WO2022048671A1 - Method and apparatus for event categorization - Google Patents

Method and apparatus for event categorization Download PDF

Info

Publication number
WO2022048671A1
WO2022048671A1 PCT/CN2021/116791 CN2021116791W WO2022048671A1 WO 2022048671 A1 WO2022048671 A1 WO 2022048671A1 CN 2021116791 W CN2021116791 W CN 2021116791W WO 2022048671 A1 WO2022048671 A1 WO 2022048671A1
Authority
WO
WIPO (PCT)
Prior art keywords
event
type
network
identifier
classification
Prior art date
Application number
PCT/CN2021/116791
Other languages
French (fr)
Chinese (zh)
Inventor
肖欣
谢于明
宋伟
马凯
张磊
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022048671A1 publication Critical patent/WO2022048671A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults

Definitions

  • the present application relates to the field of communication technologies, and in particular, to an event classification method and apparatus.
  • a network failure will reduce the health of the network system, thereby affecting the transmission of normal services.
  • network failures may include address resolution protocol (ARP) overrun, device restart, and router identifier (routerid) conflicts.
  • ARP address resolution protocol
  • device restart device restart
  • router identifier routerid
  • the present application provides an event classification method and device, which can realize automatic classification of events, thereby improving classification efficiency and enhancing scalability.
  • the present application provides an event classification method, which is applied to an analysis platform.
  • the method includes: acquiring a correspondence between identifiers of multiple events and classification labels of the multiple events. Get the identifier of the event to be classified that occurred in the network. Based on the identifier of the event to be classified and the corresponding relationship, a target classification label corresponding to the identifier of the event to be classified is determined.
  • the corresponding relationship may be pre-stored by the analysis platform, or may be communicated to other platforms in real time from the analysis platform.
  • the classification label of the event to be classified can be quickly determined, thereby realizing the automatic classification of the event.
  • the technical solution helps to improve classification efficiency and enhance scalability.
  • This technical solution can be applied to scenarios such as assisting in determining the health of a network system, assisting in network fault discovery and fault differentiation, and assisting in locating the root cause of faults, thereby improving the determination of the health of a network system, and performing network fault discovery and fault differentiation in corresponding scenarios. , The efficiency of performing fault root cause location.
  • the target classification label is used to represent at least one of the following: the severity of the impact of the to-be-classified event on the network; the nature of the to-be-classified event; or the object targeted by the to-be-classified event.
  • the specific implementation is not limited to this.
  • acquiring the correspondence between the identifiers of the multiple events and the classification labels of the multiple events includes: receiving the foregoing correspondence sent by the management platform for managing the analysis platform.
  • the management platform uniformly manages the classification labels of events in the entire network system, so that each analysis platform does not need to generate event classification labels locally, thus helping to save the computing resources of each analysis platform. In addition, it helps to avoid (or try to avoid) the "determination of The classification labels of the same event are different, resulting in the problem of low overall performance.
  • the analysis platform is used to manage multiple network devices, and the multiple network devices include network devices of the first type.
  • the method It also includes: sending a request message to the management platform.
  • the request message includes an identifier of the first type, and the request message is used to request a classification label of the event corresponding to the identifier of the first type.
  • receiving the above-mentioned correspondence sent by the management platform for managing the analysis platform includes: receiving the difference between the identifier of the event corresponding to the first type identifier sent by the management platform and the classification label of the event corresponding to the first type identifier corresponding relationship.
  • the event to be classified is an event that occurs in a network device of the first type
  • the event corresponding to the identifier of the first type includes the event to be classified.
  • the analysis platform obtains the classification labels of the events of the network devices of the first type by actively requesting.
  • the analysis platform can request the classification label of a specific event from the management platform based on its own needs, so the flexibility is higher.
  • the specific implementation is not limited to this.
  • the management platform may push the classification labels of the events of the network device of the first type to the analysis platform in an active push manner.
  • the first type of network device is a network device with the same version number.
  • the first type of network device is a network device with the same version number and model.
  • the present application provides an event classification method, which is applied to a management platform, the management platform is connected to an analysis platform, and the analysis platform is used to manage multiple network devices, the multiple network devices including the first type of network devices.
  • the method includes: acquiring a classification label of an event corresponding to a first type of identification; sending the classification label of the event corresponding to the first type of identification to an analysis platform, and the classification label of the first type of identification of the corresponding event is used to analyze the platform's impact on the network The to-be-classified event that occurs in the event.
  • the management platform sends the classification label of the event corresponding to the first type of identification to the analysis platform, so that the analysis platform can directly use the corresponding relationship to determine the classification label of the event to be classified, and realize the automatic classification of the event. Helps to improve classification efficiency and enhance scalability.
  • the management platform sends the classification label of the event corresponding to the first type of identification to the analysis platform based on the type of the network device, which is "When a new type of network device is added to the network system, the management platform can issue the label to the analysis platform. New types of network device event classification labels" created the conditions.
  • the method before acquiring the classification label of the event corresponding to the first type identifier, the method further includes: receiving a request message sent by the analysis platform.
  • the request message includes the identifier of the first type, and the request message is used to request a classification label of the event corresponding to the identifier of the first type.
  • the analysis platform can request the classification label of a specific event from the management platform based on its own needs, which is more flexible.
  • the event corresponding to the first type of identification includes a first event
  • the first event may be any event corresponding to the first type of identification.
  • the classification label of the first event is used to represent at least one of the following: the severity of the impact of the first event on the network system; the nature of the first event; or, the object targeted by the first event.
  • the method further includes: obtaining a product manual of the network device of the first type; wherein the product manual of the network device of the first type includes events for describing the network device of the first type. Based on the description document and the first information of the network device of the first type, a classification label of the event of the network device of the first type is obtained. The first information is used to represent the correspondence between the keywords of the event and the classification labels of the event.
  • the first information includes a classification model or a knowledge graph. The technical solution provides a way to obtain event classification labels based on product manuals.
  • the classification model is trained based on documentation included in the product manuals of multiple types of network devices.
  • the knowledge graph is obtained based on the documentation included in the product manuals of multiple types of network devices.
  • the present application provides an event classification apparatus.
  • the event classification device may be the above-mentioned analysis platform.
  • the event classification apparatus is configured to execute any one of the methods provided in the first aspect above.
  • the present application may divide the event classification device into functional modules according to any method provided in the first aspect.
  • each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module.
  • the present application may classify the event into an acquisition unit, a determination unit, and the like according to functions.
  • the event classification device includes: a memory and a processor, and the memory and the processor are coupled.
  • the memory is used for storing computer instructions
  • the processor is used for invoking the computer instructions, so that the event classification apparatus executes any one of the methods provided by the first aspect and any possible design manners thereof.
  • the present application provides an event classification apparatus.
  • the event classification device may be the above-mentioned management platform.
  • the event classification apparatus is configured to execute any one of the methods provided in the second aspect above.
  • the present application may divide the event classification device into functional modules according to any of the methods provided in the second aspect.
  • each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module.
  • the present application may classify the event into an acquisition unit and a sending unit according to functions.
  • the event classification device includes: a memory and a processor, and the memory and the processor are coupled.
  • the memory is used for storing computer instructions
  • the processor is used for invoking the computer instructions, so that the event classification apparatus executes any one of the methods provided by the second aspect and any possible design manners thereof.
  • the present application provides a computer readable storage medium, such as a computer non-transitory readable storage medium.
  • a computer program (or instruction) is stored thereon, and when the computer program (or instruction) runs on the event classification device, the event classification device is made to perform any possible implementation of the first aspect or the second aspect above any method provided.
  • the present application provides a computer program product that, when running on an event classification device, enables any one of the methods provided in the first aspect or any possible implementation manner of the second aspect to be executed .
  • the present application provides a chip system, comprising: a processor, where the processor is configured to call and run a computer program stored in the memory from a memory, and execute the implementation provided in the first aspect or the second aspect. either method.
  • any device, computer storage medium, computer program product or chip system provided above can be applied to the corresponding method provided above. Therefore, the beneficial effects that can be achieved can refer to the corresponding method. The beneficial effects in the method will not be repeated here.
  • FIG. 1 is a schematic diagram of the architecture of a network system provided by an embodiment of the present application
  • FIG. 2 is a schematic diagram of the architecture of another network system provided by an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a hardware structure of a computer device applicable to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a description document of a candidate event provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a knowledge graph according to an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an analysis platform provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a management platform provided by an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a chip system provided by an embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a computer program product provided by an embodiment of the present application.
  • An event is a general term for any situation in the network that needs to be prompted to the user.
  • the events may include: alarm events and log events.
  • the alarm event is an unexpected state (eg, failure) detected by the network system and a notification generated by prompting the user to intervene, such as an interface state change (eg, LinkDown or LinkUp).
  • Log events are information that records network system changes, which can be notifications of network system changes recorded under abnormal conditions or non-abnormal conditions that do not require user intervention, such as internal debugging information.
  • the classification label of the event is used to characterize the severity of the impact of the event on the network system (specifically, on the network where the event occurs). The same event that occurs on different network devices affects the network system (specifically, the network where the event occurs) with the same severity.
  • the embodiment of the present application does not limit the specific implementation manner of the classification label of the event.
  • the classification labels of the events may include: the first-level classification labels, the second-level classification labels...the Nth-level classification labels.
  • N is an integer greater than or equal to 2, and the larger the value of N, the more serious the impact of the event on the network system, or the less serious the impact of the event on the network system.
  • the category label of the event may include: Up, Down, and Subhealth.
  • Up means that it has no impact on the network system or the impact on the network system has been restored
  • Down means that it has a serious impact on the network system
  • Subhealth means sub-health.
  • Subhealth indicates that the severity of the impact on the network system is between Up and Down.
  • a categorical label for an event used to characterize the nature of the event. For example, according to the nature of the events, events are divided into normal events (ie, recovery-type events) and abnormal events (ie, problem events). For another example, further, if an event is an abnormal event (that is, a problem-type event), the nature of the event may specifically include the abnormal type of the event, for example, according to the nature of the event, the abnormal event is divided into a permission problem-type event or Overrun problem events, etc.
  • the recovery event may include: hwEthernetARPLimitExceed_clear, that is, an event in which the number of address resolution protocol (ARP) entries learned by the interface recovers below the threshold.
  • ARP address resolution protocol
  • Permission problem events can include: hwAdminLoginFailed_active, that is, the event that the administrator fails to log in too frequently.
  • the event of overrun problem can include: hwIfMonitorInputRateRising_active, that is, the event that the bandwidth utilization of the input stream of the interface exceeds the alarm threshold.
  • the classification label of the event is used to characterize the object targeted by the event.
  • the object includes the physical device or logical function module in the network device. Taking the object including the physical device in the network device as an example, according to the object of the event, the event can be divided into: interface problem event, board problem event, central processing unit (CPU) problem event, etc.
  • classification labels of events are classified according to which or which of the above methods, and may be predefined, for example, predefined based on actual requirements. In one example, assuming that the actual need is to determine the degree of impact of the event on the network system, the classification label of the event may be determined based on the severity of the impact of the event on the network system. The classification label of the event can be updated after being pre-defined according to which or which of the above-mentioned ways.
  • the types of event classification labels may also be predefined, for example, predefined based on expert experience.
  • the categorical label of an event can be updated after being predefined.
  • the specific classification label of an event may also be predefined, such as predefined based on expert experience.
  • the specific classification label of an event may be determined by combining expert experience and based on a classification model or a knowledge graph. The specific implementation method can refer to the following, which will not be repeated here.
  • Candidate events are events that are expected to occur on network devices. During the operation of the network device, a candidate event may or may not occur. Occurred events are events that have actually occurred on a network device. Events that have occurred are generally considered candidate events.
  • the knowledge graph is a semantic network in which the keywords of multiple candidate events and the classification labels of the multiple candidate events are used as entities, and the association relationship between the keywords and the classification labels is used as the connection relationship between entities.
  • the knowledge graph can be used to analyze the platform based on the keywords of each event (such as an alarm event or a log event) to obtain a classification label of the event, so as to realize the classification of the event.
  • the type identifier of the network device is used to uniquely identify the type of the network device.
  • the type identification of the network device includes the version number of the network device.
  • One version number of the network device corresponds to one type of the network device.
  • network devices with the same version number are network devices of the same type, and correspondingly, network devices with different version numbers are network devices of different types.
  • one version number of the network device may correspond to one or more models of the network device.
  • the type identification of the network device includes the version number and model of the network device.
  • One model of the network device corresponds to one type of the network device.
  • network devices with the same version number and model are the same type of network device, correspondingly, network devices with different version numbers are different types of network devices, and network devices with the same version number but different models Devices are also different types of network devices.
  • Type identification of network device The version number of the network device Model of network device Types of Network Devices 1 V200R005C10 CloudEngine8800 Type 2 of network equipment V200R005C10 CloudEngine7800 Type 3 of network equipment V200R005C10 CloudEngine6800 Types of Network Devices 4 V200R005C10 CloudEngine5800 Types of Network Devices 5 V200R005C11 ... Types of Network Devices 6 ... ...
  • a switch may be used as one type of network device, and a router may be used as another type of network device. It can be understood that, switches with one or more versions and/or routers with one or more versions may be deployed in the network.
  • one or more candidate events may occur for one type of network device. Different types of network devices may have the same candidate event or different candidate events. In an example, the correspondence between the types of network devices and the identifiers of candidate events is shown in Table 3:
  • Type identification of network device ID of the candidate event Types of Network Devices 1 ADD_NEW_USER_SECURITY Types of Network Devices 1 APP_SPEED_LIMIT Types of Network Devices 1 STACHG_TODWN Type 2 of network equipment ADD_NEW_USER_SECURITY
  • the same candidate event ie, the candidate event with the same identifier/name
  • both type 1 and type 2 of the network device in Table 3 correspond to the candidate event "ADD_NEW_USER_SECURITY", and the two types of network devices have the same classification label for the candidate event.
  • words such as “exemplary” or “for example” are used to represent examples, illustrations or illustrations. Any embodiments or designs described in the embodiments of the present application as “exemplary” or “such as” should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as “exemplary” or “such as” is intended to present the related concepts in a specific manner.
  • first and second are only used for description purposes, and cannot be understood as indicating or implying relative importance or implying the number of indicated technical features.
  • a feature defined as “first” or “second” may expressly or implicitly include one or more of that feature.
  • plural means two or more.
  • the meaning of the term “at least one” in this application means one or more, and the meaning of the term “plurality” in this application means two or more.
  • the size of the sequence number of each process does not mean the sequence of execution, and the execution sequence of each process should be determined by its function and internal logic, and should not be used in the embodiment of the present application. Implementation constitutes any limitation.
  • determining B according to A does not mean that B is only determined according to A, and B may also be determined according to A and/or other information.
  • references throughout the specification to "one embodiment,” “an embodiment,” and “one possible implementation” mean that a particular feature, structure, or characteristic related to the embodiment or implementation is included in the present application at least one embodiment of .
  • appearances of "in one embodiment” or “in an embodiment” or “one possible implementation” in various places throughout this specification are not necessarily necessarily referring to the same embodiment.
  • the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
  • FIG. 1 it is a schematic structural diagram of a network system 1 according to an embodiment of the present application.
  • the network system 1 shown in FIG. 1 includes: a first analysis platform 10 and a first network 20 .
  • the first network 20 includes a plurality of network devices 60 .
  • the first analysis platform 10 is directly or indirectly connected to each network device 60 in the first network 20 .
  • the first analysis platform 10 may be used to manage each network device 60 in the first network 20 .
  • the first analysis platform 10 stores classification labels of some or all of the candidate events (or events that have occurred) in the first network 20 .
  • the classification labels stored by the first analysis platform 10 can be updated.
  • the first analysis platform 10 can locally generate the classification labels of the candidate events in the first network 20, or obtain the classification labels of the candidate events in the first network 20 from other platforms or devices, or input the classification labels of the first network 20 by the user. 20 for the classification labels of candidate events, etc.
  • each network device 60 in the first network 20 can report the identifier of the event to the first analysis platform 10 .
  • the first analysis platform 10 may determine the classification label of the event based on the identification of the event. Subsequently, the embodiment of the present application does not limit the application scenarios of the classification labels determined by the first analysis platform 10, and the details may refer to the following.
  • the first analysis platform 10 may be implemented by one or more computer devices.
  • FIG. 1 is described by taking an example that the first analysis platform 10 is independent of the first network 20 .
  • the functions of the first analysis platform 10 may be integrated on one or more network devices 60 of the first network 20, so that the one or more network devices 60 can increase the function of the first network device 60 without changing its own functions. Part or all of the functionality of the first analysis platform 10 .
  • the following descriptions are given by taking the example that the first analysis platform 10 is independent of the first network 20 .
  • FIG. 2 it is a schematic structural diagram of another network system 1 according to an embodiment of the present application.
  • the network system 1 shown in FIG. 2 is drawn based on FIG. 1 .
  • the network system 1 shown in FIG. 2 further includes: a second analysis platform 30 , a second network 40 and a management platform 50 .
  • the second network 40 includes a plurality of network devices 60 .
  • the second analysis platform 30 is directly or indirectly connected to each network device 60 in the second network 40 .
  • the second analysis platform 30 may be used to manage each network device 60 in the second network 40 .
  • the second analysis platform 30 may store the classification labels of the candidate events in the second network 40 .
  • the classification labels stored by the second analysis platform 30 can be updated.
  • the management platform 50 is connected to the first analysis platform 10 and the second analysis platform 30, respectively.
  • the management platform 50 is used to store the classification labels of all candidate events in the network.
  • the first analysis platform 10 and the second analysis platform 30 can obtain the classification labels of some or all of the candidate events (or some or all of the events that have occurred) of the network devices in the network connected to them by interacting with the management platform 50 respectively.
  • the management platform 50 may locally generate classification labels for some or all of the candidate events in the network. In other embodiments, the management platform 50 may obtain the classification labels of the candidate events in the network managed by the one or more analysis platforms through information interaction with the one or more analysis platforms to which the management platform 50 is connected. These categorical labels can be provided to other analytics platforms. In other embodiments, the classification labels of some or all of the candidate events in the network stored in the management platform 50 may be input by the user. This embodiment of the present application does not limit this.
  • the network system 1 provided in this embodiment of the present application may further include one or more other analysis platforms, and each analysis platform is used to manage network devices in a network.
  • the management platform 50 uniformly manages the classification labels of the candidate events in the entire network, so that each analysis platform does not need to locally generate the classification labels of the candidate events, thus helping to save the computing resources of each analysis platform .
  • it helps to avoid (or try to avoid) "different analysis platforms have different performances, and/or different analysis platforms use different methods to generate classification labels of candidate events" and other factors.
  • the determined classification labels of the same candidate event are different, resulting in the problem of low overall performance".
  • the functions of the second analysis platform 30 may be integrated into one or more network devices 60 of the second network 40 .
  • the functions of one analysis platform may be integrated into one or more network devices 60 of other networks, for example, the functions of the first analysis platform 10 may be integrated into one or more networks of the second analysis platform 30 device 60.
  • management platform 50 can be implemented by one or more computer devices independent of each analysis platform, or can be integrated in one or more analysis platforms, or can be integrated in one or more network devices .
  • the above-mentioned first analysis platform 10, second analysis platform 30 and management platform 50 can all be implemented by one or more computer devices.
  • the above-mentioned network device 60 can also be implemented by a computer device.
  • FIG. 3 it is a schematic diagram of a hardware structure of a computer device 30 applicable to the embodiment of the present application.
  • a computer device 30 includes a processor 301 , a memory 302 , an input-output device 303 , and a bus 304 .
  • the processor 301 , the memory 302 and the input/output device 303 may be connected through a bus 304 .
  • the processor 301 is the control center of the computer device 30, and can be a general-purpose CPU or other general-purpose processors. Wherein, the general-purpose processor may be a microprocessor or any conventional processor or the like.
  • processor 301 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 3 .
  • the memory 302 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM) or other type of static storage device that can store information and instructions
  • ROM read-only memory
  • RAM random access memory
  • a dynamic storage device that can also be an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium, or other magnetic storage device, or can be used to carry or store instructions or data structures in the form of desired program code and any other medium that can be accessed by a computer, but is not limited thereto.
  • EEPROM electrically erasable programmable read-only memory
  • magnetic disk storage medium or other magnetic storage device, or can be used to carry or store instructions or data structures in the form of desired program code and any other medium that can be accessed by a computer, but is not limited thereto.
  • the memory 301 may exist independently of the processor 301 .
  • the memory 302 may be connected to the processor 301 through a bus 304 for storing data, instructions or program codes.
  • the processor 301 calls and executes the instructions or program codes stored in the memory 302, the event classification method provided by the embodiment of the present application can be implemented.
  • the memory 302 may also be integrated with the processor 301 .
  • the input-output device 303 can be used for inputting classification labels of candidate events, and the like.
  • the input and output device 303 may be an operation panel or a touch screen, or any other device capable of inputting parameter information, such as a communication interface, which is not limited in the embodiment of the present application.
  • the communication interface may include a receiving unit and a sending unit.
  • the bus 304 can be an industry standard architecture (industry standard architecture, ISA) bus, a peripheral component interconnect (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus or the like.
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in FIG. 3, but it does not mean that there is only one bus or one type of bus.
  • FIG. 3 does not constitute a limitation on the computer device 30.
  • the computer device 30 may include more or less components than those shown, or Combining certain components, or different component arrangements.
  • FIG. 4 it is a schematic flowchart of an event classification method provided by an embodiment of the present application.
  • the method shown in Figure 4 includes the following steps:
  • the management platform acquires the correspondence between the identifiers of multiple candidate events of multiple network devices (eg, all network devices) in the network system and the classification labels of the multiple candidate events.
  • This embodiment of the present application does not limit how the management platform acquires the corresponding relationship in S101.
  • S101 This embodiment of the present application does not limit how the management platform acquires the corresponding relationship in S101.
  • the management platform obtains the corresponding relationship in S101 in combination with the classification model. Specifically, it can include the following steps 11-14:
  • Step 11 The management platform obtains product manuals of all types of network devices in the network.
  • the product manual of one type of network device includes explanatory documents for describing the candidate events of the type of network device.
  • a candidate event corresponds to a description document, and the description document is used to describe the candidate event.
  • the description document of the candidate event may include: the name of the candidate event, message, description, and other information (such as detailed information of parameters, reasons for the occurrence of the candidate event, etc.).
  • the information refers to the detailed information of the candidate event, including: the name of the candidate event, the meaning description of the candidate event, and the parameters of the candidate event (such as information such as the name of the device where the candidate event occurs).
  • Description refers to the meaning description of the candidate event.
  • FIG. 5 it is a schematic diagram of a description document of a candidate event provided by an embodiment of the present application.
  • the documentation for the event “linkdown_active” is illustrated in FIG. 5 .
  • “information” includes: interface state change (parameters of the event “linkdown_active", such as the name of the device where the event occurs, etc.).
  • the detailed parameters herein may include parameters described in the parameters section.
  • “Description” includes: interface state change.
  • “Other information” includes: detailed information of the parameters of the candidate event (such as parameter names and parameter meanings, etc.) and the reasons for the occurrence of the candidate event (possible causes).
  • Step 12 The management platform uses natural language processing technology to extract keywords in the description documents included in some product manuals. Optionally, the management platform extracts keywords from the "Information” part and the "Description” part of the description document.
  • Keywords are words used to characterize candidate events, including words or phrases. Keywords may be extracted according to parts of speech (such as nouns, verbs, etc.), frequency-related algorithms (such as TF-IDF, PageRank), etc., and other technologies may also be used, which are not limited in this embodiment of the present application.
  • the keywords may be predefined, eg, predefined based on expert experience.
  • Step 13 The management platform obtains a training set based on the keywords obtained in step 12.
  • the management platform outputs the keywords obtained in step 12, and the user uses the extracted keywords as features to mark the training set.
  • the user labels the training set based on experience.
  • the technical solution provided by this example can be referred to as manual training set labeling.
  • the management platform uses the extracted keywords as features to mark the training set.
  • the technical solution provided by this example can be referred to as automatic training set labeling.
  • the training set is obtained by combining the above-mentioned methods of manually labeling the training set and automatically labeling the training set.
  • the training set can be understood as: obtaining the training set based on the keywords.
  • the training set includes multiple samples, and a sample can contain features and labels.
  • the management platform can use the keywords "interface, status, changes" extracted from the linkdown_active event as a feature, mark the linkdown_active label as down (that is, it has a serious impact on the network), and generate a sample (including features and labels) ), and multiple samples constitute a training set.
  • Step 14 The management platform trains the samples in the training set to obtain a classification model.
  • the classification model is used to characterize the correspondence between the keywords of the candidate events and the classification labels of the candidate events.
  • the input of the classification model includes the keywords of the candidate events, and the output of the classification model includes the classification labels of the candidate events.
  • the management platform may use a supervised algorithm such as a neural network to train the classification model, of course, it is not limited to this.
  • Step 15 The management platform inputs the keywords of each candidate event in another part of the product manual that is not involved in the execution of Step 12 into the classification model, and obtains the classification label of the candidate event.
  • the management platform selects the description documents of the 100 candidate events 20 documentation in .
  • the keywords in the 20 explanatory documents are extracted by natural language processing technology, and the extracted keywords are used as features, and these keywords are manually marked to obtain a training set.
  • the management platform trains the samples in the training set to obtain a classification model.
  • the keyword of any candidate event in the remaining 80 description documents is input into the classification model, and the classification label of the candidate event is obtained. So far, the management platform has obtained the classification labels of all candidate events of all types of devices in the network.
  • the management platform obtains keywords in the description documents of all candidate events included in all product manuals of all types of network devices in the network, then execute the step After 13 (that is, labeling the training set), the management platform can obtain the classification labels of all candidate events of all types of network devices in the network.
  • the management platform may not perform steps 14 and 15; or, in this case, the management platform may perform step 14 to obtain the classification model.
  • the classification model may also be used to obtain classification labels of candidate events of the network device when the type of the network device in the network system is updated. For example, when a network device type is added, the management platform can learn the classification label of the candidate event corresponding to the device of the new type through the event information of the product manual of the device of the new type.
  • Method 2 The management platform obtains the corresponding relationship in S101 in combination with the knowledge graph. Specifically, it can include the following steps 21-24:
  • Steps 21-23 You can refer to the above steps 11-13.
  • Step 24 The management platform obtains the knowledge graph based on the training set in Step 23.
  • each keyword and classification label in the training set are regarded as an entity, and the entities representing the keywords are connected in sequence, and the last entity representing the keyword is connected Connect with entities representing the classification labels in this sample. So far, a part of the content of the knowledge graph is obtained, which is composed of the root node to the leaf node, wherein the root node is the entity of the first keyword, and the leaf node is the entity of the classification label. There may be no intermediate node between the root node and the leaf node, or there may be one or more intermediate nodes, and the intermediate nodes are entities of other keywords.
  • the entities representing the keywords in the existing knowledge graph can be reused. If the keywords in the sample do not belong to the existing knowledge graph, an entity representing the keyword of the sample and an entity representing the classification label can be added. For the newly added entity representing the keyword of the sample and the entity representing the classification label, if it shares with the existing knowledge graph from the root node to an intermediate node, or from an intermediate node to a leaf node, then This part of the shared content can be merged to simplify the structure of the knowledge graph.
  • the management platform can obtain the knowledge graph based on all the samples in the training set.
  • the keywords of candidate event 1 are keywords 1-3
  • the keywords of candidate event 2 are keywords 1, 4, and 5
  • the keywords of candidate event 3 are the keys Words 2, 4, 5,
  • the keywords of candidate event 4 are keywords 2, 5, and 6.
  • the classification labels of candidate events 1-4 are UP, UP, UP, and DOWN in sequence.
  • a schematic structural diagram of a knowledge graph provided by an embodiment of the present application may be as shown in FIG. 6 .
  • candidate event 1 and candidate event 2 share a root node, and specifically share an entity representing keyword 1 .
  • the candidate event 2 and the candidate event 3 share the intermediate node to the leaf node, and specifically share the entity representing the keyword 4 to the entity representing the classification label.
  • Candidate event 3 and candidate event 4 share the root node, and specifically share the entity representing keyword 2 .
  • Step 24 The management platform inputs the keywords of each candidate event in another part of the product manual that is not involved in the execution of Step 22 into the knowledge graph, and obtains the classification label of the candidate event.
  • the keywords of the linkdown_active event are keywords 2, 5, and 6, the category label of the linkdown_active event is DOWN.
  • step 24 if the keyword of any candidate event in another part of the product manual that does not participate in the execution of step 22 is input into the knowledge graph, and the classification label of the candidate event is not found, then the manual annotation is used.
  • the classification label of the candidate event is marked in the manner until the management platform obtains the keywords of each candidate event in another part of the product manual that does not participate in the execution of step 22 .
  • the management platform may store the classification label corresponding to each candidate event. As shown in Table 4, a correspondence relationship between an identifier of a candidate event and a classification label is provided in this embodiment of the present application.
  • the embodiment of the present application does not limit the specific storage manner of the correspondence between the type identifier of the network device, the identifier of the candidate event, and the classification label of the candidate event.
  • the separate existences described in Table 3 and Table 4 can be used as an example, or they can be combined into one table for storage. Of course, it can also be stored in non-tabular form.
  • S102 Perform information exchange between the first analysis platform and the management platform to obtain the identifiers of the candidate events in the first network and the correspondence between the classification labels of the candidate events in the first network.
  • Manner 1 The management platform sends the classification labels of some or all of the candidate events corresponding to the types of some or all of the network devices in the first network to the first analysis platform.
  • the management platform can combine the types of network devices managed by the first analysis platform, the correspondence between the identifiers of the types of network devices and the identifiers of candidate events (as shown in Table 3), and the identifiers of candidate events and candidate events. For the correspondence between the classification labels of the events (as shown in Table 4), the classification labels of some or all of the candidate events corresponding to the types of some or all of the network devices in the first network are obtained.
  • Manner 1 adopts the mode that the management platform actively pushes to the analysis platform, so that the first analysis platform obtains the classification labels of the candidate events in the first network. This helps to save signaling overhead.
  • the first analysis platform sends a request message to the management platform, where the request message includes an identifier of the first type, and the request message is used to request a classification label of the candidate event corresponding to the identifier of the first type.
  • the management platform sends the classification labels of some or all of the candidate events to the first analysis platform based on the request message.
  • the first type is a type of network device managed by the first analytics platform.
  • the management platform can combine the correspondence between the identifier of the network device type and the identifier of the candidate event (as shown in Table 3), and the correspondence between the identifier of the candidate event and the classification label of the candidate event (as shown in Table 3). 4), to obtain the classification labels of some or all of the candidate events corresponding to the first type of identifiers in the first network.
  • the second method adopts the method of actively requesting the analysis platform, so that the first analysis platform obtains the classification labels of the candidate events in the first network.
  • the first analysis platform can request the management platform for the classification label of the specific candidate event based on its own requirements, which is more flexible.
  • the management platform and the first analysis platform can adopt the combination of the first and second methods.
  • the management platform may push the obtained classification labels of the candidate events in the first network to the first analysis platform in the manner of the above-mentioned method 1.
  • the first analysis platform may obtain the classification label of the specific candidate event by actively requesting.
  • the first analysis platform may report to the first The analysis platform actively requests the classification label of the candidate event corresponding to the type of the newly added network device.
  • the first analysis platform may store the acquired correspondence.
  • the embodiment of the present application does not limit the specific storage form.
  • S103 The first network device in the first network reports the identifier of the event to be classified to the first analysis platform.
  • the first network device may be any network device in the first network.
  • the event to be classified may be any candidate event of the first network device, or any event that has occurred.
  • the event to be classified may specifically be an alarm event or a log event.
  • the first network device in the first network reports the identifier of the event to be classified of the first network device to the first analysis platform when it detects that a certain event occurs in itself.
  • S103 is only an example for the first analysis platform to obtain the identifier of the event to be classified, and does not limit the specific implementation of the first analysis platform to obtain the identifier of the event to be classified provided in the embodiment of the present application.
  • the first analysis platform obtains, based on the identifiers of the candidate events in the first network and the correspondence between the classification labels of the candidate events in the first network, the classification labels corresponding to the identifiers of the events to be classified, and assigns the classification labels to the identifiers of the events to be classified. label as the target classification label.
  • the first analysis platform has obtained the classification label of the event to be classified in the first network device.
  • the classification labels of any candidate event or occurrence event in the network managed by itself can be obtained in the manner of S103-S104, which will not be repeated here.
  • the event classification method provided by the embodiment of the present application is a method for automatically classifying events.
  • the first analysis platform can determine the severity of the impact of the event on the network system based on the determined classification label of the event, so as to determine the severity of the impact of the event on the network system.
  • some events that have no impact on the network system can be filtered out during the analysis of fault discovery and fault location, thereby saving processing overhead.
  • the first analysis platform can help in network fault discovery and fault differentiation, or assist in locating the root cause of the fault.
  • the classification label of an event is not limited to the severity of the impact of the event on the network system.
  • the classification label of an event can be used to characterize the content/nature of the event, or The object the event is for, and so on. This also helps to determine the health of the network system, help in network fault discovery and fault differentiation, or assist in locating the root cause of faults.
  • the event classification apparatus (such as the first analysis platform or the management platform) may be divided into functional modules according to the foregoing method examples.
  • each functional module may be divided into each function, or two or more may be divided into two or more functional modules.
  • the functions are integrated in a processing module.
  • the above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules. It should be noted that, the division of modules in the embodiments of the present application is schematic, and is only a logical function division, and there may be other division manners in actual implementation.
  • FIG. 7 it is a schematic structural diagram of an analysis platform 70 according to an embodiment of the present application.
  • the analysis platform 70 may be used to implement the functions of the first analysis platform provided above.
  • the analysis platform 70 may be used to perform the steps performed by the first analysis platform in the above event classification method, for example, to perform the steps performed by the first analysis platform in FIG. 4 .
  • the analysis platform 70 may include an acquisition unit 701 and a determination unit 702 .
  • the obtaining unit 701 is configured to obtain the corresponding relationship between the identifiers of the multiple events and the classification labels of the multiple events; and obtain the identifiers of the events to be classified that occur in the network.
  • the determining unit 702 is configured to determine a target classification label corresponding to the identifier of the event to be classified based on the identifier of the event to be classified and the corresponding relationship. For example, in conjunction with FIG. 4 , the determining unit 702 may be configured to perform S104.
  • the target classification label is used to represent at least one of the following: the severity of the impact of the to-be-classified event on the network; the nature of the to-be-classified event; or the object targeted by the to-be-classified event.
  • the analysis platform 70 further includes: a receiving unit 703, configured to receive the above-mentioned correspondence relationship receiving unit 703 sent by the management platform for managing the analysis platform 70, and may be configured to perform the receiving step corresponding to S103.
  • a receiving unit 703 configured to receive the above-mentioned correspondence relationship receiving unit 703 sent by the management platform for managing the analysis platform 70, and may be configured to perform the receiving step corresponding to S103.
  • the analysis platform 70 is configured to manage multiple network devices, the multiple network devices include network devices of the first type, and the analysis platform further includes: a sending unit 704, configured to send a request message to the management platform, the request message A first type of identification is included.
  • the request message is used to request a classification label of an event corresponding to the first type of identification, wherein the event corresponding to the first type of identification includes an event to be classified.
  • the receiving unit 703 is specifically configured to: receive the correspondence between the identifier of the event corresponding to the identifier of the first type and the classification label of the event corresponding to the identifier of the first type sent by the management platform.
  • the network devices of the first type are network devices with the same version number; or, the network devices of the first type are network devices with the same version number and the same model.
  • the functions of the sending unit 704 and the receiving unit 703 in the analysis platform 70 can be implemented by the input and output device 303 in FIG. 3
  • the functions of the acquiring unit 701 and the determining unit 702 can be implemented by the processor in FIG. 3 301 executes the program code implementation in memory 302 in FIG. 3 .
  • FIG. 8 it is a schematic structural diagram of a management platform 80 according to an embodiment of the present application.
  • the management platform 80 may be used to implement the functions of the management platform provided above.
  • management platform 80 may be used to perform the steps performed by the management platform in FIG. 4 .
  • the management platform 80 is applied to the network system, the management platform 80 is connected to the analysis platform, and the analysis platform is used to manage a plurality of network devices, and the plurality of network devices include network devices of the first type.
  • the management platform 80 may include an obtaining unit 801 and a sending unit 802 .
  • the obtaining unit 801 is configured to obtain the classification label of the event corresponding to the first type identifier.
  • the sending unit 802 is configured to send the first type of event classification labels corresponding to the identifiers to the analysis platform, where the first type of event classification labels corresponding to the identifiers are used for the analysis platform to classify events to be classified occurring in the network.
  • the obtaining unit 801 may be configured to execute S101, and the sending unit 802 may be configured to execute the sending action performed by the management platform in S102.
  • the management platform 80 further includes: a receiving unit 803, configured to receive a request message sent by the analysis platform, where the request message includes a first type identifier, and the request message is used to request a classification label of an event corresponding to the first type identifier.
  • a receiving unit 803 configured to receive a request message sent by the analysis platform, where the request message includes a first type identifier, and the request message is used to request a classification label of an event corresponding to the first type identifier.
  • the event corresponding to the identifier of the first type includes a first event
  • the classification label of the first event is used to represent at least one of the following: the severity of the impact of the first event on the network; the nature of the first event; or , the object targeted by the first event.
  • the obtaining unit 801 is further configured to: obtain a product manual of the network device of the first type; wherein the product manual of the network device of the first type includes an explanatory document for describing the events of the network device of the first type. Based on the description document and the first information for describing the event of the network device of the first type, a classification label of the event of the network device of the first type is obtained.
  • the first information includes a classification model or a knowledge graph, and the first information is used to represent the correspondence between the keywords of the event and the classification labels of the event.
  • the classification model is trained based on description documents included in product manuals of multiple types of network devices.
  • the knowledge graph is obtained based on description documents included in product manuals of multiple types of network devices.
  • the functions of the sending unit 802 and the receiving unit 803 in the management platform 80 can be implemented by the input/output device 303 in FIG. 3 , and the functions of the acquiring unit 801 can be executed by the processor 301 in FIG. 3 .
  • the program code in memory 302 is implemented in .
  • the chip system 140 includes at least one processor and at least one interface circuit.
  • the processor may be the processor 141 shown in the solid line box in FIG. 9 (or the processor 141 shown in the dotted line box)
  • the one interface circuit may be the interface circuit 142 shown in the solid line box in FIG. 9 (or the interface circuit 142 shown in the dotted line box).
  • the two processors include the processor 141 shown in the solid line box and the processor 141 shown in the dotted line box in FIG. 9
  • the two interfaces The circuit includes the interface circuit 142 shown in the solid line box and the interface circuit 142 shown in the dashed line box in FIG. 9 . This is not limited.
  • the processor 141 and the interface circuit 142 may be interconnected by wires.
  • the interface circuit 142 may be used to receive signals (eg, client terminals, etc.).
  • the interface circuit 142 may be used to send signals to other devices (eg, the processor 141).
  • the interface circuit 142 may read the instructions stored in the memory and send the instructions to the processor 141 .
  • the analysis platform or the management platform can be caused to perform the various steps in the above-mentioned embodiments.
  • the chip system 140 may also include other discrete devices, which are not specifically limited in this embodiment of the present application.
  • Another embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on the analysis platform or the management platform, the analysis platform or the management platform executes the foregoing method embodiments Each step performed by the analysis platform or the management platform in the shown method flow.
  • the disclosed methods may be implemented as computer program instructions encoded in a machine-readable format on a computer-readable storage medium or on other non-transitory media or articles of manufacture.
  • FIG. 10 schematically shows a conceptual partial view of a computer program product provided by an embodiment of the present application, where the computer program product includes a computer program for executing a computer process on a computing device.
  • the computer program product is provided using the signal bearing medium 150 .
  • the signal bearing medium 150 may include one or more program instructions that, when executed by one or more processors, may provide the functions, or portions thereof, described above with respect to FIG. 4 .
  • reference to one or more of the features of S101-S104 in FIG. 4 may be undertaken by one or more instructions associated with the signal bearing medium 150.
  • the program instructions in Figure 10 also describe example instructions.
  • the signal bearing medium 150 may include a computer readable medium 151 such as, but not limited to, a hard drive, a compact disc (CD), a digital video disc (DVD), a digital tape, a memory, a read only memory (read only memory) -only memory, ROM) or random access memory (RAM), etc.
  • a computer readable medium 151 such as, but not limited to, a hard drive, a compact disc (CD), a digital video disc (DVD), a digital tape, a memory, a read only memory (read only memory) -only memory, ROM) or random access memory (RAM), etc.
  • the signal bearing medium 150 may include a computer recordable medium 152 such as, but not limited to, memory, read/write (R/W) CDs, R/W DVDs, and the like.
  • a computer recordable medium 152 such as, but not limited to, memory, read/write (R/W) CDs, R/W DVDs, and the like.
  • signal bearing medium 150 may include communication medium 153 such as, but not limited to, digital and/or analog communication media (eg, fiber optic cables, waveguides, wired communication links, wireless communication links, etc.).
  • communication medium 153 such as, but not limited to, digital and/or analog communication media (eg, fiber optic cables, waveguides, wired communication links, wireless communication links, etc.).
  • Signal bearing medium 150 may be conveyed by a wireless form of communication medium 153 (eg, a wireless communication medium that conforms to the IEEE 1502.11 standard or other transmission protocol).
  • the one or more program instructions may be, for example, computer-executable instructions or logic-implemented instructions.
  • an analysis platform or management platform such as described with respect to FIG. 4 may be configured, in response to one or more program instructions via computer readable medium 151 , computer recordable medium 152 , and/or communication medium 153 , , which provides various operations, functions, or actions.
  • the computer program product includes one or more computer instructions.
  • the processes or functions according to the embodiments of the present application are generated, in whole or in part, on the computer and when the computer executes the instructions.
  • the computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g.
  • coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg infrared, wireless, microwave, etc.) means to transmit to another website site, computer, server or data center.
  • Computer-readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc., that can be integrated with the media.
  • Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the technical field of communications. Disclosed are a method and apparatus for event categorization capable of realizing automatic categorization of events, improving categorization efficiency, and enhancing expandability. The method for event categorization comprises: acquiring correspondence relationships between identifiers of multiple candidate events and category labels of the multiple candidate events; acquiring an identifier of an event occurring in a network and requiring categorization; and determining a target category label corresponding to the identifier of the event on the basis of the identifier of the event and the correspondence relationships. The present technical solution can be used to provide assistance in scenarios such as determination of the level of health of a network system, discovery and classification of a network fault, and locating of a root cause of a fault, thereby improving the efficiency of determining the level of health of a network system, discovering and classifying a network fault, and locating a root cause of a fault in corresponding scenarios.

Description

事件分类方法和装置Event classification method and device
本申请要求于2020年09月07日提交的申请号为202010930653.5、申请名称为“事件分类方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202010930653.5 and the application name "Event Classification Method and Device" filed on September 07, 2020, the entire contents of which are incorporated into this application by reference.
技术领域technical field
本申请涉及通信技术领域,尤其涉及事件分类方法和装置。The present application relates to the field of communication technologies, and in particular, to an event classification method and apparatus.
背景技术Background technique
网络故障会降低网络***的健康度,从而影响正常业务的传输。例如,在数据中心网络(data center network,DCN)中,网络故障可以包括地址解析协议(address resolution protocol,ARP)超限、设备重启、路由器身份标识(routerid)冲突等故障。A network failure will reduce the health of the network system, thereby affecting the transmission of normal services. For example, in a data center network (DCN), network failures may include address resolution protocol (ARP) overrun, device restart, and router identifier (routerid) conflicts.
目前,网络故障对网络***的健康度的影响、网络故障发现、故障定位等,往往通过人工发现,这依赖于维护工程师的经验和技能,并且效率较低,可扩展性差。At present, the impact of network faults on the health of network systems, network fault discovery, and fault location are often discovered manually, which depend on the experience and skills of maintenance engineers, and have low efficiency and poor scalability.
发明内容SUMMARY OF THE INVENTION
本申请提供了一种事件分类方法和装置,能够实现对事件的自动分类,从而提高分类效率,增强可扩展性。The present application provides an event classification method and device, which can realize automatic classification of events, thereby improving classification efficiency and enhancing scalability.
为达上述目的,本申请提供如下技术方案:To achieve the above purpose, the application provides the following technical solutions:
第一方面,本申请提供一种事件分类方法,应用于分析平台,该方法包括:获取多个事件的标识与该多个事件的分类标签的对应关系。获取网络中发生的待分类事件的标识。基于待分类事件的标识和该对应关系,确定与待分类事件的标识对应的目标分类标签。其中,该对应关系可以是分析平台预存的,也可以是分析平台实时向其他平台。In a first aspect, the present application provides an event classification method, which is applied to an analysis platform. The method includes: acquiring a correspondence between identifiers of multiple events and classification labels of the multiple events. Get the identifier of the event to be classified that occurred in the network. Based on the identifier of the event to be classified and the corresponding relationship, a target classification label corresponding to the identifier of the event to be classified is determined. The corresponding relationship may be pre-stored by the analysis platform, or may be communicated to other platforms in real time from the analysis platform.
本技术方案中,基于事件的标识与事件的分类标签之间的对应关系,能够快速确定待分类事件的分类标签,从而实现对事件的自动分类。相比于人工方式确定,本技术方案有助于提高分类效率,增强可扩展性。本技术方案可以应用于辅助确定网络***的健康度、帮助网络故障发现及故障区分,以及辅助故障根因定位等场景,从而提高相应场景下确定网络***的健康度、执行网络故障发现及故障区分、执行故障根因定位的效率。In this technical solution, based on the corresponding relationship between the identifier of the event and the classification label of the event, the classification label of the event to be classified can be quickly determined, thereby realizing the automatic classification of the event. Compared with manual determination, the technical solution helps to improve classification efficiency and enhance scalability. This technical solution can be applied to scenarios such as assisting in determining the health of a network system, assisting in network fault discovery and fault differentiation, and assisting in locating the root cause of faults, thereby improving the determination of the health of a network system, and performing network fault discovery and fault differentiation in corresponding scenarios. , The efficiency of performing fault root cause location.
在一种可能的设计中,目标分类标签用于表征以下至少一种:待分类事件对该网络的影响的严重程度;待分类事件的性质;或者,待分类事件所针对的对象。当然具体实现时不限于此。In a possible design, the target classification label is used to represent at least one of the following: the severity of the impact of the to-be-classified event on the network; the nature of the to-be-classified event; or the object targeted by the to-be-classified event. Of course, the specific implementation is not limited to this.
在一种可能的设计中,获取多个事件的标识与该多个事件的分类标签的对应关系,包括:接收用于管理分析平台的管理平台发送的上述对应关系。In a possible design, acquiring the correspondence between the identifiers of the multiple events and the classification labels of the multiple events includes: receiving the foregoing correspondence sent by the management platform for managing the analysis platform.
该技术方案中,由管理平台对整个网络***中的事件的分类标签进行统一管理,这样,各分析平台不需要本地生成事件的分类标签,因此有助于节省各分析平台的计算资源。另外,有助于避免(或尽量避免)因“不同分析平台的性能不同,和/或不同分析平台所使用的生成事件的分类标签的方法不同”等因素,而导致的“不同分析平台所确定的同一事件的分类标签不同,从而造成的整体性能不高”的问题。In this technical solution, the management platform uniformly manages the classification labels of events in the entire network system, so that each analysis platform does not need to generate event classification labels locally, thus helping to save the computing resources of each analysis platform. In addition, it helps to avoid (or try to avoid) the "determination of The classification labels of the same event are different, resulting in the problem of low overall performance".
在一种可能的设计中,分析平台用于管理多个网络设备,该多个网络设备包括第 一类型的网络设备,在接收用于管理分析平台的管理平台发送的上述对应关系之前,该方法还包括:向管理平台发送请求消息。该请求消息包括第一类型的标识,该请求消息用于请求第一类型的标识对应的事件的分类标签。该情况下,接收用于管理分析平台的管理平台发送的上述对应关系,包括:接收管理平台发送的第一类型的标识对应的事件的标识与第一类型的标识对应的事件的分类标签之间的对应关系。In a possible design, the analysis platform is used to manage multiple network devices, and the multiple network devices include network devices of the first type. Before receiving the above-mentioned correspondence sent by the management platform for managing the analysis platform, the method It also includes: sending a request message to the management platform. The request message includes an identifier of the first type, and the request message is used to request a classification label of the event corresponding to the identifier of the first type. In this case, receiving the above-mentioned correspondence sent by the management platform for managing the analysis platform includes: receiving the difference between the identifier of the event corresponding to the first type identifier sent by the management platform and the classification label of the event corresponding to the first type identifier corresponding relationship.
可以理解的是,如果待分类事件是第一类型的网络设备发生的事件,则第一类型的标识对应的事件包括待分类事件。It can be understood that, if the event to be classified is an event that occurs in a network device of the first type, the event corresponding to the identifier of the first type includes the event to be classified.
该技术方案中,分析平台采用主动请求的方式,获取第一类型的网络设备的事件的分类标签。该方式下,分析平台可以基于自身需求向管理平台请求特定事件的分类标签,因此灵活性更高。当然具体实现时不限于此。例如,管理平台可以采用主动推送的方式向分析平台推送第一类型的网络设备的事件的分类标签。In this technical solution, the analysis platform obtains the classification labels of the events of the network devices of the first type by actively requesting. In this way, the analysis platform can request the classification label of a specific event from the management platform based on its own needs, so the flexibility is higher. Of course, the specific implementation is not limited to this. For example, the management platform may push the classification labels of the events of the network device of the first type to the analysis platform in an active push manner.
在一种可能的设计中,第一类型的网络设备是具有同一版本号的网络设备。In one possible design, the first type of network device is a network device with the same version number.
在一种可能的设计中,第一类型的网络设备是具有同一版本号和同一型号的网络设备。In one possible design, the first type of network device is a network device with the same version number and model.
第二方面,本申请提供了一种事件分类方法,应用于管理平台,管理平台连接分析平台,分析平台用于管理多个网络设备,该多个网络设备包括第一类型的网络设备。该方法包括:获取第一类型的标识对应的事件的分类标签;向分析平台发送第一类型的标识对应的事件的分类标签,第一类型的标识对应的事件的分类标签用于分析平台对网络中发生的待分类事件进行事件。In a second aspect, the present application provides an event classification method, which is applied to a management platform, the management platform is connected to an analysis platform, and the analysis platform is used to manage multiple network devices, the multiple network devices including the first type of network devices. The method includes: acquiring a classification label of an event corresponding to a first type of identification; sending the classification label of the event corresponding to the first type of identification to an analysis platform, and the classification label of the first type of identification of the corresponding event is used to analyze the platform's impact on the network The to-be-classified event that occurs in the event.
本技术方案中,管理平台向分析平台发送第一类型的标识对应的事件的分类标签,这样,分析平台可以直接利用该对应关系,确定待分类事件的分类标签,实现对事件的自动分类,这有助于提高分类效率,增强可扩展性。另外,管理平台基于网络设备的类型向分析平台发送第一类型的标识对应的事件的分类标签,这为“当网络***中增加了新类型的网络设备时,管理平台可以向分析平台下发该新的类型的网络设备的事件的分类标签”创造了条件。In this technical solution, the management platform sends the classification label of the event corresponding to the first type of identification to the analysis platform, so that the analysis platform can directly use the corresponding relationship to determine the classification label of the event to be classified, and realize the automatic classification of the event. Helps to improve classification efficiency and enhance scalability. In addition, the management platform sends the classification label of the event corresponding to the first type of identification to the analysis platform based on the type of the network device, which is "When a new type of network device is added to the network system, the management platform can issue the label to the analysis platform. New types of network device event classification labels" created the conditions.
在一种可能的设计中,在获取第一类型的标识对应的事件的分类标签之前,该方法还包括:接收分析平台发送的请求消息。该请求消息包括所述第一类型的标识,该请求消息用于请求第一类型的标识对应的事件的分类标签。该方式下,分析平台可以基于自身需求向管理平台请求特定的事件的分类标签,灵活性更高。In a possible design, before acquiring the classification label of the event corresponding to the first type identifier, the method further includes: receiving a request message sent by the analysis platform. The request message includes the identifier of the first type, and the request message is used to request a classification label of the event corresponding to the identifier of the first type. In this way, the analysis platform can request the classification label of a specific event from the management platform based on its own needs, which is more flexible.
在一种可能的设计中,第一类型的标识对应的事件包括第一事件,第一事件可以是第一类型的标识对应的任意一个事件。第一事件的分类标签用于表征以下至少一种:第一事件对网络***的影响的严重程度;第一事件的性质;或者,第一事件所针对的对象。In a possible design, the event corresponding to the first type of identification includes a first event, and the first event may be any event corresponding to the first type of identification. The classification label of the first event is used to represent at least one of the following: the severity of the impact of the first event on the network system; the nature of the first event; or, the object targeted by the first event.
在一种可能的设计中,该方法还包括:获取第一类型的网络设备的产品手册;其中,第一类型的网络设备的产品手册包括用于描述第一类型的网络设备的事件。基于第一类型的网络设备的说明文档和第一信息,获取第一类型的网络设备的事件的分类标签。其中,第一信息用于表征事件的关键词与事件的分类标签之间的对应关系。可选的,第一信息包括分类模型或知识图谱。该技术方案提供了基于产品手册,获取事件的分类标签的方式。In a possible design, the method further includes: obtaining a product manual of the network device of the first type; wherein the product manual of the network device of the first type includes events for describing the network device of the first type. Based on the description document and the first information of the network device of the first type, a classification label of the event of the network device of the first type is obtained. The first information is used to represent the correspondence between the keywords of the event and the classification labels of the event. Optionally, the first information includes a classification model or a knowledge graph. The technical solution provides a way to obtain event classification labels based on product manuals.
在一种可能的设计中,分类模型是基于多个类型的网络设备的产品手册包括的说明文档训练得到的。In one possible design, the classification model is trained based on documentation included in the product manuals of multiple types of network devices.
在一种可能的设计中,知识图谱是基于多个类型的网络设备的产品手册包括的说明文档获得的。In one possible design, the knowledge graph is obtained based on the documentation included in the product manuals of multiple types of network devices.
第三方面,本申请提供了一种事件分类装置。该事件分类装置可以是上述分析平台。In a third aspect, the present application provides an event classification apparatus. The event classification device may be the above-mentioned analysis platform.
在一种可能的设计方式中,该事件分类装置用于执行上述第一方面提供的任一种方法。本申请可以根据上述第一方面提供的任一种方法,对该事件分类装置进行功能模块的划分。例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。示例性的,本申请可以按照功能将该事件分类划分为获取单元和确定单元等。上述划分的各个功能模块执行的可能的技术方案和有益效果的描述均可以参考上述第一方面或其相应的可能的设计提供的技术方案,此处不再赘述。In a possible design manner, the event classification apparatus is configured to execute any one of the methods provided in the first aspect above. The present application may divide the event classification device into functional modules according to any method provided in the first aspect. For example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. Exemplarily, the present application may classify the event into an acquisition unit, a determination unit, and the like according to functions. For descriptions of possible technical solutions and beneficial effects performed by each of the above-divided functional modules, reference may be made to the technical solutions provided by the first aspect or its corresponding possible designs, which will not be repeated here.
在另一种可能的设计中,该事件分类装置包括:存储器和处理器,存储器和处理器耦合。存储器用于存储计算机指令,处理器用于调用该计算机指令,使得该事件分类装置执行如第一方面及其任一种可能的设计方式提供的任一种方法。In another possible design, the event classification device includes: a memory and a processor, and the memory and the processor are coupled. The memory is used for storing computer instructions, and the processor is used for invoking the computer instructions, so that the event classification apparatus executes any one of the methods provided by the first aspect and any possible design manners thereof.
第四方面,本申请提供了一种事件分类装置。该事件分类装置可以是上述管理平台。In a fourth aspect, the present application provides an event classification apparatus. The event classification device may be the above-mentioned management platform.
在一种可能的设计方式中,该事件分类装置用于执行上述第二方面提供的任一种方法。本申请可以根据上述第二方面提供的任一种方法,对该事件分类装置进行功能模块的划分。例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。示例性的,本申请可以按照功能将该事件分类划分为获取单元和发送单元等。上述划分的各个功能模块执行的可能的技术方案和有益效果的描述均可以参考上述第二方面或其相应的可能的设计提供的技术方案,此处不再赘述。In a possible design manner, the event classification apparatus is configured to execute any one of the methods provided in the second aspect above. The present application may divide the event classification device into functional modules according to any of the methods provided in the second aspect. For example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. Exemplarily, the present application may classify the event into an acquisition unit and a sending unit according to functions. For descriptions of possible technical solutions and beneficial effects performed by each of the above-divided functional modules, reference may be made to the technical solutions provided by the second aspect or its corresponding possible designs, which will not be repeated here.
在另一种可能的设计中,该事件分类装置包括:存储器和处理器,存储器和处理器耦合。存储器用于存储计算机指令,处理器用于调用该计算机指令,使得该事件分类装置执行如第二方面及其任一种可能的设计方式提供的任一种方法。In another possible design, the event classification device includes: a memory and a processor, and the memory and the processor are coupled. The memory is used for storing computer instructions, and the processor is used for invoking the computer instructions, so that the event classification apparatus executes any one of the methods provided by the second aspect and any possible design manners thereof.
第五方面,本申请提供了一种计算机可读存储介质,如计算机非瞬态的可读存储介质。其上储存有计算机程序(或指令),当该计算机程序(或指令)在事件分类装置上运行时,使得该事件分类装置执行上述第一方面中或第二方面中的任一种可能的实现方式提供的任一种方法。In a fifth aspect, the present application provides a computer readable storage medium, such as a computer non-transitory readable storage medium. A computer program (or instruction) is stored thereon, and when the computer program (or instruction) runs on the event classification device, the event classification device is made to perform any possible implementation of the first aspect or the second aspect above any method provided.
第六方面,本申请提供了一种计算机程序产品,当其在事件分类装置上运行时,使得第一方面中或第二方面中的任一种可能的实现方式提供的任一种方法被执行。In a sixth aspect, the present application provides a computer program product that, when running on an event classification device, enables any one of the methods provided in the first aspect or any possible implementation manner of the second aspect to be executed .
第七方面,本申请提供了一种芯片***,包括:处理器,处理器用于从存储器中调用并运行该存储器中存储的计算机程序,执行第一方面中或第二方面中的实现方式提供的任一种方法。In a seventh aspect, the present application provides a chip system, comprising: a processor, where the processor is configured to call and run a computer program stored in the memory from a memory, and execute the implementation provided in the first aspect or the second aspect. either method.
可以理解的是,上述提供的任一种装置、计算机存储介质、计算机程序产品或芯片***等均可以应用于上文所提供的对应的方法,因此,其所能达到的有益效果可参 考对应的方法中的有益效果,此处不再赘述。It can be understood that any device, computer storage medium, computer program product or chip system provided above can be applied to the corresponding method provided above. Therefore, the beneficial effects that can be achieved can refer to the corresponding method. The beneficial effects in the method will not be repeated here.
在本申请中,上述事件分类装置的名字对设备或功能模块本身不构成限定,在实际实现中,这些设备或功能模块可以以其他名称出现。只要各个设备或功能模块的功能和本申请类似,属于本申请权利要求及其等同技术的范围之内。In this application, the names of the above-mentioned event classification apparatuses do not limit the devices or functional modules themselves. In actual implementation, these devices or functional modules may appear in other names. As long as the functions of each device or functional module are similar to those of the present application, they fall within the scope of the claims of the present application and their equivalents.
本申请的这些方面或其他方面在以下的描述中会更加简明易懂。These and other aspects of the present application will be more clearly understood from the following description.
附图说明Description of drawings
图1为本申请实施例提供的一种网络***的架构示意图;FIG. 1 is a schematic diagram of the architecture of a network system provided by an embodiment of the present application;
图2为本申请实施例提供的另一种网络***的架构示意图;FIG. 2 is a schematic diagram of the architecture of another network system provided by an embodiment of the present application;
图3为可适用于本申请实施例的一种计算机设备的硬件结构示意图;3 is a schematic diagram of a hardware structure of a computer device applicable to an embodiment of the present application;
图4为本申请实施例提供的一种事件分类方法的流程示意图;4 is a schematic flowchart of an event classification method provided by an embodiment of the present application;
图5为本申请实施例提供的一种候选事件的说明文档的示意图;5 is a schematic diagram of a description document of a candidate event provided by an embodiment of the present application;
图6为本申请实施例提供的一种知识图谱的结构示意图;FIG. 6 is a schematic structural diagram of a knowledge graph according to an embodiment of the present application;
图7为本申请实施例提供的一种分析平台的结构示意图;7 is a schematic structural diagram of an analysis platform provided by an embodiment of the present application;
图8为本申请实施例提供的一种管理平台的结构示意图;FIG. 8 is a schematic structural diagram of a management platform provided by an embodiment of the present application;
图9为本申请实施例提供的一种芯片***的结构示意图;FIG. 9 is a schematic structural diagram of a chip system provided by an embodiment of the present application;
图10为本申请实施例提供的计算机程序产品的结构示意图。FIG. 10 is a schematic structural diagram of a computer program product provided by an embodiment of the present application.
具体实施方式detailed description
以下,对本申请实施例提供的技术方案中所涉及的部分术语进行解释说明:Below, some terms involved in the technical solutions provided in the embodiments of the present application are explained:
1)、事件1), event
事件,是网络中发生的任何需要提示用户的情况的统称。An event is a general term for any situation in the network that needs to be prompted to the user.
在本申请实施例中,事件可以包括:告警事件和日志事件。当然,具体实现时,不限于此。其中,告警事件是网络***检测到的非预期的状态(例如故障),且需提示用户干预而产生的通知,例如,接口状态改变(如,LinkDown或LinkUp)等。日志事件是记录网络***变化的信息,可以是异常情况或无需用户干预的非异常情况下记录的网络***变化的通知,如内部调试信息等。In this embodiment of the present application, the events may include: alarm events and log events. Of course, the specific implementation is not limited to this. The alarm event is an unexpected state (eg, failure) detected by the network system and a notification generated by prompting the user to intervene, such as an interface state change (eg, LinkDown or LinkUp). Log events are information that records network system changes, which can be notifications of network system changes recorded under abnormal conditions or non-abnormal conditions that do not require user intervention, such as internal debugging information.
2)、事件的分类标签2), the classification label of the event
在一个示例中,事件的分类标签,用于表征该事件对网络***(具体是对发生该事件的网络)影响的严重程度。不同网络设备发生的同一事件对网络***(具体是对发生该事件的网络)影响的严重程度相同。In one example, the classification label of the event is used to characterize the severity of the impact of the event on the network system (specifically, on the network where the event occurs). The same event that occurs on different network devices affects the network system (specifically, the network where the event occurs) with the same severity.
本申请实施例对事件的分类标签的具体实现方式不进行限定。The embodiment of the present application does not limit the specific implementation manner of the classification label of the event.
例如,事件的分类标签可以包括:第1级分类标签、第2级分类标签……第N级分类标签。其中,N是大于等于2的整数,N的取值越大表示该事件对网络***的影响越严重,或者表示该事件对网络***的影响越不严重。For example, the classification labels of the events may include: the first-level classification labels, the second-level classification labels...the Nth-level classification labels. Among them, N is an integer greater than or equal to 2, and the larger the value of N, the more serious the impact of the event on the network system, or the less serious the impact of the event on the network system.
又如,事件的分类标签可以包括:Up、Down、Subhealth。其中,Up表示对网络***无影响或对网络***的影响已恢复,Down表示对网络***影响严重,Subhealth表示亚健康。其中,Subhealth表示对网络***的影响的严重程度介于Up与Down之间。For another example, the category label of the event may include: Up, Down, and Subhealth. Among them, Up means that it has no impact on the network system or the impact on the network system has been restored, Down means that it has a serious impact on the network system, and Subhealth means sub-health. Among them, Subhealth indicates that the severity of the impact on the network system is between Up and Down.
在另一个示例中,事件的分类标签,用于表征该事件的性质。例如,根据事件的性质,将事件分为正常事件(即恢复类事件)和异常事件(即问题事件)。又例如, 进一步地,如果一个事件是异常事件(即问题类事件),则该事件的性质具体可以包括该事件的异常类型,例如,根据事件的性质,将异常事件分为权限问题类事件或超限问题类事件等。例如,恢复类事件可以包括:hwEthernetARPLimitExceed_clear,即接口学习到的地址解析协议(address resolution protocol,ARP)表项数量恢复到阈值以下的事件。权限问题类事件可以包括:hwAdminLoginFailed_active,即管理员登录失败过于频繁的事件。超限问题类事件可以包括:hwIfMonitorInputRateRising_active,即接口输入流带宽利用率超过告警阈值的事件。In another example, a categorical label for an event, used to characterize the nature of the event. For example, according to the nature of the events, events are divided into normal events (ie, recovery-type events) and abnormal events (ie, problem events). For another example, further, if an event is an abnormal event (that is, a problem-type event), the nature of the event may specifically include the abnormal type of the event, for example, according to the nature of the event, the abnormal event is divided into a permission problem-type event or Overrun problem events, etc. For example, the recovery event may include: hwEthernetARPLimitExceed_clear, that is, an event in which the number of address resolution protocol (ARP) entries learned by the interface recovers below the threshold. Permission problem events can include: hwAdminLoginFailed_active, that is, the event that the administrator fails to log in too frequently. The event of overrun problem can include: hwIfMonitorInputRateRising_active, that is, the event that the bandwidth utilization of the input stream of the interface exceeds the alarm threshold.
在又一个示例中,事件的分类标签,用于表征该事件所针对的对象。其中,对象包括网络设备中的实体器件或逻辑功能模块。以对象包括网络设备中的实体器件为例,根据事件所针对的对象,可以将事件分为:接口问题事件、板子问题事件、中央处理单元(central processing unit,CPU)问题事件等。In yet another example, the classification label of the event is used to characterize the object targeted by the event. Among them, the object includes the physical device or logical function module in the network device. Taking the object including the physical device in the network device as an example, according to the object of the event, the event can be divided into: interface problem event, board problem event, central processing unit (CPU) problem event, etc.
需要说明的是,事件的分类标签按照以上哪种或哪些方式进行分类,可以是预定义的,例如基于实际需求预定义。在一个示例中,假设实际需要是为了确定事件对网络***的影响程度,则可以基于该事件对网络***影响的严重程度确定事件的分类标签。事件的分类标签按照以上哪种或哪些方式进行分类在预定义之后是可以更新的。It should be noted that the classification labels of events are classified according to which or which of the above methods, and may be predefined, for example, predefined based on actual requirements. In one example, assuming that the actual need is to determine the degree of impact of the event on the network system, the classification label of the event may be determined based on the severity of the impact of the event on the network system. The classification label of the event can be updated after being pre-defined according to which or which of the above-mentioned ways.
另外,事件的分类标签一共包括哪几种,也可以是预定义的,例如基于专家经验预定义。事件的分类标签在预定义之后是可以更新的。一个事件的分类标签具体是哪种分类标签,也可以是预定义的,如基于专家经验预定义。或者,一个事件的分类标签具体是哪种分类标签,可以是结合专家经验,并基于分类模型或知识图谱确定的,具体实现方式可以参考下文,此处不再赘述。In addition, the types of event classification labels may also be predefined, for example, predefined based on expert experience. The categorical label of an event can be updated after being predefined. The specific classification label of an event may also be predefined, such as predefined based on expert experience. Alternatively, the specific classification label of an event may be determined by combining expert experience and based on a classification model or a knowledge graph. The specific implementation method can refer to the following, which will not be repeated here.
3)、候选事件3), candidate events
为了区分预计的网络设备可能发生的事件和网络设备的已发生事件,本申请实施例中引入了“候选事件”的概念。候选事件是指预计的网络设备可能发生的事件。在网络设备运行的过程中,某一候选事件可能发生,也可能不发生。已发生事件是指网络设备实际发生的事件。已发生事件通常属于候选事件。In order to distinguish an event that is expected to occur on a network device from an event that has occurred on the network device, the embodiment of the present application introduces a concept of a "candidate event". Candidate events are events that are expected to occur on network devices. During the operation of the network device, a candidate event may or may not occur. Occurred events are events that have actually occurred on a network device. Events that have occurred are generally considered candidate events.
4)、知识图谱4), knowledge graph
在本申请实施例中,知识图谱是由多个候选事件的关键词与该多个候选事件的分类标签作为实体,根据各关键词及分类标签之间的关联关系作为实体间连接关系的语义网络。在一个示例中,该知识图谱可以用于分析平台基于各事件(如告警事件或日志事件)的关键词,获得该事件的分类标签,从而实现对事件的分类。In the embodiment of the present application, the knowledge graph is a semantic network in which the keywords of multiple candidate events and the classification labels of the multiple candidate events are used as entities, and the association relationship between the keywords and the classification labels is used as the connection relationship between entities. . In an example, the knowledge graph can be used to analyze the platform based on the keywords of each event (such as an alarm event or a log event) to obtain a classification label of the event, so as to realize the classification of the event.
5)、网络设备的类型5), the type of network equipment
网络设备的类型标识用于唯一标识网络设备的类型。The type identifier of the network device is used to uniquely identify the type of the network device.
在一个示例中,网络设备的类型标识包括该网络设备的版本号。In one example, the type identification of the network device includes the version number of the network device.
其中,网络设备的一个版本号对应网络设备的一种类型。换句话说,具有同一版本号的网络设备是同一种类型的网络设备,相应的,具有不同版本号的网络设备是不同类型的网络设备。另外,网络设备的一个版本号可以对应网络设备的一种或多种型号。One version number of the network device corresponds to one type of the network device. In other words, network devices with the same version number are network devices of the same type, and correspondingly, network devices with different version numbers are network devices of different types. In addition, one version number of the network device may correspond to one or more models of the network device.
如表1所示,为本申请实施例提供的一种网络设备的类型标识、网络设备的版本号与网络设备的型号之间的对应关系的示例。As shown in Table 1, an example of the correspondence between the type identifier of the network device, the version number of the network device, and the model of the network device provided by the embodiment of the present application is provided.
表1Table 1
Figure PCTCN2021116791-appb-000001
Figure PCTCN2021116791-appb-000001
在另一个示例中,网络设备的类型标识包括该网络设备的版本号和型号。In another example, the type identification of the network device includes the version number and model of the network device.
其中,网络设备的一个型号对应网络设备的一种类型。换句话说,具有同一版本号和同一型号的网络设备是同一种类型的网络设备,相应的,具有不同版本号的网络设备是不同类型的网络设备,并且,具有同一版本号但不同型号的网络设备也是不同类型的网络设备。One model of the network device corresponds to one type of the network device. In other words, network devices with the same version number and model are the same type of network device, correspondingly, network devices with different version numbers are different types of network devices, and network devices with the same version number but different models Devices are also different types of network devices.
如表2所示,为本申请实施例提供的另一种网络设备的类型标识、网络设备的版本号与网络设备的型号之间的对应关系的示例。As shown in Table 2, another example of the correspondence between the type identifier of the network device, the version number of the network device, and the model of the network device provided in this embodiment of the present application.
表2Table 2
网络设备的类型标识Type identification of network device 网络设备的版本号The version number of the network device 网络设备的型号Model of network device
网络设备的类型1Types of Network Devices 1 V200R005C10 V200R005C10 CloudEngine8800CloudEngine8800
网络设备的类型2Type 2 of network equipment V200R005C10V200R005C10 CloudEngine7800CloudEngine7800
网络设备的类型3Type 3 of network equipment V200R005C10V200R005C10 CloudEngine6800CloudEngine6800
网络设备的类型4Types of Network Devices 4 V200R005C10V200R005C10 CloudEngine5800CloudEngine5800
网络设备的类型5Types of Network Devices 5 V200R005C11V200R005C11 ……...
网络设备的类型6Types of Network Devices 6 ……... ……...
需要说明的是,上文中对网络设备的类型的说明仅为示例,其不对本申请实施例所涉及的网络设备的类型构成限定。例如,在具体实现时,可以将交换机作为一种网络设备的类型,将路由器作为另一种网络设备的类型。可以理解的是,网络中可以部署有一种或多种版本号的交换机,和/或部署一种或多种版本号的路由器。It should be noted that the above description of the types of network devices is only an example, which does not constitute a limitation on the types of network devices involved in the embodiments of the present application. For example, in specific implementation, a switch may be used as one type of network device, and a router may be used as another type of network device. It can be understood that, switches with one or more versions and/or routers with one or more versions may be deployed in the network.
另外需要说明的是,一种类型的网络设备可以发生一种或多种候选事件。不同类型的网络设备可以发生相同的候选事件,也可以发生不同的候选事件。在一个示例中,网络设备的类型与候选事件的标识之间的对应关系如表3所示:It should also be noted that one or more candidate events may occur for one type of network device. Different types of network devices may have the same candidate event or different candidate events. In an example, the correspondence between the types of network devices and the identifiers of candidate events is shown in Table 3:
表3table 3
网络设备的类型标识Type identification of network device 候选事件的标识ID of the candidate event
网络设备的类型1Types of Network Devices 1 ADD_NEW_USER_SECURITYADD_NEW_USER_SECURITY
网络设备的类型1Types of Network Devices 1 APP_SPEED_LIMITAPP_SPEED_LIMIT
网络设备的类型1Types of Network Devices 1 STACHG_TODWN STACHG_TODWN
网络设备的类型2Type 2 of network equipment ADD_NEW_USER_SECURITYADD_NEW_USER_SECURITY
对于不同类型的网络设备来说,其所发生的同一候选事件(即标识/名称相同的候选事件)的分类标签相同。例如,表3中网络设备的类型1和网络设备的类型2均对应候选事件“ADD_NEW_USER_SECURITY”,这两种类型的网络设备发生该候选事件的分类标签相同。For different types of network devices, the same candidate event (ie, the candidate event with the same identifier/name) has the same classification label. For example, both type 1 and type 2 of the network device in Table 3 correspond to the candidate event "ADD_NEW_USER_SECURITY", and the two types of network devices have the same classification label for the candidate event.
6)、其他术语6), other terms
在本申请实施例中,“示例性的”或者“例如”等词用于表示作例子、例证或说明。本申请实施例中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。In the embodiments of the present application, words such as "exemplary" or "for example" are used to represent examples, illustrations or illustrations. Any embodiments or designs described in the embodiments of the present application as "exemplary" or "such as" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present the related concepts in a specific manner.
在本申请的实施例中,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。In the embodiments of the present application, the terms "first" and "second" are only used for description purposes, and cannot be understood as indicating or implying relative importance or implying the number of indicated technical features. Thus, a feature defined as "first" or "second" may expressly or implicitly include one or more of that feature.
在本申请的描述中,除非另有说明,“多个”的含义是两个或两个以上。本申请中术语“至少一个”的含义是指一个或多个,本申请中术语“多个”的含义是指两个或两个以上。In the description of this application, unless stated otherwise, "plurality" means two or more. The meaning of the term "at least one" in this application means one or more, and the meaning of the term "plurality" in this application means two or more.
应理解,在本文中对各种所述示例的描述中所使用的术语只是为了描述特定示例,而并非旨在进行限制。如在对各种所述示例的描述和所附权利要求书中所使用的那样,单数形式“一个(“a”,“an”)”和“该”旨在也包括复数形式,除非上下文另外明确地指示。It is to be understood that the terminology used in describing the various described examples herein is for the purpose of describing particular examples and is not intended to be limiting. As used in the description of the various described examples and the appended claims, the singular forms "a", "an")" and "the" are intended to include the plural forms as well, unless the context dictates otherwise. clearly instructed.
还应理解,本文中所使用的术语“和/或”是指并且涵盖相关联的所列出的项目中的一个或多个项目的任何和全部可能的组合。术语“和/或”,是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本申请中的字符“/”,一般表示前后关联对象是一种“或”的关系。It will also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an association relationship that describes an associated object, indicating that there can be three kinds of relationships, for example, A and/or B, which can mean that A exists alone, A and B exist simultaneously, and B exists alone. a situation. In addition, the character "/" in this application generally indicates that the related objects are an "or" relationship.
还应理解,在本申请的各个实施例中,各个过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should also be understood that, in each embodiment of the present application, the size of the sequence number of each process does not mean the sequence of execution, and the execution sequence of each process should be determined by its function and internal logic, and should not be used in the embodiment of the present application. Implementation constitutes any limitation.
应理解,根据A确定B并不意味着仅仅根据A确定B,还可以根据A和/或其它信息确定B。It should be understood that determining B according to A does not mean that B is only determined according to A, and B may also be determined according to A and/or other information.
还应理解,术语“包括”(也称“includes”、“including”、“comprises”和/或“comprising”)当在本说明书中使用时指定存在所陈述的特征、整数、步骤、操作、元素、和/或部件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元素、部件、和/或其分组。It will also be understood that the term "includes" (also referred to as "includes", "including", "comprises" and/or "comprising") when used in this specification designates the presence of stated features, integers, steps, operations, elements , and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groupings thereof.
还应理解,术语“如果”可被解释为意指“当...时”(“when”或“upon”)。It should also be understood that the term "if" may be interpreted to mean "when" or "upon".
应理解,说明书通篇中提到的“一个实施例”、“一实施例”、“一种可能的实现方式”意味着与实施例或实现方式有关的特定特征、结构或特性包括在本申请的至少一个实施例中。因此,在整个说明书各处出现的“在一个实施例中”或“在一实施例中”、“一种可能的实现方式”未必一定指相同的实施例。此外,这些特定的特征、结构或特性可以任意适合的方式结合在一个或多个实施例中。It should be understood that references throughout the specification to "one embodiment," "an embodiment," and "one possible implementation" mean that a particular feature, structure, or characteristic related to the embodiment or implementation is included in the present application at least one embodiment of . Thus, appearances of "in one embodiment" or "in an embodiment" or "one possible implementation" in various places throughout this specification are not necessarily necessarily referring to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
以下,说明本申请实施例提供的网络***的架构。The following describes the architecture of the network system provided by the embodiments of the present application.
如图1所示,为本申请实施例提供的一种网络***1的架构示意图。图1所示的网络***1包括:第一分析平台10和第一网络20。第一网络20包括多个网络设备60。As shown in FIG. 1 , it is a schematic structural diagram of a network system 1 according to an embodiment of the present application. The network system 1 shown in FIG. 1 includes: a first analysis platform 10 and a first network 20 . The first network 20 includes a plurality of network devices 60 .
第一分析平台10与第一网络20中的每个网络设备60直接或间接连接。第一分析平台10可以用于管理第一网络20中的每个网络设备60。可选的,第一分析平台10 存储第一网络20中的部分或全部候选事件(或已发生事件)的分类标签。第一分析平台10所存储的分类标签是可以更新的。可选的,第一分析平台10可以本地生成第一网络20中的候选事件的分类标签,或者从其他平台或设备获取第一网络20中的候选事件的分类标签,或者由用户输入第一网络20中的候选事件的分类标签等。The first analysis platform 10 is directly or indirectly connected to each network device 60 in the first network 20 . The first analysis platform 10 may be used to manage each network device 60 in the first network 20 . Optionally, the first analysis platform 10 stores classification labels of some or all of the candidate events (or events that have occurred) in the first network 20 . The classification labels stored by the first analysis platform 10 can be updated. Optionally, the first analysis platform 10 can locally generate the classification labels of the candidate events in the first network 20, or obtain the classification labels of the candidate events in the first network 20 from other platforms or devices, or input the classification labels of the first network 20 by the user. 20 for the classification labels of candidate events, etc.
第一网络20中的每个网络设备60发生某个事件后均可以向第一分析平台10上报该事件的标识。第一分析平台10可以基于该事件的标识,确定该事件的分类标签。后续,本申请实施例对第一分析平台10所确定的分类标签的应用场景不进行限定,具体可以参考下文。After an event occurs, each network device 60 in the first network 20 can report the identifier of the event to the first analysis platform 10 . The first analysis platform 10 may determine the classification label of the event based on the identification of the event. Subsequently, the embodiment of the present application does not limit the application scenarios of the classification labels determined by the first analysis platform 10, and the details may refer to the following.
第一分析平台10可以通过一个或多个计算机设备实现。The first analysis platform 10 may be implemented by one or more computer devices.
需要说明的是,图1是以第一分析平台10是独立于第一网络20为例进行说明的。在一些实施例中,第一分析平台10的功能可以集成在第一网络20的一个或多个网络设备60上,从而由该一个或多个网络设备60在不改变自身功能的情况下,增加第一分析平台10的部分或全部功能。为了方便理解,下文中均是以第一分析平台10是独立于第一网络20为例进行说明的。It should be noted that, FIG. 1 is described by taking an example that the first analysis platform 10 is independent of the first network 20 . In some embodiments, the functions of the first analysis platform 10 may be integrated on one or more network devices 60 of the first network 20, so that the one or more network devices 60 can increase the function of the first network device 60 without changing its own functions. Part or all of the functionality of the first analysis platform 10 . For ease of understanding, the following descriptions are given by taking the example that the first analysis platform 10 is independent of the first network 20 .
如图2所示,为本申请实施例提供的另一种网络***1的架构示意图。图2所示的网络***1是基于图1进行绘制的。具体的,在图1所示的网络***1的基础之上,图2所示的网络***1还包括:第二分析平台30、第二网络40和管理平台50。其中,第二网络40包括多个网络设备60。As shown in FIG. 2 , it is a schematic structural diagram of another network system 1 according to an embodiment of the present application. The network system 1 shown in FIG. 2 is drawn based on FIG. 1 . Specifically, on the basis of the network system 1 shown in FIG. 1 , the network system 1 shown in FIG. 2 further includes: a second analysis platform 30 , a second network 40 and a management platform 50 . Wherein, the second network 40 includes a plurality of network devices 60 .
第二分析平台30与第二网络40中的每个网络设备60直接或间接连接。第二分析平台30可以用于管理第二网络40中的每个网络设备60。可选的,第二分析平台30可以存储第二网络40中的候选事件的分类标签。第二分析平台30所存储的分类标签是可以更新的。The second analysis platform 30 is directly or indirectly connected to each network device 60 in the second network 40 . The second analysis platform 30 may be used to manage each network device 60 in the second network 40 . Optionally, the second analysis platform 30 may store the classification labels of the candidate events in the second network 40 . The classification labels stored by the second analysis platform 30 can be updated.
管理平台50与第一分析平台10和第二分析平台30分别连接。管理平台50用于存储网络中的所有的候选事件的分类标签。第一分析平台10和第二分析平台30可以分别通过与管理平台50进行信息交互,获取自身连接的网络中的网络设备的部分或全部候选事件(或部分或全部已发生事件)的分类标签。The management platform 50 is connected to the first analysis platform 10 and the second analysis platform 30, respectively. The management platform 50 is used to store the classification labels of all candidate events in the network. The first analysis platform 10 and the second analysis platform 30 can obtain the classification labels of some or all of the candidate events (or some or all of the events that have occurred) of the network devices in the network connected to them by interacting with the management platform 50 respectively.
在一些实施例中,管理平台50可以本地生成网络中的部分或全部候选事件的分类标签。在另一些实施例中,管理平台50可以通过与其所连接的一个或多个分析平台进行信息交互,从而获得该一个或多个分析平台所管理的网络中的候选事件的分类标签。这些分类标签可以提供给其他分析平台。在另一些实施例中,管理平台50中所存储的网络中的部分或全部候选事件的分类标签可以是用户输入的。本申请实施例对此不进行限定。In some embodiments, the management platform 50 may locally generate classification labels for some or all of the candidate events in the network. In other embodiments, the management platform 50 may obtain the classification labels of the candidate events in the network managed by the one or more analysis platforms through information interaction with the one or more analysis platforms to which the management platform 50 is connected. These categorical labels can be provided to other analytics platforms. In other embodiments, the classification labels of some or all of the candidate events in the network stored in the management platform 50 may be input by the user. This embodiment of the present application does not limit this.
可扩展地,本申请实施例提供的网络***1还可以包括其他一个或多个分析平台,每个分析平台用于管理一个网络中的网络设备。Scalable, the network system 1 provided in this embodiment of the present application may further include one or more other analysis platforms, and each analysis platform is used to manage network devices in a network.
该技术方案中,由管理平台50对整个网络中的候选事件的分类标签进行统一管理,这样,可以各分析平台不需要本地生成候选事件的分类标签,因此有助于节省各分析平台的计算资源。另外,有助于避免(或尽量避免)因“不同分析平台的性能不同,和/或不同分析平台所使用的生成候选事件的分类标签的方法不同”等因素,而导致的“不同分析平台所确定的同一候选事件的分类标签不同,从而造成的整体性能不高” 的问题。In this technical solution, the management platform 50 uniformly manages the classification labels of the candidate events in the entire network, so that each analysis platform does not need to locally generate the classification labels of the candidate events, thus helping to save the computing resources of each analysis platform . In addition, it helps to avoid (or try to avoid) "different analysis platforms have different performances, and/or different analysis platforms use different methods to generate classification labels of candidate events" and other factors. The determined classification labels of the same candidate event are different, resulting in the problem of low overall performance".
需要说明的是,与第一分析平台10类似,在一些实施例中,第二分析平台30的功能可以集成在第二网络40的一个或多个网络设备60中。在另一些实施例中,一个分析平台的功能可以集成在其他网络的一个或多个网络设备60中,例如,第一分析平台10的功能可以集成在第二分析平台30的一个或多个网络设备60中。It should be noted that, similar to the first analysis platform 10 , in some embodiments, the functions of the second analysis platform 30 may be integrated into one or more network devices 60 of the second network 40 . In other embodiments, the functions of one analysis platform may be integrated into one or more network devices 60 of other networks, for example, the functions of the first analysis platform 10 may be integrated into one or more networks of the second analysis platform 30 device 60.
另外需要说明的是,管理平台50可以通过独立于各分析平台的一个或多个计算机设备实现,或者可以集成在某一个或多个分析平台中,或者可以集成在某一个或多个网络设备上。In addition, it should be noted that the management platform 50 can be implemented by one or more computer devices independent of each analysis platform, or can be integrated in one or more analysis platforms, or can be integrated in one or more network devices .
由上文中的描述可知,上述第一分析平台10、第二分析平台30和管理平台50均可以通过一个或多个计算机设备实现。另外,上述网络设备60也可以通过计算机设备实现。如图3所示,为可适用于本申请实施例的一种计算机设备30的硬件结构示意图。It can be known from the above description that the above-mentioned first analysis platform 10, second analysis platform 30 and management platform 50 can all be implemented by one or more computer devices. In addition, the above-mentioned network device 60 can also be implemented by a computer device. As shown in FIG. 3 , it is a schematic diagram of a hardware structure of a computer device 30 applicable to the embodiment of the present application.
参考图3,计算机设备30包括处理器301、存储器302、输入输出器件303以及总线304。其中,处理器301、存储器302以及输入输出器件303之间可以通过总线304连接。Referring to FIG. 3 , a computer device 30 includes a processor 301 , a memory 302 , an input-output device 303 , and a bus 304 . The processor 301 , the memory 302 and the input/output device 303 may be connected through a bus 304 .
处理器301是计算机设备30的控制中心,可以是一个通用CPU,也可以是其他通用处理器等。其中,通用处理器可以是微处理器或者是任何常规的处理器等。The processor 301 is the control center of the computer device 30, and can be a general-purpose CPU or other general-purpose processors. Wherein, the general-purpose processor may be a microprocessor or any conventional processor or the like.
作为示例,处理器301可以包括一个或多个CPU,例如图3中所示的CPU 0和CPU 1。As an example, processor 301 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 3 .
存储器302可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。The memory 302 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM) or other type of static storage device that can store information and instructions A dynamic storage device that can also be an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium, or other magnetic storage device, or can be used to carry or store instructions or data structures in the form of desired program code and any other medium that can be accessed by a computer, but is not limited thereto.
一种可能的实现方式中,存储器301可以独立于处理器301存在。存储器302可以通过总线304与处理器301相连接,用于存储数据、指令或者程序代码。处理器301调用并执行存储器302中存储的指令或程序代码时,能够实现本申请实施例提供的事件分类方法。In a possible implementation manner, the memory 301 may exist independently of the processor 301 . The memory 302 may be connected to the processor 301 through a bus 304 for storing data, instructions or program codes. When the processor 301 calls and executes the instructions or program codes stored in the memory 302, the event classification method provided by the embodiment of the present application can be implemented.
另一种可能的实现方式中,存储器302也可以和处理器301集成在一起。In another possible implementation manner, the memory 302 may also be integrated with the processor 301 .
输入输出器件303,例如,可以用于输入候选事件的分类标签等。输入输出器件303可以是操作盘或触摸屏,或者是其他任意能够输入参数信息的器件如通信接口等,本申请实施例不作限定。其中,通信接口可以包括接收单元和发送单元。The input-output device 303, for example, can be used for inputting classification labels of candidate events, and the like. The input and output device 303 may be an operation panel or a touch screen, or any other device capable of inputting parameter information, such as a communication interface, which is not limited in the embodiment of the present application. Wherein, the communication interface may include a receiving unit and a sending unit.
总线304,可以是工业标准体系结构(industry standard architecture,ISA)总线、外部设备互连(peripheral component interconnect,PCI)总线或扩展工业标准体系结构(extended industry standard architecture,EISA)总线等。该总线可以分为地址总线、数据总线、控制总线等。为便于表示,图3中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The bus 304 can be an industry standard architecture (industry standard architecture, ISA) bus, a peripheral component interconnect (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus or the like. The bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in FIG. 3, but it does not mean that there is only one bus or one type of bus.
需要指出的是,图3中示出的结构并不构成对该计算机设备30的限定,除图3所示部件之外,该计算机设备30可以包括比图示更多或更少的部件,或者组合某些部件, 或者不同的部件布置。It should be pointed out that the structure shown in FIG. 3 does not constitute a limitation on the computer device 30. In addition to the components shown in FIG. 3, the computer device 30 may include more or less components than those shown, or Combining certain components, or different component arrangements.
以下,结合附图,说明本申请实施例提供的事件分类方法。Hereinafter, the event classification method provided by the embodiments of the present application will be described with reference to the accompanying drawings.
如图4所示,为本申请实施例提供的一种事件分类方法的流程示意图。图4所示的方法包括以下步骤:As shown in FIG. 4 , it is a schematic flowchart of an event classification method provided by an embodiment of the present application. The method shown in Figure 4 includes the following steps:
S101:管理平台获取网络***中的多个网络设备(如所有网络设备)的多个候选事件的标识和该多个候选事件的分类标签之间的对应关系。S101: The management platform acquires the correspondence between the identifiers of multiple candidate events of multiple network devices (eg, all network devices) in the network system and the classification labels of the multiple candidate events.
本申请实施例对管理平台如何获取S101中的对应关系不进行限定。以下列举几种方式:This embodiment of the present application does not limit how the management platform acquires the corresponding relationship in S101. Here are a few ways:
方式1:管理平台结合分类模型获取S101中的对应关系。具体可以包括以下步骤11-14:Mode 1: The management platform obtains the corresponding relationship in S101 in combination with the classification model. Specifically, it can include the following steps 11-14:
步骤11:管理平台获取网络中的所有类型的网络设备的产品手册。其中,一种类型的网络设备的产品手册包括用于描述该类型的网络设备的候选事件的说明文档。可选的,一个候选事件对应一个说明文档,该说明文档用于描述该候选事件。Step 11: The management platform obtains product manuals of all types of network devices in the network. Wherein, the product manual of one type of network device includes explanatory documents for describing the candidate events of the type of network device. Optionally, a candidate event corresponds to a description document, and the description document is used to describe the candidate event.
候选事件的说明文档可以包括:候选事件的名称、信息(message)、描述(description)和其他信息(如参数的详细信息、发生候选事件的原因等)。其中,信息是指候选事件的详细信息,包含:候选事件名称、候选事件的含义描述,以及候选事件的参数(如发生该候选事件的设备的名称等信息)。描述是指候选事件的含义描述。The description document of the candidate event may include: the name of the candidate event, message, description, and other information (such as detailed information of parameters, reasons for the occurrence of the candidate event, etc.). The information refers to the detailed information of the candidate event, including: the name of the candidate event, the meaning description of the candidate event, and the parameters of the candidate event (such as information such as the name of the device where the candidate event occurs). Description refers to the meaning description of the candidate event.
如图5所示,为本申请实施例提供的一种候选事件的说明文档的示意图。图5中示意出了事件“linkdown_active”的说明文档。在图5中,“信息”包括:接口状态改变(事件“linkdown_active”的参数,如发生该事件的设备的名称等)。在一个示例中,这里的详细参数可以包括参数(parameters)部分所描述的参数。“描述”包括:接口状态改变。“其他信息”包括:候选事件的参数的详细信息(如参数名与参数含义等)和发生候选事件的原因(possible causes)等。As shown in FIG. 5 , it is a schematic diagram of a description document of a candidate event provided by an embodiment of the present application. The documentation for the event "linkdown_active" is illustrated in FIG. 5 . In Fig. 5, "information" includes: interface state change (parameters of the event "linkdown_active", such as the name of the device where the event occurs, etc.). In one example, the detailed parameters herein may include parameters described in the parameters section. "Description" includes: interface state change. "Other information" includes: detailed information of the parameters of the candidate event (such as parameter names and parameter meanings, etc.) and the reasons for the occurrence of the candidate event (possible causes).
步骤12:管理平台采用自然语言处理技术,提取部分产品手册包含的说明文档中的关键词。可选的,管理平台在说明文档的“信息”部分和“描述”部分提取关键词。Step 12: The management platform uses natural language processing technology to extract keywords in the description documents included in some product manuals. Optionally, the management platform extracts keywords from the "Information" part and the "Description" part of the description document.
关键词,是用于表征候选事件的词汇,具体包括单词或词组等。关键词可以根据词汇的词性(如名词、动词等)、频率相关算法(如TF-IDF、PageRank)等进行提取,也可以利用其它技术,本申请实施例对此不进行限定。Keywords are words used to characterize candidate events, including words or phrases. Keywords may be extracted according to parts of speech (such as nouns, verbs, etc.), frequency-related algorithms (such as TF-IDF, PageRank), etc., and other technologies may also be used, which are not limited in this embodiment of the present application.
例如,结合图5,linkdown_active的信息部分和描述部分的内容中,都出现了interface(名词),status(名词),changes(动词),则这三个词汇可以作为事件linkdown_active的关键词。For example, in combination with Figure 5, interface (noun), status (noun), and changes (verb) appear in the information part and description part of linkdown_active, then these three words can be used as the keywords of the event linkdown_active.
可选的,关键词可以是预定义的,例如,基于专家经验预定义。Optionally, the keywords may be predefined, eg, predefined based on expert experience.
步骤13:管理平台基于步骤12中获取的关键词获取训练集。Step 13: The management platform obtains a training set based on the keywords obtained in step 12.
例如,管理平台输出步骤12中获取的关键词,由用户将所提取的关键词作为特征,进行训练集标注。例如,用户基于经验进行训练集标注。该示例提供的技术方案可以被称为人工训练集标注。For example, the management platform outputs the keywords obtained in step 12, and the user uses the extracted keywords as features to mark the training set. For example, the user labels the training set based on experience. The technical solution provided by this example can be referred to as manual training set labeling.
再如,管理平台将提取的关键词作为特征,进行训练集标注。该示例提供的技术方案可以被称为自动训练集标注。For another example, the management platform uses the extracted keywords as features to mark the training set. The technical solution provided by this example can be referred to as automatic training set labeling.
又如,结合上述人工进行训练集标注和自动进行训练集标注的方法,获得训练集。For another example, the training set is obtained by combining the above-mentioned methods of manually labeling the training set and automatically labeling the training set.
将关键词作为特征,进行训练集标注,可以理解为:基于关键词,获得训练集。其中,训练集包括多个样本,一个样本可以包含特征和标签。例如,结合图5,管理平台可以将linkdown_active事件中提取的关键词“interface,status,changes”作为特征,标注出linkdown_active标签为down(即对网络影响严重),则产生一个样本(包括特征和标签),多个样本构成一个训练集。Using keywords as features to label the training set can be understood as: obtaining the training set based on the keywords. Among them, the training set includes multiple samples, and a sample can contain features and labels. For example, with reference to Figure 5, the management platform can use the keywords "interface, status, changes" extracted from the linkdown_active event as a feature, mark the linkdown_active label as down (that is, it has a serious impact on the network), and generate a sample (including features and labels) ), and multiple samples constitute a training set.
步骤14:管理平台对训练集中的样本进行训练,得到分类模型。该分类模型用于表征候选事件的关键词与候选事件的分类标签之间的对应关系。其中,分类模型的输入包括候选事件的关键词,分类模型的输出包括候选事件的分类标签。Step 14: The management platform trains the samples in the training set to obtain a classification model. The classification model is used to characterize the correspondence between the keywords of the candidate events and the classification labels of the candidate events. The input of the classification model includes the keywords of the candidate events, and the output of the classification model includes the classification labels of the candidate events.
可选的,管理平台可以采用神经网络等有监督算法训练分类模型,当然不限于此。Optionally, the management platform may use a supervised algorithm such as a neural network to train the classification model, of course, it is not limited to this.
步骤15:管理平台将没有参与执行步骤12的另一部分产品手册中的每个候选事件的关键词输入到分类模型,获得该候选事件的分类标签。Step 15: The management platform inputs the keywords of each candidate event in another part of the product manual that is not involved in the execution of Step 12 into the classification model, and obtains the classification label of the candidate event.
示例的,假设网络***中所有类型的网络设备的产品手册中共包含100个候选事件的说明文档,其中,一个候选事件对应一个说明文档,那么:首先,管理平台选择该100个候选事件的说明文档中的20个说明文档。然后,利用自然语言处理技术提取该20个说明文档中的关键词,并将所提取的关键词作为特征,采用人工方式对这些关键词进行标注,得到训练集。接着,管理平台对训练集中的样本进行训练,得到分类模型。最后,将剩余的80个说明文档中的任意一个候选事件的关键词输入到分类模型,得到该候选事件的分类标签。至此,管理平台获取到了网络中的所有类型的设备的所有候选事件的分类标签。As an example, assuming that the product manuals of all types of network devices in the network system contain description documents of 100 candidate events, where one candidate event corresponds to one description document, then: first, the management platform selects the description documents of the 100 candidate events 20 documentation in . Then, the keywords in the 20 explanatory documents are extracted by natural language processing technology, and the extracted keywords are used as features, and these keywords are manually marked to obtain a training set. Next, the management platform trains the samples in the training set to obtain a classification model. Finally, the keyword of any candidate event in the remaining 80 description documents is input into the classification model, and the classification label of the candidate event is obtained. So far, the management platform has obtained the classification labels of all candidate events of all types of devices in the network.
需要说明的是,在一个实施例中,如果在步骤12中,管理平台获取的是网络中的所有类型的网络设备的全部产品手册包含的所有候选事件的说明文档中的关键词,则执行步骤13(即进行训练集标注)之后,管理平台可以获取网络中的所有类型的网络设备的所有候选事件的分类标签。该情况下,管理平台可以不执行步骤14和步骤15;或者,该情况下,管理平台可以执行步骤14,以得到分类模型。It should be noted that, in one embodiment, if in step 12, the management platform obtains keywords in the description documents of all candidate events included in all product manuals of all types of network devices in the network, then execute the step After 13 (that is, labeling the training set), the management platform can obtain the classification labels of all candidate events of all types of network devices in the network. In this case, the management platform may not perform steps 14 and 15; or, in this case, the management platform may perform step 14 to obtain the classification model.
在上述任一实施例中,分类模型还可以用于在网络***中的网络设备的类型更新时,获取该网络设备的候选事件的分类标签。例如,新增网络设备类型时,管理平台可以通过新增类型的设备的产品手册的事件信息,学习到新增类型的设备对应的候选事件的分类标签。In any of the above embodiments, the classification model may also be used to obtain classification labels of candidate events of the network device when the type of the network device in the network system is updated. For example, when a network device type is added, the management platform can learn the classification label of the candidate event corresponding to the device of the new type through the event information of the product manual of the device of the new type.
方式2:管理平台结合知识图谱获取S101中的对应关系。具体可以包括以下步骤21-24:Method 2: The management platform obtains the corresponding relationship in S101 in combination with the knowledge graph. Specifically, it can include the following steps 21-24:
步骤21-23:可以参考上述步骤11-13。Steps 21-23: You can refer to the above steps 11-13.
步骤24:管理平台基于步骤23中的训练集,获取知识图谱。Step 24: The management platform obtains the knowledge graph based on the training set in Step 23.
在一个示例中,对于训练集中的任意一个样本,训练集中将该样本中的每个关键词和分类标签均作为一个实体,并将表示关键词的实体依次连接,将最后一个表示关键词的实体与表示该样本中的分类标签的实体连接。至此,获得了知识图谱的一部分内容,这部分内容由根节点到叶子节点构成,其中,根节点是第一个关键词的实体,叶子节点是分类标签的实体。根节点与叶子节点之间可以没有中间节点,也可以有一个或多个中间节点,中间节点是其他关键词的实体。对于训练集中其他每个样本,如果确定该样本中的所有关键词属于已存在的知识图谱,则可以复用已存在的知识图谱 中表示关键词的实体,如果该样本中的关键词不属于已存在的知识图谱,则可以新增表示该样本的关键词的实体和表示分类标签的实体。对于新增的表示该样本的关键词的实体和表示分类标签的实体,如果其与已存在的知识图谱之间共用从根节点至某个中间节点,或者从某个中间节点至叶子节点,则可以将这部分共用的内容合并,从而简化知识图谱的结构。以此类推,管理平台可以根据训练集中的所有样本得到知识图谱。In an example, for any sample in the training set, each keyword and classification label in the training set are regarded as an entity, and the entities representing the keywords are connected in sequence, and the last entity representing the keyword is connected Connect with entities representing the classification labels in this sample. So far, a part of the content of the knowledge graph is obtained, which is composed of the root node to the leaf node, wherein the root node is the entity of the first keyword, and the leaf node is the entity of the classification label. There may be no intermediate node between the root node and the leaf node, or there may be one or more intermediate nodes, and the intermediate nodes are entities of other keywords. For each other sample in the training set, if it is determined that all the keywords in the sample belong to the existing knowledge graph, the entities representing the keywords in the existing knowledge graph can be reused. If the keywords in the sample do not belong to the existing knowledge graph If there is an existing knowledge graph, an entity representing the keyword of the sample and an entity representing the classification label can be added. For the newly added entity representing the keyword of the sample and the entity representing the classification label, if it shares with the existing knowledge graph from the root node to an intermediate node, or from an intermediate node to a leaf node, then This part of the shared content can be merged to simplify the structure of the knowledge graph. By analogy, the management platform can obtain the knowledge graph based on all the samples in the training set.
例如,假设网络中包括候选事件1-4,并且,候选事件1的关键词是关键词1-3,候选事件2的关键词是关键词1、4、5,候选事件3的关键词是关键词2、4、5,候选事件4的关键词是关键词2、5、6。候选事件1-4的分类标签依次是UP、UP、UP、DOWN,那么,本申请实施例提供的一种知识图谱的结构示意图可以如图6所示。For example, suppose the network includes candidate events 1-4, and the keywords of candidate event 1 are keywords 1-3, the keywords of candidate event 2 are keywords 1, 4, and 5, and the keywords of candidate event 3 are the keys Words 2, 4, 5, and the keywords of candidate event 4 are keywords 2, 5, and 6. The classification labels of candidate events 1-4 are UP, UP, UP, and DOWN in sequence. Then, a schematic structural diagram of a knowledge graph provided by an embodiment of the present application may be as shown in FIG. 6 .
在图6中,候选事件1和候选事件2共用根节点,具体共用表示关键词1的实体。候选事件2和候选事件3共用中间节点至叶子节点,具体共用表示关键词4的实体至表示分类标签的实体。候选事件3和候选事件4共用根节点,具体共用表示关键词2的实体。In FIG. 6 , candidate event 1 and candidate event 2 share a root node, and specifically share an entity representing keyword 1 . The candidate event 2 and the candidate event 3 share the intermediate node to the leaf node, and specifically share the entity representing the keyword 4 to the entity representing the classification label. Candidate event 3 and candidate event 4 share the root node, and specifically share the entity representing keyword 2 .
步骤24:管理平台将没有参与执行步骤22的另一部分产品手册中的每个候选事件的关键词输入到知识图谱,获得该候选事件的分类标签。Step 24: The management platform inputs the keywords of each candidate event in another part of the product manual that is not involved in the execution of Step 22 into the knowledge graph, and obtains the classification label of the candidate event.
例如,结合图6,假设linkdown_active事件的关键词是关键词2、5、6,则linkdown_active事件的分类标签是DOWN。For example, with reference to FIG. 6 , assuming that the keywords of the linkdown_active event are keywords 2, 5, and 6, the category label of the linkdown_active event is DOWN.
需要说明的是,对于步骤24来说,如果将没有参与执行步骤22的另一部分产品手册中的任意一个候选事件的关键词输入到知识图谱,没有找到该候选事件的分类标签,则基于人工标注方式对该候选事件的分类标签进行标注,直到管理平台获得没有参与执行步骤22的另一部分产品手册中的每个候选事件的关键词为止。It should be noted that, for step 24, if the keyword of any candidate event in another part of the product manual that does not participate in the execution of step 22 is input into the knowledge graph, and the classification label of the candidate event is not found, then the manual annotation is used. The classification label of the candidate event is marked in the manner until the management platform obtains the keywords of each candidate event in another part of the product manual that does not participate in the execution of step 22 .
执行方式1或方式2之后,管理平台可以存储每个候选事件对应分类标签。如表4所示,为本申请实施例提供的一种候选事件的标识和分类标签之间的对应关系。After implementing Mode 1 or Mode 2, the management platform may store the classification label corresponding to each candidate event. As shown in Table 4, a correspondence relationship between an identifier of a candidate event and a classification label is provided in this embodiment of the present application.
表4Table 4
候选事件的标识ID of the candidate event 候选事件的分类标签Classification labels for candidate events
ADD_NEW_USER_SECURITYADD_NEW_USER_SECURITY UPUP
APP_SPEED_LIMITAPP_SPEED_LIMIT SUBHEALTHSUBHEALTH
STACHG_TODWNSTACHG_TODWN DOWNDOWN
……... ……...
本申请实施例对网络设备的类型标识、候选事件的标识和候选事件的分类标签之间的对应关系的具体存储方式不进行限定。例如,可以以表3和表4所描述的单独存在为例,也可以合并成一个表格进行存储。当然还可以以非表格的形式存储。The embodiment of the present application does not limit the specific storage manner of the correspondence between the type identifier of the network device, the identifier of the candidate event, and the classification label of the candidate event. For example, the separate existences described in Table 3 and Table 4 can be used as an example, or they can be combined into one table for storage. Of course, it can also be stored in non-tabular form.
S102:第一分析平台与管理平台之间进行信息交互,以获得第一网络中的候选事件的标识,以及第一网络中的候选事件的分类标签之间的对应关系。S102: Perform information exchange between the first analysis platform and the management platform to obtain the identifiers of the candidate events in the first network and the correspondence between the classification labels of the candidate events in the first network.
本申请实施例对S102的具体实现方式不进行限定。以下列举几种实现方式:The specific implementation manner of S102 is not limited in this embodiment of the present application. Here are a few implementations:
方式一:管理平台向第一分析平台发送第一网络中的部分或全部网络设备的类型对应的部分或全部候选事件的分类标签。Manner 1: The management platform sends the classification labels of some or all of the candidate events corresponding to the types of some or all of the network devices in the first network to the first analysis platform.
具体的,管理平台可以结合第一分析平台所管理的网络设备的类型,网络设备的 类型的标识与候选事件的标识之间的对应关系(如表3所示),以及候选事件的标识与候选事件的分类标签之间的对应关系(如表4所示),获取第一网络中的部分或全部网络设备的类型对应的部分或全部候选事件的分类标签。Specifically, the management platform can combine the types of network devices managed by the first analysis platform, the correspondence between the identifiers of the types of network devices and the identifiers of candidate events (as shown in Table 3), and the identifiers of candidate events and candidate events. For the correspondence between the classification labels of the events (as shown in Table 4), the classification labels of some or all of the candidate events corresponding to the types of some or all of the network devices in the first network are obtained.
方式一采用管理平台主动向分析平台推送的方式,使得第一分析平台获取到第一网络中的候选事件的分类标签。这有助于节省信令传输开销。 Manner 1 adopts the mode that the management platform actively pushes to the analysis platform, so that the first analysis platform obtains the classification labels of the candidate events in the first network. This helps to save signaling overhead.
方式二:第一分析平台向管理平台发送请求消息,该请求消息包括第一类型的标识,该请求消息用于请求第一类型的标识对应的候选事件的分类标签。管理平台基于该请求消息向第一分析平台发送该部分或全部候选事件的分类标签。第一类型是第一分析平台管理的网络设备的一种类型。Manner 2: The first analysis platform sends a request message to the management platform, where the request message includes an identifier of the first type, and the request message is used to request a classification label of the candidate event corresponding to the identifier of the first type. The management platform sends the classification labels of some or all of the candidate events to the first analysis platform based on the request message. The first type is a type of network device managed by the first analytics platform.
具体的,管理平台可以结合网络设备的类型的标识与候选事件的标识之间的对应关系(如表3所示),以及候选事件的标识与候选事件的分类标签之间的对应关系(如表4所示),获取第一网络中的第一类型的标识对应的部分或全部候选事件的分类标签。Specifically, the management platform can combine the correspondence between the identifier of the network device type and the identifier of the candidate event (as shown in Table 3), and the correspondence between the identifier of the candidate event and the classification label of the candidate event (as shown in Table 3). 4), to obtain the classification labels of some or all of the candidate events corresponding to the first type of identifiers in the first network.
方式二采用分析平台主动请求的方式,使得第一分析平台获取到第一网络中的候选事件的分类标签。该方式下,第一分析平台可以基于自身需求向管理平台请求特定的候选事件的分类标签,灵活性更高。The second method adopts the method of actively requesting the analysis platform, so that the first analysis platform obtains the classification labels of the candidate events in the first network. In this manner, the first analysis platform can request the management platform for the classification label of the specific candidate event based on its own requirements, which is more flexible.
需要说明的是,管理平台与第一分析平台之间可以采用上述方式一和方式二结合的方式,例如,在网络初始化阶段(即管理平台已经获得第一网络中的候选事件的分类标签,但是还未向第一分析平台发送的阶段),管理平台可以采用上述方式一的方式向第一分析平台推送所获得的第一网络中的候选事件的分类标签。后续,第一分析平台可以采用主动请求的方式,获取特定的候选事件的分类标签,例如,第一分析平台可以在第一网络中有新增的网络设备的类型更新的情况下,向第一分析平台主动请求该新增的网络设备的类型所对应的候选事件的分类标签。It should be noted that, the management platform and the first analysis platform can adopt the combination of the first and second methods. For example, in the network initialization stage (that is, the management platform has obtained the classification labels of the candidate events in the first network, but The stage that has not been sent to the first analysis platform), the management platform may push the obtained classification labels of the candidate events in the first network to the first analysis platform in the manner of the above-mentioned method 1. Subsequently, the first analysis platform may obtain the classification label of the specific candidate event by actively requesting. For example, the first analysis platform may report to the first The analysis platform actively requests the classification label of the candidate event corresponding to the type of the newly added network device.
在执行S102之后,第一分析平台可以存储所获取到的对应关系。本申请实施例对具体存储形式不进行限定。After executing S102, the first analysis platform may store the acquired correspondence. The embodiment of the present application does not limit the specific storage form.
S103:第一网络中的第一网络设备向第一分析平台上报待分类事件的标识。S103: The first network device in the first network reports the identifier of the event to be classified to the first analysis platform.
第一网络设备可以是第一网络中的任意一个网络设备。待分类事件可以是第一网络设备的任意一个候选事件,或者任意一个已发生事件。待分类事件具体可以是告警事件或日志事件。示例的,第一网络中的第一网络设备在检测到自身发生某一事件的情况下,向第一分析平台上报第一网络设备的待分类事件的标识。The first network device may be any network device in the first network. The event to be classified may be any candidate event of the first network device, or any event that has occurred. The event to be classified may specifically be an alarm event or a log event. Exemplarily, the first network device in the first network reports the identifier of the event to be classified of the first network device to the first analysis platform when it detects that a certain event occurs in itself.
需要说明的是,S103仅为第一分析平台获取待分类事件的标识的一个示例,其不对本申请实施例提供的第一分析平台获取待分类事件的标识的具体实现方式构成限定。It should be noted that S103 is only an example for the first analysis platform to obtain the identifier of the event to be classified, and does not limit the specific implementation of the first analysis platform to obtain the identifier of the event to be classified provided in the embodiment of the present application.
S104:第一分析平台基于第一网络中的候选事件的标识,以及第一网络中的候选事件的分类标签之间的对应关系,获取与待分类事件的标识对应的分类标签,并将该分类标签作为目标分类标签。S104: The first analysis platform obtains, based on the identifiers of the candidate events in the first network and the correspondence between the classification labels of the candidate events in the first network, the classification labels corresponding to the identifiers of the events to be classified, and assigns the classification labels to the identifiers of the events to be classified. label as the target classification label.
至此,第一分析平台获取到了第一网络设备发生待分类事件的分类标签。对于网络***中的其他分析平台,如第二分析平台等,可以按照上述S103-S104的方式获取自身管理的网络中的任一候选事件或已发生事件的分类标签,此处不再赘述。So far, the first analysis platform has obtained the classification label of the event to be classified in the first network device. For other analysis platforms in the network system, such as the second analysis platform, etc., the classification labels of any candidate event or occurrence event in the network managed by itself can be obtained in the manner of S103-S104, which will not be repeated here.
本申请实施例提供的事件分类方法,是自动对事件进行分类的方法。以事件的分 类标签用于表征该事件对网络***影响的严重程度为例,第一分析平台可以基于所确定的该事件的分类标签确定该事件对网络***影响的严重程度,从而确定网络***的健康度、帮助网络故障发现及故障区分、或者辅助故障根因定位等。比如,对于一些对网络***没影响的事件,在故障发现、故障定位等分析时可以过滤掉不关注,从而节省处理开销,而对于一些对网络***影响程度严重的事件,可以重点关注等,因此,第一分析平台在确定事件对网络***影响的严重程度之后,可以帮助网络故障发现及故障区分,或者辅助故障根因定位。The event classification method provided by the embodiment of the present application is a method for automatically classifying events. Taking the classification label of the event used to represent the severity of the impact of the event on the network system as an example, the first analysis platform can determine the severity of the impact of the event on the network system based on the determined classification label of the event, so as to determine the severity of the impact of the event on the network system. Health, help network fault discovery and fault differentiation, or assist fault root cause location, etc. For example, some events that have no impact on the network system can be filtered out during the analysis of fault discovery and fault location, thereby saving processing overhead. For some events that have a serious impact on the network system, they can be focused on, etc. Therefore, , after determining the severity of the impact of the event on the network system, the first analysis platform can help in network fault discovery and fault differentiation, or assist in locating the root cause of the fault.
需要说明的是,本申请实施例提供的技术方案中,事件的分类标签并不限于该事件对网络***影响的严重程度,例如,事件的分类标签可以用于表征该事件的内容/性质,或者该事件所针对的对象等等。这同样有助于确定网络***的健康度、帮助网络故障发现及故障区分、或者辅助故障根因定位等。It should be noted that, in the technical solutions provided by the embodiments of this application, the classification label of an event is not limited to the severity of the impact of the event on the network system. For example, the classification label of an event can be used to characterize the content/nature of the event, or The object the event is for, and so on. This also helps to determine the health of the network system, help in network fault discovery and fault differentiation, or assist in locating the root cause of faults.
上述主要从方法的角度对本申请实施例提供的方案进行了介绍。为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。The solutions provided by the embodiments of the present application have been introduced above mainly from the perspective of methods. In order to realize the above-mentioned functions, it includes corresponding hardware structures and/or software modules for executing each function. Those skilled in the art should easily realize that the present application can be implemented in hardware or a combination of hardware and computer software with the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein. Whether a function is performed by hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
本申请实施例可以根据上述方法示例对事件分类装置(如上述第一分析平台或管理平台)进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。In this embodiment of the present application, the event classification apparatus (such as the first analysis platform or the management platform) may be divided into functional modules according to the foregoing method examples. For example, each functional module may be divided into each function, or two or more may be divided into two or more functional modules. The functions are integrated in a processing module. The above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules. It should be noted that, the division of modules in the embodiments of the present application is schematic, and is only a logical function division, and there may be other division manners in actual implementation.
如图7所示,为本申请实施例提供的一种分析平台70的结构示意图。分析平台70可以用于实现上文中提供的第一分析平台的功能。例如,分析平台70可以用于执行上述事件分类方法中第一分析平台所执行的步骤,例如用于执行图4中第一分析平台所执行的步骤。可选的,分析平台70可以包括获取单元701和确定单元702。As shown in FIG. 7 , it is a schematic structural diagram of an analysis platform 70 according to an embodiment of the present application. The analysis platform 70 may be used to implement the functions of the first analysis platform provided above. For example, the analysis platform 70 may be used to perform the steps performed by the first analysis platform in the above event classification method, for example, to perform the steps performed by the first analysis platform in FIG. 4 . Optionally, the analysis platform 70 may include an acquisition unit 701 and a determination unit 702 .
获取单元701,用于获取多个事件的标识与该多个事件的分类标签的对应关系;以及,获取网络中发生的待分类事件的标识。确定单元702,用于基于待分类事件的标识和该对应关系,确定与待分类事件的标识对应的目标分类标签。例如,结合图4,确定单元702可以用于执行S104。The obtaining unit 701 is configured to obtain the corresponding relationship between the identifiers of the multiple events and the classification labels of the multiple events; and obtain the identifiers of the events to be classified that occur in the network. The determining unit 702 is configured to determine a target classification label corresponding to the identifier of the event to be classified based on the identifier of the event to be classified and the corresponding relationship. For example, in conjunction with FIG. 4 , the determining unit 702 may be configured to perform S104.
可选的,目标分类标签用于表征以下至少一种:待分类事件对该网络的影响的严重程度;待分类事件的性质;或者,待分类事件所针对的对象。Optionally, the target classification label is used to represent at least one of the following: the severity of the impact of the to-be-classified event on the network; the nature of the to-be-classified event; or the object targeted by the to-be-classified event.
可选的,分析平台70还包括:接收单元703,用于接收用于管理分析平台70的管理平台发送的上述对应关系接收单元703可以用于执行S103对应的接收步骤。Optionally, the analysis platform 70 further includes: a receiving unit 703, configured to receive the above-mentioned correspondence relationship receiving unit 703 sent by the management platform for managing the analysis platform 70, and may be configured to perform the receiving step corresponding to S103.
可选的,分析平台70用于管理多个网络设备,该多个网络设备包括第一类型的网络设备,该分析平台还包括:发送单元704,用于向管理平台发送请求消息,该请求消息包括第一类型的标识。请求消息用于请求第一类型的标识对应的事件的分类标签, 其中,第一类型的标识对应的事件包括待分类事件。该情况下,接收单元703具体用于:接收管理平台发送的第一类型的标识对应的事件的标识与第一类型的标识对应的事件的分类标签之间的对应关系。Optionally, the analysis platform 70 is configured to manage multiple network devices, the multiple network devices include network devices of the first type, and the analysis platform further includes: a sending unit 704, configured to send a request message to the management platform, the request message A first type of identification is included. The request message is used to request a classification label of an event corresponding to the first type of identification, wherein the event corresponding to the first type of identification includes an event to be classified. In this case, the receiving unit 703 is specifically configured to: receive the correspondence between the identifier of the event corresponding to the identifier of the first type and the classification label of the event corresponding to the identifier of the first type sent by the management platform.
可选的,第一类型的网络设备是具有同一版本号的网络设备;或者,第一类型的网络设备是具有同一版本号和同一型号的网络设备。Optionally, the network devices of the first type are network devices with the same version number; or, the network devices of the first type are network devices with the same version number and the same model.
关于上述可选方式的具体描述可以参见前述的方法实施例,此处不再赘述。此外,上述提供的任一种分析平台70的解释以及有益效果的描述均可参考上述对应的方法实施例,不再赘述。For the specific description of the foregoing optional manners, reference may be made to the foregoing method embodiments, which will not be repeated here. In addition, for the explanation of any analysis platform 70 provided above and the description of the beneficial effects, reference may be made to the corresponding method embodiments above, which will not be repeated.
作为示例,结合图3,分析平台70中的发送单元704和接收单元703的功能可以通过图3中的输入输出器件303实现,获取单元701和确定单元702的功能可以通过图3中的处理器301执行图3中的存储器302中的程序代码实现。As an example, with reference to FIG. 3 , the functions of the sending unit 704 and the receiving unit 703 in the analysis platform 70 can be implemented by the input and output device 303 in FIG. 3 , and the functions of the acquiring unit 701 and the determining unit 702 can be implemented by the processor in FIG. 3 301 executes the program code implementation in memory 302 in FIG. 3 .
如图8所示,为本申请实施例提供的一种管理平台80的结构示意图。管理平台80可以用于实现上文中提供的管理平台的功能。例如,管理平台80可以用于执行图4中管理平台所执行的步骤。管理平台80应用于网络***,管理平台80连接分析平台,分析平台用于管理多个网络设备,该多个网络设备包括第一类型的网络设备。可选的,管理平台80可以包括获取单元801和发送单元802。As shown in FIG. 8 , it is a schematic structural diagram of a management platform 80 according to an embodiment of the present application. The management platform 80 may be used to implement the functions of the management platform provided above. For example, management platform 80 may be used to perform the steps performed by the management platform in FIG. 4 . The management platform 80 is applied to the network system, the management platform 80 is connected to the analysis platform, and the analysis platform is used to manage a plurality of network devices, and the plurality of network devices include network devices of the first type. Optionally, the management platform 80 may include an obtaining unit 801 and a sending unit 802 .
获取单元801,用于获取第一类型的标识对应的事件的分类标签。发送单元802,用于向分析平台发送第一类型的标识对应的事件的分类标签,第一类型的标识对应的事件的分类标签用于分析平台对网络中发生的待分类事件进行分类。例如,结合图4,获取单元801可以用于执行S101,发送单元802可以用于执行S102中管理平台所执行的发送动作。The obtaining unit 801 is configured to obtain the classification label of the event corresponding to the first type identifier. The sending unit 802 is configured to send the first type of event classification labels corresponding to the identifiers to the analysis platform, where the first type of event classification labels corresponding to the identifiers are used for the analysis platform to classify events to be classified occurring in the network. For example, with reference to FIG. 4 , the obtaining unit 801 may be configured to execute S101, and the sending unit 802 may be configured to execute the sending action performed by the management platform in S102.
可选的,管理平台80还包括:接收单元803,用于接收分析平台发送的请求消息,请求消息包括第一类型的标识,请求消息用于请求第一类型的标识对应的事件的分类标签。Optionally, the management platform 80 further includes: a receiving unit 803, configured to receive a request message sent by the analysis platform, where the request message includes a first type identifier, and the request message is used to request a classification label of an event corresponding to the first type identifier.
可选的,第一类型的标识对应的事件包括第一事件,第一事件的分类标签用于表征以下至少一种:第一事件对该网络的影响的严重程度;第一事件的性质;或者,第一事件所针对的对象。Optionally, the event corresponding to the identifier of the first type includes a first event, and the classification label of the first event is used to represent at least one of the following: the severity of the impact of the first event on the network; the nature of the first event; or , the object targeted by the first event.
可选的,获取单元801还用于:获取第一类型的网络设备的产品手册;其中,第一类型的网络设备的产品手册包括用于描述第一类型的网络设备的事件的说明文档。基于用于描述第一类型的网络设备的事件的说明文档和第一信息,获取第一类型的网络设备的事件的分类标签。其中,第一信息包括分类模型或知识图谱,第一信息用于表征事件的关键词与事件的分类标签之间的对应关系。Optionally, the obtaining unit 801 is further configured to: obtain a product manual of the network device of the first type; wherein the product manual of the network device of the first type includes an explanatory document for describing the events of the network device of the first type. Based on the description document and the first information for describing the event of the network device of the first type, a classification label of the event of the network device of the first type is obtained. The first information includes a classification model or a knowledge graph, and the first information is used to represent the correspondence between the keywords of the event and the classification labels of the event.
可选的,分类模型是基于多个类型的网络设备的产品手册包括的说明文档训练得到的。Optionally, the classification model is trained based on description documents included in product manuals of multiple types of network devices.
可选的,知识图谱是基于多个类型的网络设备的产品手册包括的说明文档获得的。Optionally, the knowledge graph is obtained based on description documents included in product manuals of multiple types of network devices.
关于上述可选方式的具体描述可以参见前述的方法实施例,此处不再赘述。此外,上述提供的任一种管理平台80的解释以及有益效果的描述均可参考上述对应的方法实施例,不再赘述。For the specific description of the foregoing optional manners, reference may be made to the foregoing method embodiments, which will not be repeated here. In addition, for the explanation of any management platform 80 provided above and the description of the beneficial effects, reference may be made to the corresponding method embodiments above, which will not be repeated.
作为示例,结合图3,管理平台80中的发送单元802和接收单元803的功能可以 通过图3中的输入输出器件303实现,获取单元801的功能可以通过图3中的处理器301执行图3中的存储器302中的程序代码实现。As an example, with reference to FIG. 3 , the functions of the sending unit 802 and the receiving unit 803 in the management platform 80 can be implemented by the input/output device 303 in FIG. 3 , and the functions of the acquiring unit 801 can be executed by the processor 301 in FIG. 3 . The program code in memory 302 is implemented in .
本申请实施例还提供一种芯片***140,如图9所示,该芯片***140包括至少一个处理器和至少一个接口电路。作为示例,当该芯片***140包括一个处理器和一个接口电路时,则该一个处理器可以是图9中实线框所示的处理器141(或者是虚线框所示的处理器141),该一个接口电路可以是图9中实线框所示的接口电路142(或者是虚线框所示的接口电路142)。当该芯片***140包括两个处理器和两个接口电路时,则该两个处理器包括图9中实线框所示的处理器141和虚线框所示的处理器141,该两个接口电路包括图9中实线框所示的接口电路142和虚线框所示的接口电路142。对此不作限定。An embodiment of the present application further provides a chip system 140. As shown in FIG. 9, the chip system 140 includes at least one processor and at least one interface circuit. As an example, when the system-on-a-chip 140 includes a processor and an interface circuit, the processor may be the processor 141 shown in the solid line box in FIG. 9 (or the processor 141 shown in the dotted line box), The one interface circuit may be the interface circuit 142 shown in the solid line box in FIG. 9 (or the interface circuit 142 shown in the dotted line box). When the chip system 140 includes two processors and two interface circuits, the two processors include the processor 141 shown in the solid line box and the processor 141 shown in the dotted line box in FIG. 9 , the two interfaces The circuit includes the interface circuit 142 shown in the solid line box and the interface circuit 142 shown in the dashed line box in FIG. 9 . This is not limited.
处理器141和接口电路142可通过线路互联。例如,接口电路142可用于接收信号(例如用户端等)。又例如,接口电路142可用于向其它装置(例如处理器141)发送信号。示例性的,接口电路142可读取存储器中存储的指令,并将该指令发送给处理器141。当该指令被处理器141执行时,可使得分析平台或管理平台执行上述实施例中的各个步骤。当然,该芯片***140还可以包含其他分立器件,本申请实施例对此不作具体限定。The processor 141 and the interface circuit 142 may be interconnected by wires. For example, the interface circuit 142 may be used to receive signals (eg, client terminals, etc.). As another example, the interface circuit 142 may be used to send signals to other devices (eg, the processor 141). Exemplarily, the interface circuit 142 may read the instructions stored in the memory and send the instructions to the processor 141 . When the instructions are executed by the processor 141, the analysis platform or the management platform can be caused to perform the various steps in the above-mentioned embodiments. Certainly, the chip system 140 may also include other discrete devices, which are not specifically limited in this embodiment of the present application.
本申请另一实施例还提供一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当指令在分析平台或管理平台上运行时,该分析平台或管理平台执行上述方法实施例所示的方法流程中该分析平台或管理平台执行的各个步骤。Another embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are executed on the analysis platform or the management platform, the analysis platform or the management platform executes the foregoing method embodiments Each step performed by the analysis platform or the management platform in the shown method flow.
在一些实施例中,所公开的方法可以实施为以机器可读格式被编码在计算机可读存储介质上的或者被编码在其它非瞬时性介质或者制品上的计算机程序指令。In some embodiments, the disclosed methods may be implemented as computer program instructions encoded in a machine-readable format on a computer-readable storage medium or on other non-transitory media or articles of manufacture.
图10示意性地示出本申请实施例提供的计算机程序产品的概念性局部视图,该计算机程序产品包括用于在计算设备上执行计算机进程的计算机程序。FIG. 10 schematically shows a conceptual partial view of a computer program product provided by an embodiment of the present application, where the computer program product includes a computer program for executing a computer process on a computing device.
在一个实施例中,计算机程序产品是使用信号承载介质150来提供的。该信号承载介质150可以包括一个或多个程序指令,其当被一个或多个处理器运行时可以提供以上针对图4描述的功能或者部分功能。因此,例如,参考图4中S101-S104中的一个或多个特征可以由与信号承载介质150相关联的一个或多个指令来承担。此外,图10中的程序指令也描述示例指令。In one embodiment, the computer program product is provided using the signal bearing medium 150 . The signal bearing medium 150 may include one or more program instructions that, when executed by one or more processors, may provide the functions, or portions thereof, described above with respect to FIG. 4 . Thus, for example, reference to one or more of the features of S101-S104 in FIG. 4 may be undertaken by one or more instructions associated with the signal bearing medium 150. Additionally, the program instructions in Figure 10 also describe example instructions.
在一些示例中,信号承载介质150可以包含计算机可读介质151,诸如但不限于,硬盘驱动器、紧密盘(CD)、数字视频光盘(DVD)、数字磁带、存储器、只读存储记忆体(read-only memory,ROM)或随机存储记忆体(random access memory,RAM)等等。In some examples, the signal bearing medium 150 may include a computer readable medium 151 such as, but not limited to, a hard drive, a compact disc (CD), a digital video disc (DVD), a digital tape, a memory, a read only memory (read only memory) -only memory, ROM) or random access memory (RAM), etc.
在一些实施方式中,信号承载介质150可以包含计算机可记录介质152,诸如但不限于,存储器、读/写(R/W)CD、R/W DVD、等等。In some implementations, the signal bearing medium 150 may include a computer recordable medium 152 such as, but not limited to, memory, read/write (R/W) CDs, R/W DVDs, and the like.
在一些实施方式中,信号承载介质150可以包含通信介质153,诸如但不限于,数字和/或模拟通信介质(例如,光纤电缆、波导、有线通信链路、无线通信链路、等等)。In some embodiments, signal bearing medium 150 may include communication medium 153 such as, but not limited to, digital and/or analog communication media (eg, fiber optic cables, waveguides, wired communication links, wireless communication links, etc.).
信号承载介质150可以由无线形式的通信介质153(例如,遵守IEEE 1502.11标准或者其它传输协议的无线通信介质)来传达。一个或多个程序指令可以是,例如, 计算机可执行指令或者逻辑实施指令。Signal bearing medium 150 may be conveyed by a wireless form of communication medium 153 (eg, a wireless communication medium that conforms to the IEEE 1502.11 standard or other transmission protocol). The one or more program instructions may be, for example, computer-executable instructions or logic-implemented instructions.
在一些示例中,诸如针对图4描述的分析平台或管理平台可以被配置为,响应于通过计算机可读介质151、计算机可记录介质152、和/或通信介质153中的一个或多个程序指令,提供各种操作、功能、或者动作。In some examples, an analysis platform or management platform such as described with respect to FIG. 4 may be configured, in response to one or more program instructions via computer readable medium 151 , computer recordable medium 152 , and/or communication medium 153 , , which provides various operations, functions, or actions.
应该理解,这里描述的布置仅仅是用于示例的目的。因而,本领域技术人员将理解,其它布置和其它元素(例如,机器、接口、功能、顺序、和功能组等等)能够被取而代之地使用,并且一些元素可以根据所期望的结果而一并省略。另外,所描述的元素中的许多是可以被实现为离散的或者分布式的组件的、或者以任何适当的组合和位置来结合其它组件实施的功能实体。It should be understood that the arrangements described herein are for illustrative purposes only. Thus, those skilled in the art will understand that other arrangements and other elements (eg, machines, interfaces, functions, sequences, and groups of functions, etc.) can be used instead and that some elements may be omitted altogether depending on the desired results . Additionally, many of the described elements are functional entities that may be implemented as discrete or distributed components, or in conjunction with other components in any suitable combination and position.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件程序实现时,可以全部或部分地以计算机程序产品的形式来实现。该计算机程序产品包括一个或多个计算机指令。在计算机上和执行计算机执行指令时,全部或部分地产生按照本申请实施例的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,计算机指令可以从一个网站站点、计算机、服务器或者数据中心通过有线(例如同轴电缆、光纤、数字用户线(digital subscriber line,DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可以用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质(例如,软盘、硬盘、磁带),光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented using a software program, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The processes or functions according to the embodiments of the present application are generated, in whole or in part, on the computer and when the computer executes the instructions. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g. coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg infrared, wireless, microwave, etc.) means to transmit to another website site, computer, server or data center. Computer-readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc., that can be integrated with the media. Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (22)

  1. 一种事件分类方法,其特征在于,应用于分析平台,所述方法包括:An event classification method, characterized in that, applied to an analysis platform, the method comprising:
    获取多个事件的标识与所述多个事件的分类标签的对应关系;Obtain the correspondence between the identifiers of multiple events and the classification labels of the multiple events;
    获取网络中发生的待分类事件的标识;Obtain the identifier of the to-be-categorized event occurring in the network;
    基于所述待分类事件的标识和所述对应关系,确定与所述待分类事件的标识对应的目标分类标签。Based on the identifier of the event to be classified and the corresponding relationship, a target classification label corresponding to the identifier of the event to be classified is determined.
  2. 根据权利要求1所述的方法,其特征在于,所述目标分类标签用于表征以下至少一种:The method according to claim 1, wherein the target classification label is used to represent at least one of the following:
    所述待分类事件对所述网络的影响的严重程度;the severity of the impact of the event to be classified on the network;
    所述待分类事件的性质;the nature of the event to be classified;
    或者,所述待分类事件所针对的对象。Or, the object targeted by the event to be classified.
  3. 根据权利要求1或2所述的方法,其特征在于,所述获取多个事件的标识与所述多个事件的分类标签的对应关系,包括:The method according to claim 1 or 2, wherein the acquiring the correspondence between the identifiers of multiple events and the classification labels of the multiple events comprises:
    接收用于管理所述分析平台的管理平台发送的所述对应关系。The corresponding relationship sent by the management platform for managing the analysis platform is received.
  4. 根据权利要求3所述的方法,其特征在于,所述分析平台用于管理多个网络设备,所述多个网络设备包括第一类型的网络设备,在所述接收用于管理所述分析平台的管理平台发送的所述对应关系之前,所述方法还包括:The method according to claim 3, wherein the analysis platform is used to manage a plurality of network devices, the plurality of network devices include network devices of the first type, and the analysis platform is used to manage the analysis platform in the receiving Before the corresponding relationship sent by the management platform, the method further includes:
    向所述管理平台发送请求消息,所述请求消息包括所述第一类型的标识,所述请求消息用于请求所述第一类型的标识对应的事件的分类标签;Sending a request message to the management platform, where the request message includes the identifier of the first type, and the request message is used to request the classification label of the event corresponding to the identifier of the first type;
    所述接收用于管理所述分析平台的管理平台发送的所述对应关系,包括:The receiving the corresponding relationship sent by the management platform for managing the analysis platform includes:
    接收所述管理平台发送的所述第一类型的标识对应的事件的标识与所述第一类型的标识对应的事件的分类标签之间的对应关系。The correspondence between the identifier of the event corresponding to the identifier of the first type and the classification label of the event corresponding to the identifier of the first type sent by the management platform is received.
  5. 根据权利要求4所述的方法,其特征在于,The method of claim 4, wherein:
    所述第一类型的网络设备是具有同一版本号的网络设备;The network devices of the first type are network devices with the same version number;
    或者,所述第一类型的网络设备是具有同一版本号和同一型号的网络设备。Alternatively, the network devices of the first type are network devices having the same version number and the same model.
  6. 一种事件分类方法,其特征在于,应用于管理平台,所述管理平台用于管理分析平台,所述分析平台管理多个网络设备,所述多个网络设备包括第一类型的网络设备,所述方法包括:An event classification method, characterized in that it is applied to a management platform, the management platform is used to manage an analysis platform, and the analysis platform manages a plurality of network devices, the plurality of network devices include the first type of network devices, and the The methods described include:
    获取所述第一类型的标识对应的事件的分类标签;obtaining the classification label of the event corresponding to the identifier of the first type;
    向所述分析平台发送所述第一类型的标识对应的事件的分类标签,所述第一类型的标识对应的事件的分类标签用于所述分析平台对网络中发生的待分类事件进行分类。Sending a classification label of the event corresponding to the first type of identification to the analysis platform, where the classification label of the event corresponding to the first type of identification is used for the analysis platform to classify the events to be classified that occur in the network.
  7. 根据权利要求6所述的方法,其特征在于,在所述获取所述第一类型的标识对应的事件的分类标签之前,所述方法还包括:The method according to claim 6, characterized in that, before the acquiring the classification label of the event corresponding to the first type identifier, the method further comprises:
    接收所述分析平台发送的请求消息,所述请求消息包括所述第一类型的标识,所述请求消息用于请求所述第一类型的标识对应的事件的分类标签。A request message sent by the analysis platform is received, where the request message includes the identifier of the first type, and the request message is used to request a classification label of an event corresponding to the identifier of the first type.
  8. 根据权利要求6或7所述的方法,其特征在于,所述第一类型的标识对应的事件包括第一事件,所述第一事件的分类标签用于表征以下至少一种:The method according to claim 6 or 7, wherein the event corresponding to the identifier of the first type comprises a first event, and the classification label of the first event is used to represent at least one of the following:
    所述第一事件对所述网络的影响的严重程度;the severity of the impact of the first event on the network;
    所述第一事件的性质;the nature of said first event;
    或者,所述第一事件所针对的对象。Or, the object targeted by the first event.
  9. 根据权利要求6至8任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 6 to 8, wherein the method further comprises:
    获取所述第一类型的网络设备的产品手册;其中,所述第一类型的网络设备的产品手册包括用于描述所述第一类型的网络设备的事件的说明文档;obtaining a product manual of the first type of network device; wherein the product manual of the first type of network device includes an explanatory document for describing events of the first type of network device;
    基于所述用于描述所述第一类型的网络设备的事件的说明文档和第一信息,获取所述第一类型的网络设备的事件的分类标签;其中,所述第一信息包括分类模型或知识图谱,所述第一信息用于表征事件的关键词与事件的分类标签之间的对应关系。Based on the description document for describing the event of the network device of the first type and the first information, a classification label of the event of the network device of the first type is obtained; wherein the first information includes a classification model or A knowledge graph, where the first information is used to represent the correspondence between the keywords of the events and the classification labels of the events.
  10. 根据权利要求9所述的方法,其特征在于,The method of claim 9, wherein:
    所述分类模型是基于多个类型的网络设备的产品手册包括的说明文档训练得到的;The classification model is obtained by training based on the description documents included in the product manuals of multiple types of network devices;
    或者,所述知识图谱是基于多个类型的网络设备的产品手册包括的说明文档获得的。Alternatively, the knowledge graph is obtained based on explanatory documents included in product manuals of multiple types of network devices.
  11. 一种分析平台,其特征在于,所述分析平台包括:An analysis platform, characterized in that the analysis platform includes:
    获取单元,用于获取待分类事件的标识;以及,获取多个事件的标识与所述多个事件的分类标签的对应关系;以及,获取网络中发生的待分类事件的标识;an acquisition unit for acquiring the identifiers of the events to be classified; and, acquiring the corresponding relationship between the identifiers of the multiple events and the classification labels of the multiple events; and, acquiring the identifiers of the events to be classified occurring in the network;
    确定单元,用于基于所述待分类事件的标识和所述对应关系,确定与所述待分类事件的标识对应的目标分类标签。A determining unit, configured to determine a target classification label corresponding to the identifier of the event to be classified based on the identifier of the event to be classified and the corresponding relationship.
  12. 根据权利要求11所述的分析平台,其特征在于,所述目标分类标签用于表征以下至少一种:The analysis platform according to claim 11, wherein the target classification label is used to represent at least one of the following:
    所述待分类事件对所述网络的影响的严重程度;the severity of the impact of the event to be classified on the network;
    所述待分类事件的性质;the nature of the event to be classified;
    或者,所述待分类事件所针对的对象。Or, the object targeted by the event to be classified.
  13. 根据权利要求11或12所述的分析平台,其特征在于,所述分析平台还包括:The analysis platform according to claim 11 or 12, wherein the analysis platform further comprises:
    接收单元,用于接收管理所述分析平台的管理平台发送的所述对应关系。A receiving unit, configured to receive the corresponding relationship sent by the management platform that manages the analysis platform.
  14. 根据权利要求13所述的分析平台,其特征在于,所述分析平台用于管理多个网络设备,所述多个网络设备包括第一类型的网络设备,所述分析平台还包括:The analysis platform according to claim 13, wherein the analysis platform is configured to manage a plurality of network devices, the plurality of network devices include network devices of the first type, and the analysis platform further comprises:
    发送单元,用于向所述管理平台发送请求消息,所述请求消息包括所述第一类型的标识,所述请求消息用于请求所述第一类型的标识对应的事件的分类标签;a sending unit, configured to send a request message to the management platform, where the request message includes the identifier of the first type, and the request message is used to request a classification label of the event corresponding to the identifier of the first type;
    所述接收单元具体用于:接收所述管理平台发送的所述第一类型的标识对应的事件的标识与所述第一类型的标识对应的事件的分类标签之间的对应关系。The receiving unit is specifically configured to: receive the correspondence between the identifier of the event corresponding to the identifier of the first type and the classification label of the event corresponding to the identifier of the first type sent by the management platform.
  15. 根据权利要求14所述的分析平台,其特征在于,The analysis platform of claim 14, wherein:
    所述第一类型的网络设备是具有同一版本号的网络设备;The network devices of the first type are network devices with the same version number;
    或者,所述第一类型的网络设备是具有同一版本号和同一型号的网络设备。Alternatively, the network devices of the first type are network devices having the same version number and the same model.
  16. 一种管理平台,其特征在于,所述管理平台连接分析平台,所述分析平台用于管理多个网络设备,所述多个网络设备包括第一类型的网络设备,所述管理平台包括:A management platform, characterized in that the management platform is connected to an analysis platform, and the analysis platform is used to manage multiple network devices, the multiple network devices include network devices of the first type, and the management platform includes:
    获取单元,用于获取所述第一类型的标识对应的事件的分类标签;an obtaining unit, used for obtaining the classification label of the event corresponding to the identifier of the first type;
    发送单元,用于向所述分析平台发送所述第一类型的标识对应的事件的分类标签,所述第一类型的标识对应的事件的分类标签用于所述分析平台对网络中发生的待分类事件进行分类。A sending unit, configured to send the classification label of the event corresponding to the first type of identification to the analysis platform, and the classification label of the event corresponding to the first type of identification is used for the analysis platform to identify the pending events occurring in the network. Classify events to classify.
  17. 根据权利要求16所述的管理平台,其特征在于,所述管理平台还包括:The management platform according to claim 16, wherein the management platform further comprises:
    接收单元,用于接收所述分析平台发送的请求消息,所述请求消息包括所述第一类型的标识,所述请求消息用于请求所述第一类型的标识对应的事件的分类标签。A receiving unit, configured to receive a request message sent by the analysis platform, where the request message includes the identifier of the first type, and the request message is used to request a classification label of an event corresponding to the identifier of the first type.
  18. 根据权利要求16或17所述的管理平台,其特征在于,所述第一类型的标识对应的事件包括第一事件,所述第一事件的分类标签用于表征以下至少一种:The management platform according to claim 16 or 17, wherein the event corresponding to the identifier of the first type includes a first event, and the classification label of the first event is used to represent at least one of the following:
    所述第一事件对所述网络的影响的严重程度;the severity of the impact of the first event on the network;
    所述第一事件的性质;the nature of said first event;
    或者,所述第一事件所针对的对象。Or, the object targeted by the first event.
  19. 根据权利要求16至18任一项所述的管理平台,其特征在于,所述获取单元还用于:The management platform according to any one of claims 16 to 18, wherein the acquiring unit is further configured to:
    获取所述第一类型的网络设备的产品手册;其中,所述第一类型的网络设备的产品手册包括用于描述所述第一类型的网络设备的事件的说明文档;obtaining a product manual of the first type of network device; wherein the product manual of the first type of network device includes an explanatory document for describing events of the first type of network device;
    基于所述用于描述所述第一类型的网络设备的事件的说明文档和第一信息,获取所述第一类型的网络设备的事件的分类标签;其中,所述第一信息包括分类模型或知识图谱,所述第一信息用于表征事件的关键词与事件的分类标签之间的对应关系。Based on the description document for describing the event of the network device of the first type and the first information, a classification label of the event of the network device of the first type is obtained; wherein the first information includes a classification model or A knowledge graph, where the first information is used to represent the correspondence between the keywords of the events and the classification labels of the events.
  20. 根据权利要求19所述的管理平台,其特征在于,The management platform according to claim 19, wherein,
    所述分类模型是基于多个类型的网络设备的产品手册包括的说明文档训练得到的;The classification model is obtained by training based on the description documents included in the product manuals of multiple types of network devices;
    或者,所述知识图谱是基于多个类型的网络设备的产品手册包括的说明文档获得的。Alternatively, the knowledge graph is obtained based on explanatory documents included in product manuals of multiple types of network devices.
  21. 一种事件分类装置,其特征在于,所述装置包括:存储器和处理器,所述存储器用于存储计算机指令,所述处理器用于调用所述计算机指令,使得所述装置执行如权利要求1至10中任一项所述的方法。An event classification device, characterized in that the device comprises: a memory and a processor, the memory is used to store computer instructions, and the processor is used to call the computer instructions, so that the device executes the steps according to claims 1 to 1. The method of any one of 10.
  22. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机程序,当所述计算机程序在计算机上运行时,使得所述计算机执行权利要求1至10中任一项所述的方法。A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program runs on a computer, the computer is made to execute any one of claims 1 to 10 the method described.
PCT/CN2021/116791 2020-09-07 2021-09-06 Method and apparatus for event categorization WO2022048671A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010930653.5A CN114244683A (en) 2020-09-07 2020-09-07 Event classification method and device
CN202010930653.5 2020-09-07

Publications (1)

Publication Number Publication Date
WO2022048671A1 true WO2022048671A1 (en) 2022-03-10

Family

ID=80491632

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/116791 WO2022048671A1 (en) 2020-09-07 2021-09-06 Method and apparatus for event categorization

Country Status (2)

Country Link
CN (1) CN114244683A (en)
WO (1) WO2022048671A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114820225A (en) * 2022-06-28 2022-07-29 成都秦川物联网科技股份有限公司 Industrial Internet of things based on keyword identification and manufacturing problem processing and control method
CN115277368A (en) * 2022-08-02 2022-11-01 上海宏时数据***有限公司 Multi-platform alarm method, device, electronic equipment and storage medium
CN115762667A (en) * 2022-11-24 2023-03-07 苏州沃时数字科技有限公司 Chemical reaction type identification method and device and computer equipment
WO2024051258A1 (en) * 2022-09-08 2024-03-14 华为技术有限公司 Event processing method, apparatus and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713049A (en) * 2017-02-04 2017-05-24 杭州迪普科技股份有限公司 Alarm method and device of monitor
CN107800553A (en) * 2016-09-05 2018-03-13 中兴通讯股份有限公司 A kind of method and apparatus of management equipment failure
CN110321268A (en) * 2019-06-12 2019-10-11 平安科技(深圳)有限公司 A kind of alarm information processing method and device
CN111506422A (en) * 2020-04-08 2020-08-07 聚好看科技股份有限公司 Event analysis method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107800553A (en) * 2016-09-05 2018-03-13 中兴通讯股份有限公司 A kind of method and apparatus of management equipment failure
CN106713049A (en) * 2017-02-04 2017-05-24 杭州迪普科技股份有限公司 Alarm method and device of monitor
CN110321268A (en) * 2019-06-12 2019-10-11 平安科技(深圳)有限公司 A kind of alarm information processing method and device
CN111506422A (en) * 2020-04-08 2020-08-07 聚好看科技股份有限公司 Event analysis method and system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114820225A (en) * 2022-06-28 2022-07-29 成都秦川物联网科技股份有限公司 Industrial Internet of things based on keyword identification and manufacturing problem processing and control method
CN114820225B (en) * 2022-06-28 2022-09-13 成都秦川物联网科技股份有限公司 Industrial Internet of things based on keyword recognition and manufacturing problem processing and control method
US11754995B2 (en) 2022-06-28 2023-09-12 Chengdu Qinchuan Iot Technology Co., Ltd. Industrial internet of things for identifying and processing manufacturing problems, control methods, and storage medium
CN115277368A (en) * 2022-08-02 2022-11-01 上海宏时数据***有限公司 Multi-platform alarm method, device, electronic equipment and storage medium
WO2024051258A1 (en) * 2022-09-08 2024-03-14 华为技术有限公司 Event processing method, apparatus and system
CN115762667A (en) * 2022-11-24 2023-03-07 苏州沃时数字科技有限公司 Chemical reaction type identification method and device and computer equipment
CN115762667B (en) * 2022-11-24 2024-05-28 苏州沃时数字科技有限公司 Identification method and device for chemical reaction type and computer equipment

Also Published As

Publication number Publication date
CN114244683A (en) 2022-03-25

Similar Documents

Publication Publication Date Title
WO2022048671A1 (en) Method and apparatus for event categorization
US10594582B2 (en) Introspection driven monitoring of multi-container applications
US11294744B2 (en) Ensemble risk assessment method for networked devices
Kimura et al. Proactive failure detection learning generation patterns of large-scale network logs
US10523540B2 (en) Display method of exchanging messages among users in a group
US9917741B2 (en) Method and system for processing network activity data
CN107729210B (en) Distributed service cluster abnormity diagnosis method and device
US9189758B2 (en) Administration of a network
US20090100289A1 (en) Method and System for Handling Failover in a Distributed Environment that Uses Session Affinity
WO2017080161A1 (en) Alarm information processing method and device in cloud computing
EP4091110A1 (en) Systems and methods for distributed incident classification and routing
CN108427619B (en) Log management method and device, computing equipment and storage medium
JP2016035708A (en) Device and method for updating software
US10732873B1 (en) Timeout mode for storage devices
AU2021218159B2 (en) Utilizing machine learning models to determine customer care actions for telecommunications network providers
WO2022001924A1 (en) Knowledge graph construction method, apparatus and system and computer storage medium
US20170004012A1 (en) Methods and apparatus to manage operations situations in computing environments using presence protocols
US9443196B1 (en) Method and apparatus for problem analysis using a causal map
US8458529B2 (en) Logical entity fault isolation in network systems management
US10268375B2 (en) Methods for proactive prediction of disk failure in the disk maintenance pipeline and devices thereof
CN115580522A (en) Method and device for monitoring running state of container cloud platform
US20080125878A1 (en) Method and system to detect application non-conformance
US20210165725A1 (en) Integrated event processing and policy enforcement
US11736336B2 (en) Real-time monitoring of machine learning models in service orchestration plane
CN118233470A (en) Cluster capacity expansion method and device, communication equipment and storage medium

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21863733

Country of ref document: EP

Kind code of ref document: A1