 2020-11-13 | 2023-11-21 | 中国移动通信集团安徽有限公司 | Alarm analysis method, device, equipment and computer storage medium |
CN112804079B (en) * | 2020-12-10 | 2023-04-07 | 北京浪潮数据技术有限公司 | Alarm analysis method, device, equipment and storage medium for cloud computing platform |
CN112583644B (en) * | 2020-12-14 | 2022-10-18 | 华为技术有限公司 | Alarm processing method, device, equipment and readable storage medium |
CN112769615B (en) * | 2021-01-05 | 2023-04-18 | 中国银联股份有限公司 | Anomaly analysis method and device |
CN113572633B (en) * | 2021-06-15 | 2023-05-19 | 阿里巴巴新加坡控股有限公司 | Root cause positioning method, system, equipment and storage medium |
CN113434193B (en) * | 2021-08-26 | 2021-12-07 | 北京必示科技有限公司 | Root cause change positioning method and device |
CN115086148B (en) * | 2022-07-15 | 2024-01-30 | 中国电信股份有限公司 | Optical network alarm processing method, system, equipment and storage medium |
CN115174251B (en) * | 2022-07-19 | 2023-09-05 | 深信服科技股份有限公司 | False alarm identification method and device for safety alarm and storage medium |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017176673A1 (en) * | 2016-04-04 | 2017-10-12 | Nec Laboratories America, Inc. | Blue print graphs for fusing of heterogeneous alerts |
CN108322318B (en) * | 2017-01-16 | 2021-04-09 | 华为技术有限公司 | Alarm analysis method and equipment |
CN108494591A (en) * | 2018-03-16 | 2018-09-04 | 北京京东金融科技控股有限公司 | system alarm processing method and device |
CN109684181B (en) * | 2018-11-20 | 2020-08-07 | 华为技术有限公司 | Alarm root cause analysis method, device, equipment and storage medium |
CN110351118B (en) * | 2019-05-28 | 2020-12-01 | 华为技术有限公司 | Root cause alarm decision network construction method, device and storage medium |
CN110493042B (en) * | 2019-08-16 | 2022-09-13 | 中国联合网络通信集团有限公司 | Fault diagnosis method and device and server |
-
2019
- 2019-11-27 CN CN201911189757.9A patent/CN110995482B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN110995482A (en) | 2020-04-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110995482B (en) | Alarm analysis method and device, computer equipment and computer readable storage medium | |
CN111158977B (en) | Abnormal event root cause positioning method and device | |
CN111143102B (en) | Abnormal data detection method and device, storage medium and electronic equipment | |
CN105095048B (en) | A kind of monitoring system alarm association processing method based on business rule | |
KR101748122B1 (en) | Method for calculating an error rate of alarm | |
CN110149223B (en) | Fault positioning method and equipment | |
US20240007357A1 (en) | Network management based on modeling of cascading effect of failure | |
CN111352759A (en) | Alarm root cause judgment method and device | |
CN106878038B (en) | Fault positioning method and device in communication network | |
CN113297042B (en) | Method, device and equipment for processing alarm message | |
CN113051308A (en) | Alarm information processing method, equipment, storage medium and device | |
CN113516529A (en) | Abnormal order determining method and device, storage medium and electronic equipment | |
KR20180073299A (en) | Apparatus and method for detecting abnormal event using statistics | |
CN113704252A (en) | Rule engine decision tree implementation method and device, computer equipment and computer readable storage medium | |
EP2958023A1 (en) | System analysis device and system analysis method | |
CN110633165B (en) | Fault processing method, device, system server and computer readable storage medium | |
CN106777981B (en) | Behavior data verification method and device | |
CN114221851B (en) | Fault analysis method and device | |
CN113076451B (en) | Abnormal behavior identification and risk model library establishment method and device and electronic equipment | |
CN114116853A (en) | Data security analysis method and device based on time sequence correlation analysis | |
CN113887101A (en) | Visualization method and device of network model, electronic equipment and storage medium | |
CN113807697A (en) | Alarm association-based order dispatching method and device | |
CN114610560A (en) | System abnormity monitoring method, device and storage medium | |
CN103678128A (en) | Flaw warning grouping method and device based on abstract interpretation technology | |
CN111243250B (en) | Maintenance early warning method, device and equipment based on alarm data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |