Search

CN-114185744-B - Alarm information aggregation method, device, monitoring system and storage medium

CN114185744BCN 114185744 BCN114185744 BCN 114185744BCN-114185744-B

Abstract

The embodiment of the application is suitable for the technical field of operation and maintenance of a base frame, and provides an alarm information aggregation method, an alarm information aggregation device, a monitoring system and a storage medium, wherein the alarm information aggregation method is applied to the monitoring system and comprises the steps of acquiring alarm information generated when the system is abnormal; the method comprises the steps of obtaining alarm information, judging whether the alarm information comprises attribute values corresponding to a plurality of alarm attributes respectively, decomposing the alarm information step by step according to the alarm attributes to update an aggregation tree, wherein the aggregation tree comprises a plurality of sub-nodes, each sub-node corresponds to one attribute value, aggregating the alarm information corresponding to the current terminal sub-node and other terminal sub-nodes if the current terminal sub-node and the other terminal sub-nodes are brother nodes aiming at any current terminal sub-node, obtaining the aggregation information, and sending the aggregation information to a user terminal of a worker. By adopting the method, the sending cost of the alarm information sent by the monitoring system can be reduced.

Inventors

  • LI ZIJIA

Assignees

  • 平安付电子支付有限公司
  • 平安付科技服务有限公司

Dates

Publication Date
20260421
Application Date
20211214
Priority Date
20211214

Claims (7)

  1. 1. An alarm information aggregation method, which is applied to a monitoring system, the method comprising: the method comprises the steps of acquiring alarm information generated when a system is abnormal, wherein the alarm information comprises attribute values corresponding to a plurality of alarm attributes respectively; The method comprises the steps of carrying out step-by-step decomposition on the alarm information according to the alarm attributes to update an aggregation tree, wherein the aggregation tree comprises a plurality of sub-nodes, and each sub-node corresponds to an attribute value of one alarm attribute; For any current terminal node, if the current terminal node and other terminal nodes are brother nodes, aggregating alarm information corresponding to the current terminal node and the other terminal nodes to obtain aggregated information; Sending the aggregation information to a user terminal of a worker; the step-by-step decomposition is performed on the alarm information according to the alarm attributes to update the aggregation tree, including: s1, initializing a root node, wherein the root node comprises an alarm information set formed by a plurality of alarm information and an alarm attribute set formed by a plurality of alarm attributes; S2, determining the optimal attribute from the alarm attribute set according to attribute values respectively corresponding to a plurality of alarm attributes; S3, grouping the alarm information sets based on the attribute values corresponding to the optimal attributes respectively to obtain new alarm information sets and alarm attribute sets, wherein the attribute values corresponding to the optimal attributes in each new alarm information set are the same, and each attribute value corresponding to the optimal attributes is used as a child node respectively; S4, repeatedly executing the steps S2-S3 aiming at any new alarm information set and alarm attribute set to group the new alarm information set and the new alarm attribute set until an end child node is obtained; S5, generating the aggregation tree according to the root node, the child nodes and the terminal child nodes; the determining the best attribute from the alarm attribute set according to the attribute values respectively corresponding to the alarm attributes comprises the following steps: determining a plurality of attribute values included in any current alarm attribute aiming at any current alarm attribute; Counting the number of the alarm messages corresponding to each attribute value respectively; calculating the information entropy of the current alarm attribute according to the number and the total number of the alarm information, wherein the information entropy is used for measuring the aggregation degree when the current alarm attribute groups a plurality of alarm information; Determining the current alarm attribute corresponding to the minimum value in the information entropy as the optimal attribute; and calculating the information entropy of the current alarm attribute according to the quantity and the total quantity of the alarm information, wherein the information entropy comprises the following components: calculating the ratio of the number of the alarm information corresponding to the current attribute value to the total number of the alarm information aiming at any current attribute value in the current alarm attribute to obtain the probability that the attribute value in any alarm information is the current attribute value; Calculating initial information entropy of the current attribute value according to the probability; And adding the initial information entropy corresponding to each current attribute value in the current alarm attribute to obtain the information entropy of the current alarm attribute.
  2. 2. The method according to claim 1, wherein each alarm information has a unique event identifier, the alarm attribute further includes a new alarm and an alarm recovery, and after the alarm information generated when the acquisition system is abnormal, the method further includes: if the alarm information is the newly added alarm and the alarm information with the same event identification is not received in a preset time period and is the alarm information for alarm recovery, the alarm information for the newly added alarm is decomposed step by step; and if the alarm information is the newly added alarm and the event identification received in the preset time period is the same, and the alarm information is the rest alarm information recovered by the alarm, deleting the alarm information and the rest alarm information.
  3. 3. The alert information aggregation method of claim 1, wherein the aggregation tree comprises a root node; Aggregating the alarm information corresponding to the current terminal sub-node and the other terminal sub-nodes to obtain aggregated information, including: determining attribute values of the alarm attribute corresponding to the child nodes between the root node and a previous child node, wherein the previous child node is a father node of the current terminal child node; Generating an attribute value set of the alarm attribute respectively corresponding to the current terminal node and the other terminal nodes; According to any one of the alarm information, maintaining the attribute values of the alarm attributes corresponding to the child nodes in the alarm information unchanged; and replacing the attribute value set of the alarm attribute corresponding to the terminal sub-node in the alarm information to obtain the aggregation information.
  4. 4. A method of aggregating alert messages according to any one of claims 1 to 3, wherein each of the alert messages comprises a lifecycle; The sending the aggregation information to the user terminal of the staff includes: determining the updating time used when the alarm information is updated to the aggregation tree; Determining the remaining time of the alarm information according to the update time and the life cycle; and when the residual time is exhausted, sending the aggregation information containing the alarm information to a user terminal which is the staff.
  5. 5. An alarm information aggregating apparatus for use in a monitoring system, the apparatus comprising: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring alarm information generated when the system is abnormal, and the alarm information comprises attribute values corresponding to a plurality of alarm attributes respectively; the updating module is used for decomposing the alarm information step by step according to the plurality of alarm attributes so as to update an aggregation tree, wherein the aggregation tree comprises a plurality of sub-nodes, and each sub-node corresponds to an attribute value of one alarm attribute; the aggregation module is used for aiming at any current terminal node, if the current terminal node and other terminal nodes are brother nodes, the current terminal node and the alarm information corresponding to the other terminal nodes are aggregated, and aggregation information is obtained; the sending module is used for sending the aggregation information to a user terminal of a worker; the update module is further configured to: s1, initializing a root node, wherein the root node comprises an alarm information set formed by a plurality of alarm information and an alarm attribute set formed by a plurality of alarm attributes; S2, determining the optimal attribute from the alarm attribute set according to attribute values respectively corresponding to a plurality of alarm attributes; S3, grouping the alarm information sets based on the attribute values corresponding to the optimal attributes respectively to obtain new alarm information sets and alarm attribute sets, wherein the attribute values corresponding to the optimal attributes in each new alarm information set are the same, and each attribute value corresponding to the optimal attributes is used as a child node respectively; S4, repeatedly executing the steps S2-S3 aiming at any new alarm information set and alarm attribute set to group the new alarm information set and the new alarm attribute set until an end child node is obtained; S5, generating the aggregation tree according to the root node, the child nodes and the terminal child nodes; the update module is further configured to: determining a plurality of attribute values included in any current alarm attribute aiming at any current alarm attribute; Counting the number of the alarm messages corresponding to each attribute value respectively; calculating the information entropy of the current alarm attribute according to the number and the total number of the alarm information, wherein the information entropy is used for measuring the aggregation degree when the current alarm attribute groups a plurality of alarm information; Determining the current alarm attribute corresponding to the minimum value in the information entropy as the optimal attribute; the update module is further configured to: calculating the ratio of the number of the alarm information corresponding to the current attribute value to the total number of the alarm information aiming at any current attribute value in the current alarm attribute to obtain the probability that the attribute value in any alarm information is the current attribute value; Calculating initial information entropy of the current attribute value according to the probability; And adding the initial information entropy corresponding to each current attribute value in the current alarm attribute to obtain the information entropy of the current alarm attribute.
  6. 6. A monitoring system comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 4 when executing the computer program.
  7. 7. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 4.

Description

Alarm information aggregation method, device, monitoring system and storage medium Technical Field The application belongs to the technical field of operation and maintenance of base frames, and particularly relates to an alarm information aggregation method, an alarm information aggregation device, a monitoring system and a storage medium. Background Clustered systems are systems that handle complex computational problems simultaneously by connecting multiple machines, which can provide uninterrupted service for many applications. For a cluster system with a complex structure, for example, a virtual machine cluster system for cloud computing, a corresponding monitoring system is generally required to be configured to monitor the running condition of each virtual machine device in the virtual machine cluster system in real time. Generally, when the monitoring system finds that the virtual machine device is abnormal, alarm information is generated and sent to operation and maintenance personnel. However, in the prior art, a great amount of information redundancy exists in the generated alarm information, and especially when a great amount of alarm information appears in a short time in the virtual machine cluster system, the monitoring system sends the generated alarm information to the operation and maintenance personnel one by one. Therefore, the operation and maintenance personnel can take a large amount of time to read a large amount of alarm information, and the sending cost of the alarm information sent by the monitoring system is increased. Disclosure of Invention The embodiment of the application provides an alarm information aggregation method, an alarm information aggregation device, a monitoring system and a storage medium, which can solve the problem of high transmission cost when the monitoring system transmits alarm information. In a first aspect, an embodiment of the present application provides an alarm information aggregation method, applied to a monitoring system, where the method includes: The method comprises the steps of acquiring alarm information generated when a system is abnormal, wherein the alarm information comprises attribute values corresponding to a plurality of alarm attributes respectively; the method comprises the steps of carrying out progressive decomposition on alarm information according to a plurality of alarm attributes to update an aggregation tree, wherein the aggregation tree comprises a plurality of sub-nodes, and each sub-node corresponds to an attribute value of one alarm attribute; Aiming at any current terminal node, if the current terminal node and other terminal nodes are brother nodes, aggregating alarm information corresponding to the current terminal node and other terminal nodes to obtain aggregated information; And sending the aggregation information to a user terminal of the staff. In a second aspect, an embodiment of the present application provides an alarm information aggregation apparatus, applied to a monitoring system, where the apparatus includes: The system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring alarm information generated when the system is abnormal, and the alarm information comprises attribute values corresponding to a plurality of alarm attributes respectively; The system comprises an updating module, a data processing module and a data processing module, wherein the updating module is used for decomposing alarm information step by step according to a plurality of alarm attributes so as to update an aggregation tree; the aggregation module is used for aiming at any current terminal node, if the current terminal node and other terminal nodes are brother nodes, the current terminal node and the alarm information corresponding to the other terminal nodes are aggregated, and aggregation information is obtained; and the sending module is used for sending the aggregation information to the user terminal of the staff. In a third aspect, an embodiment of the present application provides a monitoring system, including a memory, a processor, and a computer program stored in the memory and executable on the processor, the processor implementing a method according to the first aspect as described above when executing the computer program. In a fourth aspect, an embodiment of the present application provides a computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements a method according to the first aspect. In a fifth aspect, embodiments of the present application provide a computer program product for causing a monitoring system to perform the method of the first aspect described above when the computer program product is run on the monitoring system. Compared with the prior art, the method has the beneficial effects that for the alarm information generated when the system is abnormal, the mon