CN110633274A - Alarm management method and device - Google Patents
Alarm management method and device Download PDFInfo
- Publication number
- CN110633274A CN110633274A CN201810653391.5A CN201810653391A CN110633274A CN 110633274 A CN110633274 A CN 110633274A CN 201810653391 A CN201810653391 A CN 201810653391A CN 110633274 A CN110633274 A CN 110633274A
- Authority
- CN
- China
- Prior art keywords
- alarm
- node
- level
- nodes
- target node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an alarm management method and device. The invention creates a directory structure in a monitoring system, and each node in the directory structure is provided with an alarm level identifier; storing the hierarchical relation between each node in the directory structure and the corresponding relation between each node and the alarm object; when the monitoring system monitors that an alarm is generated, acquiring a current alarm object corresponding to the alarm and the level of the alarm, and acquiring a target node corresponding to the current alarm object according to the corresponding relation between each node and the alarm object; and updating the alarm level identification of the target node according to the alarm level, and updating the alarm level identification of the corresponding upper node of the target node according to the hierarchical relationship among the nodes, so that the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the corresponding lower node. The invention can quickly capture the highest-level alarm according to the alarm level identifier so as to process the fault in time and improve the quick response capability of the fault.
Description
Technical Field
The present invention relates to the field of monitoring and management technologies, and in particular, to a method and an apparatus for alarm management.
Background
Fault management (also called alarm management) is one of the key functions of a monitoring system, and currently, for real-time class alarms (also called active alarms), a queryable alarm view created according to condition organization, a filterable alarm view created according to parent-child structure hierarchy organization, and a view for simply visually presenting generated alarms are available in alarm management.
The display mode of the alarm view adopted by the prior art needs to manually position the target alarm meeting the query condition, and in the environment with large data volume and thousands of alarms per second, the prior art cannot quickly position tasks and has low management efficiency.
Disclosure of Invention
The invention provides an alarm management method and device, which aim to solve the problem that the management mode of the existing scheme for activity alarm is low in efficiency.
One aspect of the present invention provides an alarm management method, including:
creating a directory structure in a monitoring system, wherein each node in the directory structure is provided with an alarm level identifier;
storing the hierarchical relation between each node in the directory structure and the corresponding relation between each node and the alarm object;
when the monitoring system monitors that an alarm is generated, acquiring a current alarm object corresponding to the alarm and the level of the alarm, and acquiring a target node corresponding to the current alarm object according to the corresponding relation between each node and the alarm object;
and updating the alarm level identification of the target node according to the alarm level, and updating the alarm level identification of the corresponding upper node of the target node according to the hierarchical relationship among the nodes, so that the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the corresponding lower node.
Another aspect of the present invention provides an alarm management apparatus, including:
the system comprises a creating unit, a monitoring unit and a judging unit, wherein the creating unit is used for creating a directory structure in the monitoring system, and each node in the directory structure is provided with an alarm level identifier;
the storage unit is used for storing the hierarchical relationship among the nodes in the directory structure and the corresponding relationship between the nodes and the alarm object;
the computing unit is used for acquiring a current alarm object and the alarm level corresponding to the alarm when the monitoring system monitors that the alarm is generated, and acquiring a target node corresponding to the current alarm object according to the corresponding relation between each node and the alarm object;
and the updating unit is used for updating the alarm level identification of the target node according to the alarm level and updating the alarm level identification of the corresponding upper node of the target node according to the hierarchical relationship among the nodes, so that the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the corresponding lower node.
The invention has the beneficial effects that: when creating a directory structure, the corresponding relations among nodes of the directory structure and between the nodes and alarm objects are saved, corresponding alarm level identifiers are set for the corresponding nodes according to the alarm levels generated by the alarm objects, and the alarm level identifier with the highest alarm level in the lower node is transmitted to the upper node according to the corresponding relation among the nodes, so that the update of the alarm level identifier of the whole directory structure is completed, and in the management process of active alarms, a worker can quickly capture the alarm with the highest level according to the alarm level identifier in numerous types of alarms, so that the fault can be timely processed, and the quick response capability of the fault is improved.
Drawings
FIG. 1 is a flow chart of an alarm management method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a directory structure according to an embodiment of the present invention;
FIG. 3 is a block diagram of an alarm management device according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a hardware structure of alarm management according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The words "a", "an" and "the" and the like as used herein are also intended to include the meanings of "a plurality" and "the" unless the context clearly dictates otherwise. Furthermore, the terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Thus, the techniques of the present invention may be implemented in hardware and/or in software (including firmware, microcode, etc.). Furthermore, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of the present invention, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
In the monitoring system, the alarm amount is increased proportionally with the increase of the monitored objects, especially for the refined monitoring of monitoring points, the alarm can be generated every second, if the alarm amount is generated according to 1000 monitoring nodes at the same time, 1000 alarm amounts can be generated every second, and the large data mining and intelligent analysis are facilitated. The invention associates the alarm objects with different directories, each directory searches the alarm state of the highest level according to the associated alarm object, presents the directory according to the alarm state of the highest level, is convenient for managing complicated and various types of alarms, and quickly captures the alarm of the highest level, so that the quick response capability is improved even if the fault is processed.
Fig. 1 is a flowchart of an alarm management method according to an embodiment of the present invention, and as shown in fig. 1, the method according to the embodiment includes:
s110, a directory structure is established in the monitoring system, and each node in the directory structure is provided with an alarm level identifier.
In this embodiment, a directory structure may be created according to the business relationship, the directory structure may be a tree structure or a list structure, each node is provided with an alarm level identifier, and the alarm level of the node is indicated by the alarm level identifier, so as to visually obtain the alarm level of the business object corresponding to each node.
It can be understood that the number of directory structures created in this embodiment may be one, or may be multiple, and the specific number may be set according to the number of alarm objects, for example, when a monitoring system monitors a large number of alarm objects, a plurality of directory structures may be set, so as to quickly locate the alarm level of a corresponding business object in each directory structure.
The business object in this embodiment may be understood as an object divided according to business requirements, where the objects such as account 1 group, account 2 group, log, and process shown in fig. 2 are business objects, and the alarm object includes, but is not limited to, a host, a virtual machine, and the like, such as the host and the virtual machine shown in fig. 2.
And S120, storing the hierarchical relationship among the nodes in the directory structure and the corresponding relationship between the nodes and the alarm object.
The embodiment may store the correspondence in a local cache, for example, store the correspondence in a Redis distributed cache manner, so as to implement efficient storage and access to the correspondence.
The directory structure of the present embodiment has a hierarchical structure, and each node has a hierarchical relationship. As shown in fig. 2, the BOSS node corresponds to a root directory node of the directory structure, lower nodes of the root directory node include an account 1 group node, an account 2 group node, a china mobile services support network operation Management system (BOMC) node, and a Customer Relationship Management (CRM) node, lower nodes of the account 2 group node include a statistics 1 group node, and lower nodes of the statistics 1 group node include a host node and an SQL statement node.
In this embodiment, by storing the corresponding relationship between each node and the alarm object, when the monitoring system acquires an alarm, the node corresponding to the alarm object that generates the alarm can be located according to the corresponding relationship, so as to set the alarm level of the corresponding node according to the alarm level in the following.
S130, when the monitoring system monitors that an alarm is generated, a current alarm object corresponding to the alarm and the alarm level are obtained, and a target node corresponding to the current alarm object is obtained according to the corresponding relation between each node and the alarm object.
Assuming that the alarm monitored by the monitoring system is generated by the alarm object a, the target node corresponding to the alarm object a can be obtained according to the corresponding relationship between each node and the alarm object.
S140, the alarm level identification of the target node is updated according to the alarm level, the alarm level identification of the corresponding upper node of the target node is updated according to the hierarchical relationship among the nodes, and the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the corresponding lower node.
It is assumed that the alarm levels of the present embodiment include three levels, namely, a serious alarm, a secondary alarm and an alarm, and accordingly, the alarm level identifier includes a serious alarm identifier, a secondary alarm identifier and an alarm identifier. If the monitoring system monitors that the level of the alarm generated by the alarm object is a serious alarm, the alarm level identification of the target node corresponding to the alarm object is updated to be a serious alarm identification, and meanwhile, the alarm level identification of the corresponding upper node of the target node is updated, so that the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the lower nodes included in the corresponding upper node. The respective superordinate node of the target node can be understood as the superordinate node of each level from the first superordinate node of the target node to the root node. For example, in fig. 2, a host node under the statistics group 1 node is taken as an example of a target node, and at this time, a corresponding upper node of the target node may be understood as a statistics group 1 as a first upper node, a finance group 2 as a second upper node, a BOSS node, that is, a root node, as a third upper node, and the target node has three levels of upper nodes.
Referring to fig. 2, the circle point shown in fig. 2 is a warning level identifier of a node, the circle including one black point is a serious warning identifier, the circle including two black points is a secondary warning identifier, the circle including three black points is a warning identifier, fig. 2 shows the warning level identifiers of the nodes at the previous time, assuming that the target node determined at the current time is the host node in the accounting 2 group, the warning level identifier of the host node is updated from the secondary warning identifier to the serious warning identifier, the warning level identifier of the first-level upper-level node statistics 1 group of the host node is updated from the secondary warning identifier to the serious warning identifier, and meanwhile, the warning level identifier of the second-level node finance 2 group of the host node is updated from the secondary warning identifier to the serious warning identifier, thereby completing the transfer of the warning level.
In practical application, the present embodiment may further display the nodes at all levels in the directory structure according to the alarm level identifiers of the nodes in the order from top to bottom, so that the staff can visually know the alarm level of each node from the directory view, locate the node position with the highest alarm level, and avoid inserting and locating the alarm at the highest level manually.
In this embodiment, when creating the directory structure, the corresponding relationships between the nodes of the directory structure and between the nodes and the alarm object are saved, the corresponding alarm level identifiers are set for the corresponding nodes according to the alarm levels generated by the alarm object, and the alarm level identifier with the highest alarm level in the lower node is transmitted to the upper node according to the corresponding relationships between the nodes, so that the update of the alarm level identifiers of the whole directory structure is completed, and in the management process of active alarms, a worker can quickly capture the highest alarm level according to the alarm level identifiers in numerous types of alarms, so as to process the fault in time and improve the quick response capability of the fault.
In an implementation scheme of this embodiment, the alarm level identifier of the corresponding upper node of the target node is updated by the following method:
according to the hierarchical relation among the nodes, acquiring other nodes at the same level as the target node, and comparing the updated alarm level of the target node with the alarm levels of other nodes at the same level:
if the updated alarm level of the target node is not greater than the alarm levels of other nodes at the same level as the target node, the alarm level identification of the first superior node of the target node is maintained;
if the updated alarm level of the target node is greater than the alarm levels of other nodes of the same level as the target node, updating the alarm level identification of the first superior node to the alarm level identification of the target node, and obtaining the alarm level of other nodes of the same level as the first superior node, comparing the updated alarm level of the first superior node with the alarm levels of other nodes of the same level as the target node, if the updated alarm level of the first superior node is not greater than the alarm level of other nodes of the same level as the target node, keeping the alarm level identification of the second superior node of the target node, if the updated alarm level of the first superior node is greater than the alarm level of other nodes of the same level as the target node, updating the alarm level identification of the second superior node to the updated alarm level identification of the first superior node, and obtaining the alarm level of other nodes of the same level as the second superior node, and comparing the updated alarm level of the second superior node with the alarm levels of other nodes at the same level, and updating the alarm level identification of the corresponding superior node of the target node according to the comparison result.
The process of updating the alarm level identifier of the corresponding upper node of the target node according to this embodiment is described with reference to the directory structure shown in fig. 2. As shown in fig. 2, in the list-shaped directory structure shown in fig. 2, the alarm level of each upper node is the highest alarm level in its lower node, and taking the first layer node in the directory structure as an example, as shown in fig. 2, the first layer node only includes the root directory BOSS node, and the lower node of the BOSS node, that is, the second layer node of the directory structure, includes the account 1 group node, the account 2 group node, the BOMC node, and the CRM node, and since the highest alarm level in the second layer node is the serious alarm corresponding to the account 1 group node, the alarm level identifier of the BOSS node is the serious alarm level identifier.
Supposing that the monitoring system monitors that the host a with the alarm object generates the alarm, the alarm level is a serious alarm, when it is determined that the directory node corresponding to the host a is the host node of the account 1 group, the alarm level identifier of the host node of the account 1 group is updated to be the serious alarm level identifier, and since the alarm level identifier of the highest level in the first higher-level node of the host node, i.e. the lower-level node of the account 1 group, does not change, the alarm level identifier of the account 1 group remains to be the serious alarm level identifier, and accordingly, the alarm level identifiers of other higher-level nodes of the account 1 group do not need to be updated.
When the directory node corresponding to the host a is determined to be the host node of the account 2 group, the alarm level identifier of the host node of the account 2 group is updated to be the serious alarm level identifier, because the first upper node of the host node, that is, the alarm level identifier of the highest level in the lower node of the statistics 1 group, is changed, the alarm level identifier of the statistics 1 group is updated to be the serious alarm level identifier, correspondingly, the alarm level identifier of the finance 2 group of the upper node of the statistics 1 group is updated to be the serious alarm level identifier, and because the alarm level identifier of the highest level in the lower node of the BOSS node is not changed, the alarm level identifier of the BOSS node is maintained to be the serious alarm level identifier.
Referring to fig. 2, in this embodiment, each directory node generates an alarm level according to its associated alarm object, transmits an alarm level identifier of the highest level from a lower level to an upper level according to a hierarchical relationship of the directory nodes, and sequentially presents a directory structure according to the alarm level identifier of the highest level, so that a worker can visually observe the alarm of the highest level and avoid finding and positioning by a manual method. The staff only need establish the directory structure according to the business relation, need not care about the alarm and produce at that node, have generated the warning of highest level clearly under the directory, and the management mode is comparatively simple and convenient. The management mode of the alarm is particularly suitable for the large-data-volume alarm environment, fast operation and interface rendering are realized by means of a cache technology, man-machine interaction is improved, and response time is greatly shortened.
In practical application, the monitoring object is upgraded or the hardware is changed frequently, so that the change of the monitoring state can be caused, and further the alarm is generated. Based on this situation, the alarm management method of this embodiment further includes:
generating an alarm shielding task of a corresponding node in a directory structure according to a service requirement, wherein the alarm shielding task indicates a time range for shielding an alarm; and setting alarm shielding task identifiers for the nodes with the alarm shielding tasks and the lower nodes of the nodes according to the hierarchical relation among the nodes.
Referring to fig. 2, assuming that an alarm masking task of the accounting 1 group is generated according to business requirements, where the alarm masking task indicates that an alarm in a XX time range from XX when XX is masked to XX when XX is XX and XXX is masked to XXX when XXX is XXX, in fig. 2, an alarm masking task identifier is exemplarily represented by a star graph, so that the accounting 1 group and its subordinate nodes are both provided with the alarm masking task identifier. In this embodiment, when the nodes at each level in the directory structure are displayed according to the alarm level identifiers of the nodes in the order from top to bottom of the alarm levels, the alarm shielding task identifiers of the corresponding nodes may also be displayed.
After setting an alarm shielding task for a corresponding node according to a service requirement, when a monitoring system acquires an alarm, firstly determining a reference node corresponding to the acquired alarm, judging whether the reference node is provided with an alarm shielding task identifier, if the reference node is not provided with the alarm shielding task identifier, monitoring that an alarm is generated by the monitoring system, and updating the generated alarm level to update the alarm level identifier of the target node, wherein the reference node is the target node described above. If the reference node is provided with the alarm shielding task identifier, whether the acquired alarm is in the alarm shielding time range of the alarm shielding task is judged, if so, the monitoring system shields the generated alarm without generating the alarm, and if not, the monitoring system monitors that the alarm is generated, at the moment, the reference node is the target node described above, and the generated alarm level is updated to update the alarm level identifier of the target node.
According to the method, the alarm shielding task of a certain node is formulated, the alarm shielding task identifier is set for the node and the subordinate nodes of the node, one-key alarm shielding processing is supported, shielding management is simple and convenient, the defect that shielding management is realized one by one according to a single alarm object in the past can be avoided, and the worker can conveniently and rapidly formulate and troubleshoot the cut-over task.
Corresponding to the alarm management method, the embodiment of the invention also provides an alarm management device.
Fig. 3 is a block diagram of an alarm management device according to an embodiment of the present invention, and as shown in fig. 3, the alarm management device according to the embodiment includes:
a creating unit 31, configured to create a directory structure in the monitoring system, where each node in the directory structure is provided with an alarm level identifier;
the storage unit 32 is used for storing the hierarchical relationship among the nodes in the directory structure and the corresponding relationship between the nodes and the alarm object;
the computing unit 33 is configured to, when the monitoring system monitors that an alarm is generated, obtain a current alarm object and an alarm level corresponding to the alarm, and obtain a target node corresponding to the current alarm object according to a correspondence between each node and the alarm object;
and the updating unit 34 is configured to update the alarm level identifier of the target node according to the alarm level, and update the alarm level identifier of the corresponding upper node of the target node according to the hierarchical relationship between the nodes, so that the alarm level identifier of each upper node of the target node is updated to the alarm level identifier with the highest alarm level in the corresponding lower node.
The updating unit 34 of this embodiment is configured to obtain other nodes at the same level as the target node according to the hierarchical relationship between the nodes, and compare the alarm level updated by the target node with the alarm levels of other nodes at the same level; if the updated alarm level of the target node is not greater than the alarm levels of other nodes at the same level as the target node, the alarm level identification of the first superior node of the target node is maintained; if the updated alarm level of the target node is greater than the alarm levels of other nodes in the same level as the target node, updating the alarm level identification of the first superior node to the alarm level identification of the target node, and obtaining the alarm level of other nodes in the same level as the first superior node, comparing the updated alarm level of the first superior node with the alarm levels of other nodes in the same level as the target node, if the updated alarm level of the first superior node is not greater than the alarm level of other nodes in the same level as the target node, keeping the alarm level identification of the second superior node of the target node, and if the updated alarm level of the first superior node is greater than the alarm level of other nodes in the same level as the target node, updating the alarm level identification of the second superior node to the updated alarm level identification of the first superior node, and obtaining the alarm level of other nodes in the same level as the second superior node, and comparing the updated alarm level of the second superior node with the alarm levels of other nodes at the same level, and updating the alarm level identification of the corresponding superior node of the target node according to the comparison result.
In an implementation of this embodiment, the alarm management apparatus in fig. 3 further includes: the task making unit is used for generating an alarm shielding task of a corresponding node in the directory structure according to the service requirement, and the alarm shielding task indicates the time range for shielding the alarm; the identification unit is used for setting alarm shielding task identifications for the nodes with the alarm shielding tasks and the lower nodes of the nodes according to the hierarchical relation among the nodes; the judging unit is used for determining a reference node corresponding to the acquired alarm when the monitoring system acquires the alarm, judging whether the reference node is provided with an alarm shielding task identifier or not, and if the reference node is not provided with the alarm shielding task identifier, monitoring that the alarm is generated by the monitoring system; if the reference node is provided with an alarm shielding task identifier, judging whether the acquired alarm is in the alarm shielding time range of the alarm shielding task, if so, shielding the generated alarm by the monitoring system, and if not, monitoring that the alarm is generated by the monitoring system.
The alarm management device of this embodiment may further include a presentation unit, configured to present, according to the alarm level identifier of each node, each level of nodes in the directory structure in an order from top to bottom according to the alarm level. In practical application, the presentation unit may be further configured to present the alarm masking task identifier of the corresponding node.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The alarm management device provided by the application can be realized by software, and also can be realized by hardware or a mode of combining the hardware and the software. Taking a software implementation as an example, referring to fig. 4, the alarm management apparatus provided in the present application may include a processor 401 and a machine-readable storage medium 402 storing machine-executable instructions. The processor 401 and the machine-readable storage medium 402 may communicate via a system bus 403. Also, the processor 401 may perform the above described alarm management method by reading and executing machine executable instructions in the machine readable storage medium 402 corresponding to the alarm management logic.
The machine-readable storage medium 402 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., a compact disk, a DVD, etc.), or similar storage medium, or a combination thereof.
According to an example disclosed herein, there is also provided a machine-readable storage medium, such as machine-readable storage medium 402 in fig. 4, comprising machine-executable instructions executable by processor 401 in an alert management apparatus to implement the alert management method described above.
For the convenience of clearly describing the technical solutions of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", and the like are used to distinguish the same items or similar items with basically the same functions and actions, and those skilled in the art can understand that the words "first", "second", and the like do not limit the quantity and execution order.
While the foregoing is directed to embodiments of the present invention, other modifications and variations of the present invention may be devised by those skilled in the art in light of the above teachings. It should be understood by those skilled in the art that the foregoing detailed description is for the purpose of better explaining the present invention, and the scope of the present invention should be determined by the scope of the appended claims.
Claims (10)
1. An alarm management method, characterized in that the method comprises:
creating a directory structure in a monitoring system, wherein each node in the directory structure is provided with an alarm level identifier;
storing the hierarchical relation between the nodes in the directory structure and the corresponding relation between the nodes and the alarm object;
when the monitoring system monitors that an alarm is generated, acquiring a current alarm object corresponding to the alarm and the level of the alarm, and acquiring a target node corresponding to the current alarm object according to the corresponding relation between each node and the alarm object;
and updating the alarm level identification of the target node according to the alarm level, and updating the alarm level identification of the corresponding upper node of the target node according to the hierarchical relationship among the nodes, so that the alarm level identification of each upper node of the target node is updated to be the alarm level identification with the highest alarm level in the corresponding lower node.
2. The method according to claim 1, wherein the updating the alarm level identifier of the upper node of the target node according to the hierarchical relationship between the nodes comprises:
acquiring other nodes at the same level as the target node according to the hierarchical relationship among the nodes, and comparing the updated alarm level of the target node with the alarm levels of the other nodes at the same level;
if the updated alarm level of the target node is not greater than the alarm levels of other nodes at the same level as the target node, keeping the alarm level identification of the first superior node of the target node;
if the updated alarm level of the target node is greater than the alarm levels of other nodes in the same level as the target node, updating the alarm level identifier of the first superior node to the alarm level identifier of the target node,
and obtaining the alarm level of other nodes at the same level as the first superior node, comparing the updated alarm level of the first superior node with the alarm level of other nodes at the same level, if the updated alarm level of the first superior node is not greater than the alarm levels of other nodes of the same level as the first superior node, the alarm level identification of the second superior node of the target node is maintained, if the updated alarm level of the first superior node is greater than the alarm levels of other nodes of the same level as the first superior node, the alarm level identification of the second upper node is updated to the updated alarm level identification of the first upper node, and obtaining the alarm level of other nodes at the same level as the second superior node, comparing the updated alarm level of the second superior node with the alarm level of other nodes at the same level, and updating the alarm level identification of the corresponding superior node of the target node according to the comparison.
3. The method of claim 1, further comprising:
generating an alarm shielding task of a corresponding node in a directory structure according to a service requirement, wherein the alarm shielding task indicates a time range for shielding an alarm;
and setting alarm shielding task identifiers for the nodes with the alarm shielding tasks and the lower nodes of the nodes according to the hierarchical relation among the nodes.
4. The method of claim 3, wherein the monitoring system monitoring for the generation of an alarm comprises:
when the monitoring system collects an alarm, determining a reference node corresponding to the collected alarm, judging whether the reference node is provided with an alarm shielding task identifier or not, and if the reference node is not provided with the alarm shielding task identifier, monitoring that the alarm is generated by the monitoring system; if the reference node is provided with an alarm shielding task identifier, judging whether the acquired alarm is in the time range of shielding the alarm of the alarm shielding task, if so, shielding the generated alarm by the monitoring system, and if not, monitoring that the alarm is generated by the monitoring system.
5. The method of claim 1, further comprising:
and displaying the nodes at all levels in the directory structure according to the alarm level identification of each node from top to bottom according to the alarm level sequence.
6. An alarm management apparatus, characterized in that the apparatus comprises:
the system comprises a creating unit and a monitoring unit, wherein the creating unit is used for creating a directory structure in the monitoring system, and each node in the directory structure is provided with an alarm level identifier;
the storage unit is used for storing the hierarchical relationship among the nodes in the directory structure and the corresponding relationship between the nodes and the alarm object;
the computing unit is used for acquiring a current alarm object corresponding to the alarm and the level of the alarm when the monitoring system monitors that the alarm is generated, and acquiring a target node corresponding to the current alarm object according to the corresponding relation between each node and the alarm object;
and the updating unit is used for updating the alarm level identification of the target node according to the alarm level, updating the alarm level identification of the corresponding upper node of the target node according to the hierarchical relationship among the nodes, and updating the alarm level identification of each upper node of the target node into the alarm level identification with the highest alarm level in the corresponding lower node.
7. The apparatus according to claim 6, wherein the updating unit is configured to obtain other nodes at the same level as the target node according to a hierarchical relationship between the nodes, and compare the updated alarm level of the target node with the alarm levels of the other nodes at the same level as the target node; if the updated alarm level of the target node is not greater than the alarm levels of other nodes at the same level as the target node, keeping the alarm level identification of the first superior node of the target node; if the updated alarm level of the target node is greater than the alarm levels of other nodes on the same level as the target node, updating the alarm level identifier of the first superior node to the alarm level identifier of the target node, acquiring the alarm levels of other nodes on the same level as the first superior node, comparing the updated alarm level of the first superior node with the alarm levels of other nodes on the same level as the target node, if the updated alarm level of the first superior node is not greater than the alarm levels of other nodes on the same level as the target node, keeping the alarm level identifier of the second superior node of the target node, and if the updated alarm level of the first superior node is greater than the alarm levels of other nodes on the same level as the target node, updating the alarm level identifier of the second superior node to the updated alarm level identifier of the first superior node, and obtaining the alarm level of other nodes at the same level as the second superior node, comparing the updated alarm level of the second superior node with the alarm level of other nodes at the same level, and updating the alarm level identification of the corresponding superior node of the target node according to the comparison.
8. The apparatus of claim 7, further comprising:
the task making unit is used for generating an alarm shielding task of a corresponding node in a directory structure according to business requirements, wherein the alarm shielding task indicates a time range for shielding an alarm;
and the identification unit is used for setting alarm shielding task identifications for the nodes with the alarm shielding tasks and the lower nodes of the nodes according to the hierarchical relationship among the nodes.
9. The apparatus of claim 8, further comprising:
the monitoring system comprises a judging unit, a processing unit and a processing unit, wherein the judging unit is used for determining a reference node corresponding to the acquired alarm when the monitoring system acquires the alarm, judging whether the reference node is provided with an alarm shielding task identifier or not, and if the reference node is not provided with the alarm shielding task identifier, the monitoring system monitors that the alarm is generated; if the reference node is provided with an alarm shielding task identifier, judging whether the acquired alarm is in the time range of shielding the alarm of the alarm shielding task, if so, shielding the generated alarm by the monitoring system, and if not, monitoring that the alarm is generated by the monitoring system.
10. The apparatus of claim 6, further comprising:
and the display unit is used for displaying the nodes of all levels in the directory structure according to the alarm level identification of each node from top to bottom according to the alarm level sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810653391.5A CN110633274B (en) | 2018-06-22 | 2018-06-22 | Alarm management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810653391.5A CN110633274B (en) | 2018-06-22 | 2018-06-22 | Alarm management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110633274A true CN110633274A (en) | 2019-12-31 |
| CN110633274B CN110633274B (en) | 2022-07-15 |
Family
ID=68967136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810653391.5A Active CN110633274B (en) | 2018-06-22 | 2018-06-22 | Alarm management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110633274B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070276936A1 (en) * | 2004-11-08 | 2007-11-29 | Lucian Hirsch | Method and Devices for Matching Data Between a Manager and a Agent in a Management Network |
| CN101145944A (en) * | 2007-07-04 | 2008-03-19 | 中兴通讯股份有限公司 | A method for processing alarm |
| CN101237661A (en) * | 2008-02-28 | 2008-08-06 | 中兴通讯股份有限公司 | Alarm reporting method and device |
| CN102487481A (en) * | 2010-12-01 | 2012-06-06 | ***通信集团上海有限公司 | System, method and equipment for sending alarm information |
| CN103108347A (en) * | 2011-11-11 | 2013-05-15 | 中兴通讯股份有限公司 | Association alarm method and association alarm device of wired network and wireless network |
| CN103744719A (en) * | 2013-12-30 | 2014-04-23 | 华为技术有限公司 | Lock management method, lock management system, lock management system configuration method and lock management system configuration device |
| CN106407044A (en) * | 2010-12-14 | 2017-02-15 | 株式会社日立制作所 | A failure recovery method in an information processing system and an information processing system |
| CN107547262A (en) * | 2017-07-25 | 2018-01-05 | 新华三技术有限公司 | Generation method, device and the Network Management Equipment of alarm level |
| US9916448B1 (en) * | 2016-01-21 | 2018-03-13 | Trend Micro Incorporated | Detection of malicious mobile apps |
-
2018
- 2018-06-22 CN CN201810653391.5A patent/CN110633274B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070276936A1 (en) * | 2004-11-08 | 2007-11-29 | Lucian Hirsch | Method and Devices for Matching Data Between a Manager and a Agent in a Management Network |
| CN101145944A (en) * | 2007-07-04 | 2008-03-19 | 中兴通讯股份有限公司 | A method for processing alarm |
| CN101237661A (en) * | 2008-02-28 | 2008-08-06 | 中兴通讯股份有限公司 | Alarm reporting method and device |
| CN102487481A (en) * | 2010-12-01 | 2012-06-06 | ***通信集团上海有限公司 | System, method and equipment for sending alarm information |
| CN106407044A (en) * | 2010-12-14 | 2017-02-15 | 株式会社日立制作所 | A failure recovery method in an information processing system and an information processing system |
| CN103108347A (en) * | 2011-11-11 | 2013-05-15 | 中兴通讯股份有限公司 | Association alarm method and association alarm device of wired network and wireless network |
| CN103744719A (en) * | 2013-12-30 | 2014-04-23 | 华为技术有限公司 | Lock management method, lock management system, lock management system configuration method and lock management system configuration device |
| US9916448B1 (en) * | 2016-01-21 | 2018-03-13 | Trend Micro Incorporated | Detection of malicious mobile apps |
| CN107547262A (en) * | 2017-07-25 | 2018-01-05 | 新华三技术有限公司 | Generation method, device and the Network Management Equipment of alarm level |
Non-Patent Citations (1)
| Title |
|---|
| 王占孔等: "基于贝叶斯网络的分层网络故障诊断", 《软件》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110633274B (en) | 2022-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11768811B1 (en) | Managing user data in a multitenant deployment | |
| US11580067B1 (en) | Storage volume regulation for multi-modal machine data | |
| US11934418B2 (en) | Reducing index file size based on event attributes | |
| US20240086421A1 (en) | Method and Apparatus for Monitoring an In-memory Computer System | |
| US20180314726A1 (en) | Computing and replicating event deltas for mutable events in a distributed system | |
| CN104360878B (en) | A kind of method and device of application software deployment | |
| US20170093645A1 (en) | Displaying Interactive Topology Maps Of Cloud Computing Resources | |
| US11768776B1 (en) | Evicting data associated with a data intake and query system from a local storage | |
| CN107104824B (en) | Network topology determination method and device | |
| US9170960B2 (en) | Location of computing assets within an organization | |
| CN111090440B (en) | Information processing method, system, device and storage medium | |
| US11044144B2 (en) | Self-monitoring | |
| US7783743B1 (en) | Methods and apparatus for processing electronic mail-related data | |
| CN114791846B (en) | Method for realizing observability aiming at cloud-originated chaos engineering experiment | |
| CN107404417A (en) | A kind of processing method of monitoring data, processing unit and processing system | |
| CN111078695B (en) | Method and device for calculating association relation of metadata in enterprise | |
| CN112579558A (en) | Method, device, storage medium and equipment for displaying topological graph | |
| CN114048090A (en) | K8S-based container cloud platform monitoring method and device and storage medium | |
| CN117389830A (en) | Cluster log acquisition method and device, computer equipment and storage medium | |
| CN111339466A (en) | Interface management method and device, electronic equipment and readable storage medium | |
| JP2013206368A (en) | Virtual environment operation support system | |
| CN104951855A (en) | Apparatus and method for improving resource management | |
| CN110633274B (en) | Alarm management method and device | |
| CN114816914A (en) | Data processing method, equipment and medium based on Kubernetes | |
| CN112989150A (en) | Operation and maintenance diagram acquisition method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 818, 8 / F, 34 Haidian Street, Haidian District, Beijing 100080 Applicant after: ULTRAPOWER SOFTWARE Co.,Ltd. Address before: 100089 Beijing city Haidian District wanquanzhuang Road No. 28 Wanliu new building 6 storey block A Room 601 Applicant before: ULTRAPOWER SOFTWARE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |