CN106407096A - Time series based log analysis method and log analysis apparatus - Google Patents
Time series based log analysis method and log analysis apparatus Download PDFInfo
- Publication number
- CN106407096A CN106407096A CN201610819389.1A CN201610819389A CN106407096A CN 106407096 A CN106407096 A CN 106407096A CN 201610819389 A CN201610819389 A CN 201610819389A CN 106407096 A CN106407096 A CN 106407096A
- Authority
- CN
- China
- Prior art keywords
- daily record
- time
- analyzed
- time series
- seasonal effect
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3452—Performance evaluation by statistical analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
- G06F11/3476—Data logging
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Probability & Statistics with Applications (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a time series based log analysis method and a time series based log analysis apparatus. The log analysis method comprises: configuring a time model for analyzing a log, wherein the time model comprises a to-be-analyzed log type, associations based on time series among different logs, and an analysis strategy corresponding to each of the associations; analyzing the time model to obtain a log collection strategy and the analysis strategy; collecting logs corresponding to the to-be-analyzed log type according to the collection strategy; and based on the analysis strategy, carrying out analysis on the associations among collected logs. The technical scheme of the present invention can effectively carry out analysis on l logs that have associations in the time, and can improve analysis efficiency of the log.
Description
Technical field
The present invention relates to data analysis technique field, it is based on seasonal effect in time series log analysis side in particular to a kind of
Method and one kind are based on seasonal effect in time series log analysis device.
Background technology
Growing with big data technology, it is more and more frequent in the application of all trades and professions.Wherein, log analysis are
One important application direction of big data technology, in numerous log analysis schemes, time series is merely possible to one
Attribute is stored.Be provided solely for inquiry based on time range and extract application in the log analysis in later stage, do not have into
Row deeper based on seasonal effect in time series analyze and process logic.
Therefore, how based on time series, daily record is carried out with significantly more efficient analysis and becomes technology urgently to be resolved hurrily asking
Topic.
Content of the invention
The present invention is based at least one above-mentioned technical problem it is proposed that a kind of new being divided based on seasonal effect in time series daily record
Analysis scheme, effectively can be analyzed to the daily record that there is incidence relation in time, can improve simultaneously and daily record is divided
Analysis efficiency.
In view of this, according to the first aspect of the invention it is proposed that a kind of be based on seasonal effect in time series log analysis method, bag
Include:It is configured to the time model that daily record is analyzed, described time model includes Log Types to be analyzed, different daily record
Between be based on seasonal effect in time series incidence relation, and the analysis strategy corresponding with every kind of described incidence relation;When parsing described
Between model, obtain the acquisition strategies of daily record and described analysis strategy;According to the collection of described acquisition strategies and described day to be analyzed
The corresponding daily record of will type;Based on described analysis strategy, the incidence relation between the daily record collecting is analyzed.
In this technical scheme, by configuring the time model that daily record is analyzed, and based on carrying out to time model
Parse the acquisition strategies obtaining daily record is acquired so that the collection to daily record is it is contemplated that be based on the time between daily record
The incidence relation of sequence, and then the daily record much not having incidence relation can be filtered out, save and the daily record collecting is carried out
The space of storage.By according between daily record based on the corresponding analysis strategy of seasonal effect in time series incidence relation come to the day collecting
Will is analyzed, enabling effectively the daily record that there is incidence relation in time is analyzed, and in analysis process
In, can be analyzed successively based on source daily record, drastically increase the analysis efficiency to daily record.
Wherein, in the time model that configuration is analyzed to daily record, can be configured by configuration file, also may be used
To be configured by interactive interface by user.
It is preferable that parsing described time model in technique scheme, the step obtaining the acquisition strategies of daily record, tool
Body includes:Based on the described incidence relation comprising in described time model, determine described acquisition strategies.
In this technical scheme, by being determined based on the incidence relation comprising in time model, daily record is acquired
Acquisition strategies so that when being acquired to daily record, can incidence relation based on time series to be acquired to daily record, enter
And useless daily record (not having the daily record of incidence relation) can be filtered out, save the sky that the daily record collecting is stored
Between.
It is preferable that being gathered and described daily record class to be analyzed according to described acquisition strategies in any of the above-described technical scheme
The step of the corresponding daily record of type, specifically includes:Based on default acquisition protocols, treat with described according to the collection of described acquisition strategies
The corresponding daily record of Log Types of analysis.
Wherein, described acquisition strategies include:Acquisition order, frequency acquisition.Specifically, acquisition order is that daily record is carried out
Sequencing during collection, frequency acquisition is the number of times being acquired in the unit interval.
It is preferable that described included based on seasonal effect in time series incidence relation in any of the above-described technical scheme:Different daily records it
Between sequencing, the time interval relation between different daily record, the causality between different daily record, in certain period of time
Either-or relation, incremental time relation.
According to the second aspect of the invention it is also proposed that a kind of be based on seasonal effect in time series log analysis device, including:Configuration
Unit, is configured to the time model that daily record is analyzed, and described time model includes Log Types to be analyzed, not on the same day
It is based on seasonal effect in time series incidence relation between will, and the analysis strategy corresponding with every kind of described incidence relation;Resolution unit,
For parsing described time model, obtain the acquisition strategies of daily record and described analysis strategy;Collecting unit, for adopting according to described
The collection strategy collection daily record corresponding with described Log Types to be analyzed;Processing unit, for based on described analysis strategy pair
Incidence relation between the daily record collecting is analyzed.
In this technical scheme, by configuring the time model that daily record is analyzed, and based on carrying out to time model
Parse the acquisition strategies obtaining daily record is acquired so that the collection to daily record is it is contemplated that be based on the time between daily record
The incidence relation of sequence, and then the daily record much not having incidence relation can be filtered out, save and the daily record collecting is carried out
The space of storage.By according between daily record based on the corresponding analysis strategy of seasonal effect in time series incidence relation come to the day collecting
Will is analyzed, enabling effectively the daily record that there is incidence relation in time is analyzed, and in analysis process
In, can be analyzed successively based on source daily record, drastically increase the analysis efficiency to daily record.
Wherein, in the time model that configuration is analyzed to daily record, can be configured by configuration file, also may be used
To be configured by interactive interface by user.
In technique scheme it is preferable that described resolution unit specifically for:Based on comprise in described time model
Described incidence relation, determines described acquisition strategies.
In this technical scheme, by being determined based on the incidence relation comprising in time model, daily record is acquired
Acquisition strategies so that when being acquired to daily record, can incidence relation based on time series to be acquired to daily record, enter
And useless daily record (not having the daily record of incidence relation) can be filtered out, save the sky that the daily record collecting is stored
Between.
In any of the above-described technical scheme it is preferable that described collecting unit specifically for:Based on default acquisition protocols,
According to the described acquisition strategies collection daily record corresponding with described Log Types to be analyzed.
Wherein, described acquisition strategies include:Acquisition order, frequency acquisition.Specifically, acquisition order is that daily record is carried out
Sequencing during collection, frequency acquisition is the number of times being acquired in the unit interval.
It is preferable that described included based on seasonal effect in time series incidence relation in any of the above-described technical scheme:Different daily records it
Between sequencing, the time interval relation between different daily record, the causality between different daily record, in certain period of time
Either-or relation, incremental time relation.
By above technical scheme, can effectively the daily record that there is incidence relation in time be analyzed, simultaneously
The analysis efficiency to daily record can be improved.
Brief description
Fig. 1 shows the schematic flow diagram based on seasonal effect in time series log analysis method according to an embodiment of the invention;
Fig. 2 shows the schematic block diagram based on seasonal effect in time series log analysis device according to an embodiment of the invention;
Fig. 3 shows the principle schematic carrying out log analysis according to an embodiment of the invention based on time series.
Specific embodiment
In order to be more clearly understood that the above objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specifically real
Mode of applying is further described in detail to the present invention.It should be noted that in the case of not conflicting, the enforcement of the application
Feature in example and embodiment can be mutually combined.
Elaborate a lot of details in the following description in order to fully understand the present invention, but, the present invention also may be used
To be implemented different from other modes described here using other, therefore, protection scope of the present invention is not described below
Specific embodiment restriction.
Fig. 1 shows the schematic flow diagram based on seasonal effect in time series log analysis method according to an embodiment of the invention.
As shown in figure 1, being based on seasonal effect in time series log analysis method according to an embodiment of the invention, including:
Step S10, is configured to the time model that daily record is analyzed, and described time model includes daily record to be analyzed
It is based on seasonal effect in time series incidence relation between type, different daily record, and the analysis plan corresponding with every kind of described incidence relation
Slightly.
Wherein, in the time model that configuration is analyzed to daily record, can be configured by configuration file, also may be used
To be configured by interactive interface by user.
Described is included based on seasonal effect in time series incidence relation:Between sequencing between different daily records, different daily record
Time interval relation, the causality between different daily record, either-or relation in certain period of time, incremental time close
System.
Step S12, parses described time model, obtains the acquisition strategies of daily record and described analysis strategy.
In one embodiment of the invention, step S12 specifically includes:Based on the described pass comprising in described time model
Connection relation, determines described acquisition strategies.
In this embodiment, by determining that based on the incidence relation comprising in time model what daily record was acquired adopts
Collection strategy so that when being acquired to daily record, can incidence relation based on time series being acquired to daily record, and then
Useless daily record (not having the daily record of incidence relation) can be filtered out, save the space that the daily record collecting is stored.
Step S14, according to the described acquisition strategies collection daily record corresponding with described Log Types to be analyzed.
In one embodiment of the invention, step S14 specifically includes:Based on default acquisition protocols, adopt according to described
The collection strategy collection daily record corresponding with described Log Types to be analyzed.
Wherein, acquisition strategies include:Acquisition order, frequency acquisition.Specifically, acquisition order is that daily record is acquired
When sequencing, frequency acquisition is the number of times being acquired in the unit interval.
Step S16, is analyzed to the incidence relation between the daily record collecting based on described analysis strategy.
In step s 16, specifically, if the daily record collecting is had sequencing in itself and (closed based on seasonal effect in time series
One of connection relation), then based on the analysis strategy corresponding with this incidence relation, the daily record collecting can be carried out
Analysis.
For another example, when user carries out register, login daily record can be produced, unsuccessfully lead to logon error in cipher authentication
When it may appear that failure daily record.Occur losing when analyzing continuous several times in scheduled duration based on the analysis strategy in time model
Losing during daily record it is determined that being likely to occur the event of Brute Force, now can obtain and exporting analysis result.
In technical scheme shown in Fig. 1, by configuring the time model that daily record is analyzed, and based on to time mould
Type carries out parsing the acquisition strategies obtaining and daily record is acquired so that collection to daily record is it is contemplated that base between daily record
In seasonal effect in time series incidence relation, and then the daily record much not having incidence relation can be filtered out, save to the day collecting
The space that will is stored.By according between daily record be based on the corresponding analysis strategy of seasonal effect in time series incidence relation come to collection
To daily record be analyzed, enabling effectively the daily record that there is incidence relation in time is analyzed, and point
During analysis, can be analyzed successively based on source daily record, drastically increase the analysis efficiency to daily record.
Fig. 2 shows the schematic block diagram based on seasonal effect in time series log analysis device according to an embodiment of the invention.
As shown in Fig. 2 being based on seasonal effect in time series log analysis device 200 according to an embodiment of the invention, including:Configuration
Unit 202, resolution unit 204, collecting unit 206 and processing unit 208.
Wherein, dispensing unit 202 is used for configuration time model that daily record is analyzed, and described time model includes treating point
It is based on seasonal effect in time series incidence relation between the Log Types of analysis, different daily record, and corresponding with every kind of described incidence relation
Analysis strategy;Resolution unit 204 is used for parsing described time model, obtains the acquisition strategies of daily record and described analysis strategy;
Collecting unit 206 is used for according to the described acquisition strategies collection daily record corresponding with described Log Types to be analyzed;Process single
Unit 208 is used for based on described analysis strategy, the incidence relation between the daily record collecting being analyzed.
Wherein, dispensing unit 202, in the time model that configuration is analyzed to daily record, can be entered by configuration file
Row configuration is it is also possible to be configured by interactive interface by user.
In one embodiment of the invention, described resolution unit specifically for:Based on comprise in described time model
Described incidence relation, determines described acquisition strategies.
In this embodiment, by determining that based on the incidence relation comprising in time model what daily record was acquired adopts
Collection strategy so that when being acquired to daily record, can incidence relation based on time series being acquired to daily record, and then
Useless daily record (not having the daily record of incidence relation) can be filtered out, save the space that the daily record collecting is stored.
In one embodiment of the invention, described collecting unit specifically for:Based on default acquisition protocols, according to institute
State the acquisition strategies collection daily record corresponding with described Log Types to be analyzed.
Wherein, described acquisition strategies include:Acquisition order, frequency acquisition.Specifically, acquisition order is that daily record is carried out
Sequencing during collection, frequency acquisition is the number of times being acquired in the unit interval.
Above-mentioned is included based on seasonal effect in time series incidence relation:Between sequencing between different daily records, different daily record
Time interval relation, the causality between different daily record, either-or relation in certain period of time, incremental time close
System.
Shown in Fig. 2 based on seasonal effect in time series log analysis device 200 pass through configure the time mould that daily record is analyzed
Type, and based on carrying out to time model parsing the acquisition strategies obtaining, daily record is acquired with the collection energy so as to daily record
Enough consider to be based on seasonal effect in time series incidence relation between daily record, and then the daily record much not having incidence relation can be filtered out,
Save the space that the daily record collecting is stored.By being corresponded to based on seasonal effect in time series incidence relation according between daily record
Analysis strategy the daily record collecting is analyzed, enabling effectively to the daily record that there is incidence relation in time
It is analyzed, and during analysis, can be analyzed successively based on source daily record, drastically increase and daily record is divided
Analysis efficiency.
Below in conjunction with Fig. 3, technical scheme is described further:
The present invention mainly propose a kind of new based on seasonal effect in time series log analysis scheme, in collection and the analysis of daily record
During make full use of time relationship model between all kinds of daily records, carry out simulation and the analyzing and processing of daily record set.Concrete bag
Include following steps:
Step 1:Configuration is corresponding to the time model of multiple Log Types.
Specifically, can be by interface configurations or configuration file come setup time model, this time model comprises:Treat point
The Log Types of analysis, (included between sequencing between daily record, daily record based on seasonal effect in time series incidence relation between daily record
Time interval relation, causality, either-or relation in certain period of time, incremental time relation etc.) and for every kind of
The real-time analysis strategy of incidence relation.
Step 2, as shown in figure 3, parsing to time model, obtains acquisition strategies and analysis strategy, and will gather plan
Slightly it is issued to Collection agent, analysis strategy is issued to real-time analysis engine.Wherein, Collection agent is for according to acquisition strategies
Carry out log collection.
Specifically, when time model is converted into corresponding acquisition strategies with analysis strategy, mainly according to time mould
Incidence relation in type is determining acquisition strategies.Acquisition strategies mainly contain the collection sequencing of daily record, frequency acquisition etc..
Analysis strategy is the above-mentioned analysis strategy for every kind of incidence relation.
Step 3, carries out log collection according to acquisition strategies, by the log transmission collecting to message queue, and by dividing
The mode of cloth storage is stored, and is analyzed by real-time analysis engine simultaneously, and can be inquired about and count.
Specifically, Collection agent, after receiving acquisition strategies, is converted into by timer-operated timed task and collection
Rule is stored.Collection agent is based on acquisition protocols (as determined corresponding acquisition protocols in Fig. 3 by protocol adaptation layers),
And carry out log collection according to acquisition strategies, collect the daily record of respective type and be transferred to message queue.
Step 4, is analyzed to the daily record collected, and produces the event of needs.
Specifically, real-time analysis engine is analyzed to the daily record in message queue according to analysis strategy.Such as:If collection
To daily record there is sequencing (based on one of seasonal effect in time series incidence relation) in itself, then can based on and this association
The corresponding analysis strategy of relation the daily record collecting is analyzed, and such as the precedence relationship of the daily record collecting is sentenced
Disconnected.
For another example, for there is causal daily record, such as when user carries out register, login daily record can be produced,
When cipher authentication unsuccessfully leads to logon error it may appear that failure daily record.When being analyzed based on the analysis strategy in time model
In scheduled duration, it is determined that being likely to occur the event of Brute Force, now can obtaining occur during unsuccessfully daily record in continuous several times
To and export analysis result, in order to position the event of Brute Force.
The technical scheme of the above embodiment of the present invention achieves that:
1st, can more effectively the daily record that there is closeness relationship in time be analyzed;
2nd, by being acquired to daily record thus according to time relationship and storing, filtered a lot of useless daily records, saved big
The memory space of amount.
3rd, it is modeled analyzing by thus according to time series, therefore, it is possible to catch source daily record look-ahead analysis, and be based on
This is progressively analyzed to other daily records, substantially increases the analysis efficiency to daily record.
Technical scheme is described in detail above in association with accompanying drawing, the present invention propose a kind of new based on time sequence
The log analysis scheme of row, effectively can be analyzed to the daily record that there is incidence relation in time, can improve simultaneously
Analysis efficiency to daily record.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made any repair
Change, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (10)
1. one kind is based on seasonal effect in time series log analysis method it is characterised in that including:
It is configured to the time model that daily record is analyzed, described time model includes Log Types to be analyzed, not on the same day
It is based on seasonal effect in time series incidence relation between will, and the analysis strategy corresponding with every kind of described incidence relation;
Parse described time model, obtain the acquisition strategies of daily record and described analysis strategy;
According to the described acquisition strategies collection daily record corresponding with described Log Types to be analyzed;
Based on described analysis strategy, the incidence relation between the daily record collecting is analyzed.
2. according to claim 1 based on seasonal effect in time series log analysis method it is characterised in that parse described time mould
Type, the step obtaining the acquisition strategies of daily record, specifically include:
Based on the described incidence relation comprising in described time model, determine described acquisition strategies.
3. according to claim 1 based on seasonal effect in time series log analysis method it is characterised in that according to described collection plan
The step slightly gathering the daily record corresponding with described Log Types to be analyzed, specifically includes:
Based on default acquisition protocols, according to the described acquisition strategies collection day corresponding with described Log Types to be analyzed
Will.
4. according to any one of claim 1 to 3 based on seasonal effect in time series log analysis method it is characterised in that institute
State and included based on seasonal effect in time series incidence relation:
Causality between time interval relation between sequencing between different daily records, different daily record, different daily record,
Either-or relation, incremental time relation in certain period of time.
5. according to any one of claim 1 to 3 based on seasonal effect in time series log analysis method it is characterised in that institute
State acquisition strategies to include:Acquisition order, frequency acquisition.
6. one kind is based on seasonal effect in time series log analysis device it is characterised in that including:
Dispensing unit, is configured to the time model that daily record is analyzed, and described time model includes daily record class to be analyzed
It is based on seasonal effect in time series incidence relation between type, different daily record, and the analysis strategy corresponding with every kind of described incidence relation;
Resolution unit, for parsing described time model, obtains the acquisition strategies of daily record and described analysis strategy;
Collecting unit, for the daily record corresponding with described Log Types to be analyzed according to the collection of described acquisition strategies;
Processing unit, for being analyzed to the incidence relation between the daily record collecting based on described analysis strategy.
7. according to claim 6 based on seasonal effect in time series log analysis device it is characterised in that described resolution unit tool
Body is used for:
Based on the described incidence relation comprising in described time model, determine described acquisition strategies.
8. according to claim 6 based on seasonal effect in time series log analysis device it is characterised in that described collecting unit tool
Body is used for:
Based on default acquisition protocols, according to the described acquisition strategies collection day corresponding with described Log Types to be analyzed
Will.
9. according to any one of claim 6 to 8 based on seasonal effect in time series log analysis device it is characterised in that institute
State and included based on seasonal effect in time series incidence relation:
Causality between time interval relation between sequencing between different daily records, different daily record, different daily record,
Either-or relation, incremental time relation in certain period of time.
10. according to any one of claim 6 to 8 based on seasonal effect in time series log analysis device it is characterised in that institute
State acquisition strategies to include:Acquisition order, frequency acquisition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610819389.1A CN106407096B (en) | 2016-09-09 | 2016-09-09 | Log analysis method and log analysis device based on time series |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610819389.1A CN106407096B (en) | 2016-09-09 | 2016-09-09 | Log analysis method and log analysis device based on time series |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106407096A true CN106407096A (en) | 2017-02-15 |
| CN106407096B CN106407096B (en) | 2019-04-19 |
Family
ID=57999832
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610819389.1A Active CN106407096B (en) | 2016-09-09 | 2016-09-09 | Log analysis method and log analysis device based on time series |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106407096B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109711805A (en) * | 2018-12-20 | 2019-05-03 | 惠州Tcl移动通信有限公司 | A kind of automation generates the system and method for report |
| CN110502486A (en) * | 2019-08-21 | 2019-11-26 | 中国工商银行股份有限公司 | Log processing method, device, electronic equipment and computer readable storage medium |
| CN111654499A (en) * | 2020-06-03 | 2020-09-11 | 哈尔滨工业大学(威海) | Method and device for identifying attack breach based on protocol stack |
| CN112800017A (en) * | 2021-01-21 | 2021-05-14 | 网易(杭州)网络有限公司 | Distributed log collection method, device, medium and electronic equipment |
| US11366712B1 (en) | 2020-12-02 | 2022-06-21 | International Business Machines Corporation | Adaptive log analysis |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888309A (en) * | 2010-06-30 | 2010-11-17 | 中国科学院计算技术研究所 | Online log analysis method |
| US20110137835A1 (en) * | 2009-12-04 | 2011-06-09 | Masato Ito | Information processing device, information processing method, and program |
| US20110319094A1 (en) * | 2010-06-24 | 2011-12-29 | Sony Corporation | Information processing apparatus, information processing system, information processing method, and program |
| CN102307111A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | Log distribution acquisition analysis method and system thereof |
| CN103577307A (en) * | 2013-11-07 | 2014-02-12 | 浙江中烟工业有限责任公司 | Method for automatically extracting and analyzing firewall logs based on XML rule model |
| CN103812679A (en) * | 2012-11-12 | 2014-05-21 | 深圳中兴网信科技有限公司 | Mass log statistical analysis system and method |
| CN104537015A (en) * | 2014-12-19 | 2015-04-22 | 电信科学技术第十研究所 | Log analysis computer implementation method, computer and system |
| CN105808414A (en) * | 2016-03-08 | 2016-07-27 | 联想(北京)有限公司 | Log processing method and log processing electronic equipment |
-
2016
- 2016-09-09 CN CN201610819389.1A patent/CN106407096B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110137835A1 (en) * | 2009-12-04 | 2011-06-09 | Masato Ito | Information processing device, information processing method, and program |
| US20110319094A1 (en) * | 2010-06-24 | 2011-12-29 | Sony Corporation | Information processing apparatus, information processing system, information processing method, and program |
| CN101888309A (en) * | 2010-06-30 | 2010-11-17 | 中国科学院计算技术研究所 | Online log analysis method |
| CN102307111A (en) * | 2011-09-02 | 2012-01-04 | 深圳中兴网信科技有限公司 | Log distribution acquisition analysis method and system thereof |
| CN103812679A (en) * | 2012-11-12 | 2014-05-21 | 深圳中兴网信科技有限公司 | Mass log statistical analysis system and method |
| CN103577307A (en) * | 2013-11-07 | 2014-02-12 | 浙江中烟工业有限责任公司 | Method for automatically extracting and analyzing firewall logs based on XML rule model |
| CN104537015A (en) * | 2014-12-19 | 2015-04-22 | 电信科学技术第十研究所 | Log analysis computer implementation method, computer and system |
| CN105808414A (en) * | 2016-03-08 | 2016-07-27 | 联想(北京)有限公司 | Log processing method and log processing electronic equipment |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109711805A (en) * | 2018-12-20 | 2019-05-03 | 惠州Tcl移动通信有限公司 | A kind of automation generates the system and method for report |
| CN110502486A (en) * | 2019-08-21 | 2019-11-26 | 中国工商银行股份有限公司 | Log processing method, device, electronic equipment and computer readable storage medium |
| CN110502486B (en) * | 2019-08-21 | 2022-01-11 | 中国工商银行股份有限公司 | Log processing method and device, electronic equipment and computer readable storage medium |
| CN111654499A (en) * | 2020-06-03 | 2020-09-11 | 哈尔滨工业大学(威海) | Method and device for identifying attack breach based on protocol stack |
| CN111654499B (en) * | 2020-06-03 | 2022-06-17 | 哈尔滨工业大学(威海) | Method and device for identifying attack breach based on protocol stack |
| US11366712B1 (en) | 2020-12-02 | 2022-06-21 | International Business Machines Corporation | Adaptive log analysis |
| CN112800017A (en) * | 2021-01-21 | 2021-05-14 | 网易(杭州)网络有限公司 | Distributed log collection method, device, medium and electronic equipment |
| CN112800017B (en) * | 2021-01-21 | 2023-02-17 | 网易(杭州)网络有限公司 | Distributed log collection method, device, medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106407096B (en) | 2019-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106407096A (en) | Time series based log analysis method and log analysis apparatus | |
| CN103970903B (en) | Large industrial system feedback data real-time processing method and system based on Web | |
| CN106528865A (en) | Quick and accurate cleaning method of traffic big data | |
| CN103902731B (en) | Intelligent information maintenance method based on knowledge base inquiry | |
| CN105913656B (en) | Based on the frequent method and system for crossing vehicle of distributed statistics | |
| CN104598551B (en) | A kind of data statistical approach and device | |
| CN111897863A (en) | Multi-source heterogeneous data fusion and convergence method | |
| CN101446966A (en) | Data storage method and system | |
| CN108958215A (en) | A kind of engineering truck failure prediction system and its prediction technique based on data mining | |
| CN107837087A (en) | A kind of human motion state recognition methods based on smart mobile phone | |
| CN109815254A (en) | Cross-region method for scheduling task and system based on big data | |
| CN107832333B (en) | Method and system for constructing user network data fingerprint based on distributed processing and DPI data | |
| CN107247811A (en) | SQL statement performance optimization method and device based on oracle database | |
| CN103812679B (en) | A kind of massive logs statistical analysis system and method | |
| CN109978215A (en) | Patrol management method and device | |
| CN106339244A (en) | Method and device for realizing statistical information collection | |
| CN107153702A (en) | A kind of data processing method and device | |
| CN109033330A (en) | Big data cleaning method, device and server | |
| CN104281932A (en) | Intelligent shift acquisition device and method | |
| CN113596081A (en) | Intelligent manufacturing open platform based on edge calculation | |
| CN105426407A (en) | Web data acquisition method based on content analysis | |
| CN108052574A (en) | Slave ftp server based on Kafka technologies imports the ETL system and implementation method of mass data | |
| CN110032556A (en) | A kind of method and its system that can fast implement data cleansing, verification of correctness | |
| EP4242848A1 (en) | Method and computer system for capture and analysis of repetitive actions generated by the employee-computer interaction | |
| CN107870921A (en) | A kind of daily record data processing method and processing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |