CN-122019228-A - Automatic alarm method, device and comprehensive intelligent body

Abstract

The embodiment of the invention relates to the technical field of log alarming, and discloses an automatic alarming method, an automatic alarming device and a comprehensive intelligent agent, wherein the method comprises the following steps: the method comprises the steps of constructing a log path query system and a log exception analysis system based on a large language model and a knowledge base in advance, determining a target log path by the log path query system according to a log query instruction, determining log exception information by the log exception analysis system according to the error log text after acquiring a corresponding error log text based on the target log path, and sending the log exception information to a target sender as sending content. By applying the technical scheme of the invention, the whole alarm process can be realized through independent tool chains and multi-agent scheduling, alarm logic does not need to be embedded in service system codes, and when the service system iterates or the deployment environment is adjusted, only a knowledge base in a log path query system or a log anomaly analysis system is required to be maintained, the dynamic change of the service system is responded in time, the alarm response efficiency is improved, and the anomaly real-time monitoring is realized.

Inventors

• ZHOU WUYANG

Assignees

• 阿维塔科技(重庆)股份有限公司

Dates

Publication Date

20260512

Application Date

20260114

Claims (10)

1. 1. An automatic alarm method, the method comprising: acquiring a log path query instruction; Inputting the log query instruction into a log path query system, and determining a corresponding target log path; Obtaining a corresponding error log text according to the target log path, and inputting the error log text into a log exception analysis system to obtain corresponding log exception information, wherein the log exception analysis system and the log path query system are both search enhancement generation systems which are constructed in advance based on a large language model and a knowledge base; And acquiring a target sender, and sending the log abnormal information to the target sender as sending content.
2. 2. The method of claim 1, wherein the inputting the log query instruction to a log path query system determines a corresponding target log path comprises: Encoding the log query instruction into a first vector based on the log path query system; Calculating cosine similarity between the first vector and all initial vectors in a first vector database associated with the log path query system, and determining a plurality of second vectors according to the cosine similarity; Calculating semantic similarity between the log query instruction and the document content corresponding to each second vector, and determining a plurality of first target documents according to the semantic similarity; And combining the log query instruction and a plurality of first target documents into first enhanced prompt information, and inputting the first enhanced prompt information into a large language model of the log path query system to obtain the target log path.
3. 3. The method of claim 1, wherein the inputting the error log text to a log anomaly analysis system results in corresponding log anomaly information, comprising: Encoding the error log text into a third vector based on the log anomaly analysis system; Calculating cosine similarity between the third vector and all initial vectors in a second vector database associated with the log anomaly analysis system, and determining a plurality of fourth vectors according to the cosine similarity; Calculating semantic similarity between the error log text and document contents corresponding to each fourth vector, and determining a plurality of second target documents according to the semantic similarity; And combining the error log text and a plurality of second target documents to form second enhanced prompt information, and inputting the second enhanced prompt information into a large language model of the log abnormality analysis system to obtain the log abnormality information.
4. 4. The method of claim 3, wherein the inputting the error log text to a log anomaly analysis system results in corresponding log anomaly information, further comprising: And if a plurality of fourth vectors cannot be determined according to the cosine similarity, inputting the error log text into a large language model of the log abnormality analysis system to obtain the log abnormality information.
5. 5. A method according to any one of claims 2 or 3, wherein determining a plurality of second or fourth vectors from the cosine similarity comprises: sorting the cosine similarity according to the sequence from big to small; selecting a plurality of second vectors or fourth vectors corresponding to the cosine similarity of the preset number, or selecting a plurality of second vectors or fourth vectors corresponding to the cosine similarity exceeding a preset threshold value.
6. 6. A method according to any of claims 2 or 3, wherein the determination of the first vector database or the second vector database comprises: Acquiring an initial document uploaded by a user; segmenting the initial document according to paragraphs to obtain a plurality of document contents; vectorizing the content of each document to obtain a corresponding initial vector; and storing the document contents and the corresponding initial vectors into a preset database to obtain the first vector database or the second vector database.
7. 7. The method according to any one of claims 3 or 4, wherein the construction process of the log anomaly analysis comprises: Storing the error log text and the log abnormality information to a second vector database associated with the log abnormality analysis system, wherein the second vector database is a knowledge base of the log abnormality analysis system; And constructing a training data set based on the second vector database, and adjusting the weight coefficient of the large language model of the log abnormality analysis system according to a preset period.
8. 8. The method of claim 1, wherein the get log path query instruction comprises: and acquiring a log path query instruction input by a user, or acquiring a predetermined prompt word, and taking the prompt word as the log path query instruction.
9. 9. An automatic alarm device, the device comprising: the instruction acquisition module is used for acquiring a log path query instruction; The path determining module is used for inputting the log query instruction to a log path query system and determining a corresponding target log path; The system comprises an anomaly determination module, a log anomaly analysis system and a log path query system, wherein the anomaly determination module is used for acquiring a corresponding log text according to the target log path, inputting the log text into the log anomaly analysis system to obtain corresponding log anomaly information, and the log anomaly analysis system and the log path query system are both retrieval enhancement generation systems which are constructed in advance based on a large language model and a knowledge base; and the abnormality alarm module is used for acquiring a target sender and sending the log abnormality information to the target sender as sending content.
10. 10. The comprehensive intelligent agent is characterized by comprising a first intelligent agent, a second intelligent agent, a log query tool and a mail sending tool, wherein the first intelligent agent is provided with a log path query system, and the second intelligent agent is provided with a log anomaly analysis system; the comprehensive agent performs the operations of the automatic alert method of any one of claims 1 to 8 based on the first agent, the second agent, the log query tool, and the mail sending tool.

Description

Automatic alarm method, device and comprehensive intelligent body Technical Field The embodiment of the invention relates to the technical field of log alarming, in particular to an automatic alarming method, an automatic alarming device and a comprehensive intelligent agent. Background In operation and maintenance management of a service system, log alarming is a key link for timely finding out system abnormality and guaranteeing stable operation of the service. The current mainstream log alert system generally adopts a centralized log collection and rule-based alert mechanism. When the system operates to a specific abnormal branch, a preset mail sending interface is actively called to push abnormal information to appointed personnel in a mail form. It can be seen that current alarm logic relies on either fixed configuration or hard coded rules. When the business system iterates, the deployment environment is adjusted or a novel abnormality occurs, the rule is manually reconfigured or the code is modified and the system is restarted, the dynamic response change cannot be realized, and the adaptation cost is high. Disclosure of Invention In view of the above problems, the embodiments of the present invention provide an automatic alarm method, an apparatus, and a comprehensive agent, which are used to solve the problem that current log alarms cannot dynamically respond to system changes. According to one aspect of the embodiment of the invention, an automatic alarm method is provided, and the method comprises the steps of obtaining a log path query instruction, inputting the log path query instruction into a log path query system to determine a corresponding target log path, obtaining a corresponding error log text according to the target log path, and inputting the error log text into a log anomaly analysis system to obtain corresponding log anomaly information, wherein the log anomaly analysis system and the log path query system are both retrieval enhancement generation systems which are constructed in advance based on a large language model and a knowledge base, and obtaining a target sender and sending the log anomaly information to the target sender as sending content. According to another aspect of the embodiment of the invention, an automatic alarm device is provided, which comprises an instruction acquisition module, a path determination module, an abnormality determination module and an abnormality determination module, wherein the instruction acquisition module is used for acquiring a log path query instruction, the path determination module is used for inputting the log path query instruction into a log path query system to determine a corresponding target log path, the abnormality determination module is used for acquiring a corresponding log text according to the target log path and inputting the log text into a log abnormality analysis system to obtain corresponding log abnormality information, the log abnormality analysis and the log path query system are both search enhancement generation systems which are constructed in advance based on a large language model and a knowledge base, and the abnormality alarm module is used for acquiring a target sender and sending the log abnormality information to the target sender as sending content. According to another aspect of the embodiment of the invention, an integrated agent is provided, which comprises a first agent, a second agent, a log query tool and a mail sending tool, wherein the first agent is provided with a log path query system, the second agent is provided with a log anomaly analysis system, and the integrated agent executes the operation of the automatic alarm method of the first aspect or any implementation mode corresponding to the first agent based on the first agent, the second agent, the log query tool and the mail sending tool. According to the automatic alarm method provided by the embodiment of the invention, the log path query system and the log exception analysis system are constructed in advance, the log path query system determines the target log path according to the log query instruction, after the corresponding error log text is acquired based on the target log path, the log exception analysis system determines log exception information according to the error log text and sends the log exception information to a target sender as sending content, the whole alarm process can be realized through independent tool chains and multi-agent scheduling, alarm logic is not required to be embedded in service system codes, so that the coupling of the service system and the alarm function is avoided, when the service system iterates or deploys environment adjustment, the service code and the publishing are not required to be modified, only the knowledge base and the like in the log path query system or the log exception analysis system are required to be maintained, the alarm response efficiency is improved, the exception real-time mon