CN117370053A - Information system service operation-oriented panoramic monitoring method and system - Google Patents

Abstract

The invention discloses an information system service operation panoramic monitoring method and system, comprising the steps of constructing an information system panoramic monitoring index system based on service requirements, wherein the service requirements comprise abnormal prior user perception, automatic alarm association and accurate fault positioning; acquiring target monitoring data and preprocessing the target monitoring data; and combining the preprocessed data with an information system panoramic monitoring index system to perform alarm analysis and fault positioning, and finishing panoramic monitoring of information system service operation. The method realizes the automatic association of abnormality prior to user perception and alarm and the accurate positioning of faults.

Description

A panoramic monitoring method and system for information system business operations

Technical field

The invention relates to the technical field of enterprise information system operation and maintenance management, and in particular to a method and system for panoramic monitoring of information system business operations.

Background technique

Information system monitoring is the process of collecting information system operation data through technical means, and analyzing and managing it. Its purpose is to understand the operating status of the system in real time, discover risks and problems that the system may face in a timely manner, and ensure that the system operates stably and efficiently. Information system monitoring includes different aspects such as user experience monitoring, business application monitoring, service monitoring, platform component monitoring, and infrastructure monitoring. There are currently several deficiencies in information system operation and maintenance monitoring:

(1) Limited monitoring scope: Mainly focus on technical indicator monitoring, such as server indicators, network indicators, etc. The monitoring of business data, service calling links, and user experience is not sufficient. Monitoring is mainly based on "points" and cannot fully evaluate the operating effect of the system.

(2) Monitoring system isolation: There are correlations between different monitoring systems. Since data and information cannot be effectively shared, it is difficult to obtain a global system perspective during the problem diagnosis and decision-making process, resulting in the emergence of "information islands". Phenomenon.

(3) Lack of standardization: Currently, monitoring systems generally adopt their own monitoring plans and indicator systems, and lack unified monitoring data standards and interface specifications. This makes it difficult to interoperate and compare data between different monitoring systems, hindering monitoring integration.

Contents of the invention

The purpose of this section is to outline some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section, the abstract and the title of the invention to avoid obscuring the purpose of this section, the abstract and the title of the invention, and such simplifications or omissions cannot be used to limit the scope of the invention.

In view of the above-mentioned existing problems, the present invention is proposed.

Therefore, the present invention provides a method and system for panoramic monitoring of information system business operations, which can solve the problems mentioned in the background technology.

In order to solve the above technical problems, the present invention provides the following technical solution, a panoramic monitoring method for information system business operations, including:

Construct a panoramic monitoring indicator system for information systems based on business requirements, which include abnormality being detected before users, automatic alarm correlation, and precise fault location;

Obtain target monitoring data and preprocess the target monitoring data;

The preprocessed data is combined with the information system panoramic monitoring index system to perform alarm analysis and fault location to complete panoramic monitoring of the information system business operation.

A panoramic monitoring system for information system business operations, which is characterized by: including a monitoring data collection unit, a server unit, a communication unit, a logic analysis unit, an alarm unit, and a terminal display and query unit,

The monitoring data collection unit is used to collect business performance data, operation and maintenance business data, resource and relationship data, and divide the data into current cycle and historical cycle data according to fixed cycles, and transmit the data to the server unit for structured storage;

The server unit is used to obtain the data information transmitted by the monitoring data collection unit and store it in a structured manner, and call different structured data according to the instruction information transmitted by other units and transmit it to the corresponding unit through the communication unit;

Communication unit, used to maintain connections between various units in the system;

A logical analysis unit is used to preset performance indicators, business application indicators and alarm indicators, and sends data analysis instructions to the server unit through the communication unit, and combines the preset performance indicators, business indicators according to the data transmitted to the server unit. Apply indicators and alarm indicators to analyze and judge monitoring data;

An alarm unit is used to issue alarms based on the analysis and judgment results of the logical analysis unit;

The terminal display and query unit is used to display the analysis and judgment results of the logical analysis unit and to perform alarms in conjunction with the alarm unit, and to provide resource query services for users, and to retrieve and display the server unit through the communication unit the corresponding data in .

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the monitoring data collection unit includes a data collection module and a data processing module,

The data collection module includes a first data collection part, a second data collection part and a third data collection part. The first data collection part, the second data collection part and the third data collection part are simultaneously connected with the data processing module. One-way connection, directly transmits the collected data to the data processing module;

The first data collection part collects system external data through APM tools, the second data collection part collects system external data through NPM tools, and the third data collection part collects system external data through other link monitoring tools. After receiving the data transmitted by the data collection module, the data processing module aggregates the data into three types of data: topology data, link data and indicator data, structures it and sends it to the server unit through the communication unit. The server unit Store the received structured data;

The structuring includes dividing the data into basic monitoring data, business link data, system business data and log data.

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the logical analysis unit includes an indicator preset module, an indicator comparison module, a fault analysis and judgment module, a fault location module and a fault early warning module. ,

The indicator preset module is used to preset performance indicators, business application indicators and alarm indicators. The indicator comparison module is directly connected to the server unit through the communication unit. The indicator comparison module sends comparison instructions to the communication unit. The comparison instruction includes a first comparison instruction, a second comparison instruction and a third comparison instruction;

When the server unit obtains the first comparison instruction, the server unit transmits the basic monitoring data to the indicator comparison module, and the indicator comparison module combines the preset indicators in the indicator preset module to perform data processing. Compare, after generating the first comparison result, and transmit the first comparison result to the fault analysis and judgment module;

When the server unit obtains the second comparison instruction, the server unit transmits the service link data and system service data to the indicator comparison module, and the indicator comparison module combines the presets in the indicator preset module. Compare the data with the indicators, generate a second comparison result, and transmit the first comparison result to the fault analysis and judgment module;

When the server unit obtains the third comparison instruction, the server unit transmits the log data to the indicator comparison module, and the indicator comparison module compares the data in combination with the indicators preset in the indicator preset module. , generate a third comparison result, and transmit the third judgment result to the fault analysis and judgment module.

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the logical analysis unit further includes:

The fault analysis and judgment module receives the index comparison results transmitted from the index comparison module, and analyzes and judges the index comparison results;

When receiving the first judgment result, if the basic monitoring data in the first judgment result deviates from the preset basic monitoring data by 10%, or if the basic monitoring data in the first judgment result is missing, it is determined that a fault has occurred;

When receiving the second judgment result, if the service link data and system service data in the second judgment result are missing, it is determined that a fault has occurred;

When receiving the third judgment result, if the log data in the third judgment result is missing or increased compared with the previous period, it is determined that a fault has occurred.

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the logical analysis unit further includes:

The fault location module obtains a specific location model by combining neural network training. The fault location module receives fault data from the log data in the server unit, takes the fault data as input, and takes the fault type and fault location as output. Training Fault location neural network model;

After the fault location neural network model training is completed, the fault location module saves the model to the server unit. If the fault analysis and judgment module determines that the result is a fault, the fault analysis and judgment module reports the fault to the fault location module. The positioning module sends a fault to be located instruction. When the fault positioning module obtains the fault to be located instruction, it sends a fault positioning neural network model instruction to the server unit through the communication unit;

When the fault location neural network model is successfully retrieved, the real-time data in the server unit is directly used as model input and connected to the fault location neural network model to obtain the fault type and fault location information, and transmit the fault type and fault location information. to the fault warning module;

The fault early warning module confirms the alarm level of the fault type and fault location information, and then transmits the alarm level to the alarm unit.

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the alarm unit includes providing alarm triggering strategy configuration and alarm notification strategy configuration, and provides multi-channel alarms for information system monitoring, and the alarm unit The triggering strategy is configured independently. Alarm triggering conditions include single indicator triggering and multi-indicator combination triggering. The single indicator triggering rules include missing alarms, threshold alarms, character comparisons, trend alarms, status reversals, floating threshold alarms and mutation alarm rules. The multi-indicator triggers multi-indicator joint alarming based on "AND" and "OR" rules. The alarm notification strategy configuration includes an alarm resource range and a notification strategy. The alarm resource range includes resource types, resource units, computer rooms, and groups. , resource instance mode is set; the notification strategy includes receiving objects, notification methods, notification time, repetition rules, upgrade rules, and also includes deduplication, grouping, suppression, silencing and routing functions for alarms. According to the logical analysis unit Alarm based on the analysis and judgment results.

As a preferred solution of the panoramic monitoring system for information system business operation according to the present invention, the terminal display and query unit includes the data collected by the display system, and displays the alarm information in combination with the alarm unit, It also includes querying resources according to user needs.

A computer device includes a memory and a processor. The memory stores a computer program. It is characterized in that when the processor executes the computer program, the steps of the above method are implemented.

A computer-readable storage medium on which a computer program is stored, characterized in that when the computer program is executed by a processor, the steps of the above method are implemented.

Beneficial effects of the present invention: The present invention proposes a method and system for panoramic monitoring of information system business operations, and constructs a panoramic monitoring index system for information systems based on business requirements. The business requirements include abnormality prior to user perception, automatic alarm association, and fault accuracy. Positioning; obtaining target monitoring data and preprocessing the target monitoring data; combining the preprocessed data with the information system panoramic monitoring index system to perform alarm analysis and fault location to complete a panoramic view of the information system business operation monitor. Achieve abnormality detection before users, automatic alarm correlation and precise fault location.

Description of the drawings

In order to explain the technical solutions of the embodiments of the present invention more clearly, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. Those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting any creative effort. in:

Figure 1 is a method flow chart of a panoramic monitoring method and system for information system business operations provided by an embodiment of the present invention;

Figure 2 is a schematic system structure diagram of a panoramic monitoring method and system for information system business operations provided by an embodiment of the present invention;

Figure 3 is a schematic diagram of APM/NPM external probe management for an information system business operation panoramic monitoring method and system provided by an embodiment of the present invention;

Figure 4 is an information system panoramic monitoring technical architecture oriented to an information system business operation panoramic monitoring method and system provided by an embodiment of the present invention;

Figure 5 is a schematic flow chart of an information system panoramic monitoring method and system for information system business operation panoramic monitoring provided by one embodiment of the present invention;

Figure 6 is an internal structure diagram of a computer device for a panoramic monitoring method and system for information system business operations provided by an embodiment of the present invention.

Detailed ways

In order to make the above objects, features and advantages of the present invention more obvious and easy to understand, the specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It is obvious that the described embodiments are part of the embodiments of the present invention, not all of them. Example. Based on the embodiments of the present invention, all other embodiments obtained by ordinary people in the art without creative efforts should fall within the protection scope of the present invention.

Many specific details are set forth in the following description to fully understand the present invention. However, the present invention can also be implemented in other ways different from those described here. Those skilled in the art can do so without departing from the connotation of the present invention. Similar generalizations are made, and therefore the present invention is not limited to the specific embodiments disclosed below.

Second, reference herein to "one embodiment" or "an embodiment" refers to a specific feature, structure, or characteristic that may be included in at least one implementation of the present invention. "In one embodiment" appearing in different places in this specification does not all refer to the same embodiment, nor is it a separate or selective embodiment that is mutually exclusive with other embodiments.

The present invention will be described in detail with reference to schematic diagrams. When describing the embodiments of the present invention in detail, for the convenience of explanation, the cross-sectional diagrams showing the device structure will be partially enlarged according to the general scale. Moreover, the schematic diagrams are only examples and shall not limit the present invention. scope of protection. In addition, the three-dimensional dimensions of length, width and depth should be included in actual production.

At the same time, in the description of the present invention, it should be noted that the orientation or positional relationship indicated by the terms "upper, lower, inner and outer" are based on the orientation or positional relationship shown in the drawings, and are only for the convenience of describing the present invention. The invention and simplified description are not intended to indicate or imply that the devices or elements referred to must have a specific orientation, be constructed and operate in a specific orientation, and therefore are not to be construed as limitations of the invention. Furthermore, the terms "first, second or third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.

Unless otherwise clearly stated and limited in the present invention, the terms "installation, connection, and connection" should be understood in a broad sense. For example, it can be a fixed connection, a detachable connection, or an integrated connection; it can also be a mechanical connection, an electrical connection, or a direct connection. A connection can also be indirectly connected through an intermediary, or it can be an internal connection between two components. For those of ordinary skill in the art, the specific meanings of the above terms in the present invention can be understood on a case-by-case basis.

Example 1

Referring to Figures 1-6, a first embodiment of the present invention is shown. This embodiment provides a panoramic monitoring system for information system business operations, including:

In a preferred embodiment, a panoramic monitoring system for information system business operations includes a monitoring data collection unit 100, a server unit 200, a communication unit 300, a logic analysis unit 400, an alarm unit 500, and a terminal display and query unit 600.

The monitoring data collection unit 100 is used to collect business performance data, operation and maintenance business data, and resource and relationship data, and divide the data into current cycle and historical cycle data according to fixed cycles, and transmit the data to the server unit 200 for structured storage. ;

The server unit 200 is used to obtain the data information transmitted by the monitoring data collection unit 100 and store it in a structured manner. According to the instruction information transmitted by other units, the different structured data are called and transmitted to the corresponding unit through the communication unit 300;

Communication unit 300, used to maintain the connection of various units in the system;

The logic analysis unit 400 is used to preset performance indicators, business application indicators and alarm indicators, and send data analysis instructions to the server unit 200 through the communication unit 300, and combine the preset performance indicators and business application indicators according to the data transmitted by the server unit 200 and alarm indicators to analyze and judge monitoring data;

The alarm unit 500 is used to issue alarms based on the analysis and judgment results of the logic analysis unit 400;

The terminal display and query unit 600 is used to display the analysis and judgment results of the logic analysis unit 400 and to provide alarms in conjunction with the alarm unit 500, and to provide resource query services for users, and to retrieve and display the corresponding information in the server unit 200 through the communication unit 300. data.

The monitoring data collection unit 100 includes a data collection module 101 and a data processing module 102.

The data collection module 101 includes a first data collection part 101a, a second data collection part 101b, and a third data collection part 101c. The first data collection part 101a, the second data collection part 101b, and the third data collection part 101c simultaneously process data. The module 102 has a one-way connection and directly transmits the collected data to the data processing module 102;

The first data collection part 101a collects system external data through APM tools, the second data collection part 101b collects system external data through NPM tools, the third data collection part 101c collects system external data through other link monitoring tools, and the data processing module 102 After receiving the data transmitted to the data collection module 101, the data is aggregated into three types of data: topology data, link data and indicator data, and is sent to the server unit 200 through the communication unit 300. The server unit 200 converts the received data. store;

Structuring includes dividing data into basic monitoring data, business link data, system business data and log data.

Among them, basic monitoring data can include port rate, CPU usage, memory usage, number of sessions, number of new connections, packet loss ratio, delay and other indicators. Business link data can include call request success rate, average call response, and The number of calls per minute, topology data, trace call list, span monitoring details and other information. System business data can include the number of registered users, the number of online users, the number of active users, the number of new users, the number of visits, business volume, business operation stage distribution, Data such as the number of business visits, the number of business objects, and log data.

The logical analysis unit 400 includes an indicator preset module 401, an indicator comparison module 402, a fault analysis and judgment module 403, a fault location module 404 and a fault warning module 405.

The indicator preset module 401 is used to preset performance indicators, business application indicators and alarm indicators. The indicator comparison module 402 is directly connected to the server unit 200 through the communication unit 300. The indicator comparison module 402 sends a comparison instruction to the communication unit 300. The comparison instruction includes: a first comparison instruction, a second comparison instruction and a third comparison instruction;

When the server unit 200 obtains the first comparison instruction, the server unit 200 transmits the basic monitoring data to the indicator comparison module 402. The indicator comparison module 402 judges the data in combination with the indicators preset in the indicator preset module 401, and makes the judgment The results are transmitted to the fault analysis and judgment module 403;

When the server unit 200 obtains the second comparison instruction, the server unit 200 transmits the service link data and the system service data to the indicator comparison module 402. The indicator comparison module 402 combines the indicators preset in the indicator preset module 401 to perform data processing. Make a judgment and transmit the judgment result to the fault analysis and judgment module 403;

When the server unit 200 obtains the third comparison instruction, the server unit 200 transmits the log data to the indicator comparison module 402. The indicator comparison module 402 judges the data in combination with the indicators preset in the indicator preset module 401, and sends the judgment results. transmitted to the fault analysis and judgment module 403.

Logic analysis unit 400 also includes,

The fault analysis and judgment module 403 receives the index comparison results transmitted from the index comparison module 402, and analyzes and judges the index comparison results;

When receiving the first judgment result, if the basic monitoring data in the first judgment result deviates from the preset basic monitoring data by 10%, or if the basic monitoring data in the first judgment result is missing, it is determined that a fault has occurred;

When receiving the second judgment result, if the service link data and system service data in the second judgment result are missing, it is determined that a fault has occurred;

When receiving the third judgment result, if the log data in the third judgment result is missing or increased compared with the previous period, it is determined that a fault has occurred.

Logic analysis unit 400 also includes,

The fault location module 404 obtains a specific location model by combining neural network training. The fault location module 404 receives the fault data from the log data in the server unit 200, uses the fault data as input, and uses the fault type and fault location as output to train the fault location neural network. network model;

After the fault location neural network model training is completed, the fault location module 404 saves the model to the server unit 200. If the fault analysis and judgment module 403 determines that the result is a fault, the fault analysis and judgment module 403 sends a pending fault to the fault location module 404. bit instruction, when the fault location module 404 obtains the fault to be located instruction, it sends an instruction to retrieve the fault location neural network model to the server unit 200 through the communication unit 300;

When the fault location neural network model is successfully retrieved, the real-time data in the server unit 200 is directly used as model input and connected to the fault location neural network model to obtain the fault type and fault location information, and transmit the fault type and fault location information to the fault warning Module 405;

After confirming the alarm level on the fault type and fault location information, the fault warning module 405 transmits the alarm level to the alarm unit 500 .

The alarm unit 500 includes providing alarm triggering strategy configuration and alarm notification strategy configuration, and provides multi-channel alarms for information system monitoring. The alarm triggering strategy is configured independently. The alarm triggering conditions include single indicator triggering and multiple indicator combination triggering. Single indicator triggering rules include missing Alarms, threshold alarms, character comparisons, trend alarms, status reversal, floating threshold alarms and mutation alarm rules, multi-indicator triggers multi-indicator joint alarms based on "AND" and "OR" rules, alarm notification policy configuration includes alarm resource range and notification Strategy, alarm resource scope includes setting by resource type, resource unit, computer room, group, resource instance; notification strategy includes receiving objects, notification method, notification time, repetition rules, upgrade rules, and also includes alarm deduplication, The grouping, suppression, silencing and routing functions provide alarms based on the analysis and judgment results of the logical analysis unit 400.

The terminal display and query unit 600 includes displaying data collected by the system, displaying alarm information in combination with the alarm unit 500, and querying resources according to user needs.

Each of the above-mentioned unit modules can be embedded in or independent of the processor of the computer device in the form of hardware, or can be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to each of the above modules.

In summary, the present invention proposes a panoramic monitoring system for information system business operations, and constructs a panoramic monitoring index system for information systems based on business requirements. The business requirements include abnormality prior to user perception, automatic alarm association, and precise fault location; obtaining target monitoring data, And preprocess the target monitoring data; combine the preprocessed data with the information system panoramic monitoring indicator system to conduct alarm analysis and fault location, and complete the panoramic monitoring of the information system business operation. Achieve abnormality detection before users, automatic alarm correlation and precise fault location.

Example 2

Referring to Figures 1-6, an embodiment of the present invention provides a method for panoramic monitoring of information system business operations, including:

Construct a panoramic monitoring indicator system for information systems based on business needs, which include abnormality sensing before users, automatic alarm correlation, and accurate fault location;

Obtain target monitoring data and preprocess the target monitoring data;

Combine the preprocessed data with the information system panoramic monitoring indicator system to perform alarm analysis and fault location to complete panoramic monitoring of the information system business operation.

In the embodiment of this application, APM/NPM link tool data integration specifications are proposed: external systems aggregate APM and NPM data into topology data (topo), link data (trace) through APM, NPM tools or other link monitoring tools. ) and indicator data (metric) are sent to the message queue through the adapter program, and the dump service dumps the received data.

Among them, topology data Topo: Topology data is the topology data of calls between business system application services, databases, middleware or external system application services within a period of time, including transaction topology data, service topology data, and network topology data.

It should be noted that link data Trace: Link data Trace is the user's specific call request, APM link and NPM link, including detailed data such as the starting point and end point of the link, as well as related call stack information.

It should be noted that indicator data Metric: Indicator data Metric is data related to the aggregation, calculation and statistics of services, service instances, call chain traces and other data.

It should be noted that unified management of APM/NPM external probes: In order to achieve unified management of APM and NPM probes from various manufacturers and provide unified probe management support service functions, each probe manufacturer must follow the unified management Develop and implement related adaptation functions based on management requirements.

In the embodiment of this application, the southbound interface service specification is proposed: the southbound interface is used to realize the reception and aggregation of external data such as information system business data, system integration interfaces or monitoring indicators, and the data transmission capability is realized through API interfaces and message queues. Among them, the real-time data processing scenario uses the API interface, is based on the HTTP protocol, and follows the RESTful specification; the data batch receiving and subscription scenario uses the message service, and supports common message queue middleware such as Kafka and RabbitMQ.

In the embodiment of this application, an information system panoramic monitoring index system is established: including physical equipment (host equipment, network equipment, security equipment, storage equipment, computer room equipment, special equipment, etc.) indicators, basic platform (cloud platform, data center, VMware, OpenStack, kubernetes, on-cloud resources, off-cloud databases, off-cloud middleware, etc.) indicators, information system (business, services, service links, service topology, etc.) indicators, log data. Standardize collection and access objects, collection indicators, collection methods, and collection frequency.

It should be noted that the corresponding indicator library and collection method are established according to the monitoring indicator system. The collection method is divided into three modes: Agent collection, protocol collection and third-party data access.

It should be noted that Agent collection includes plug-in collection, script collection, probes, etc., supports pluggable plug-in collection, and supports third-party collection plug-in access to expand the collection scope and collection method.

It should be noted that protocol collection includes data collection of common protocols such as SNMP, SSH, WMI, RESTFUL, JMX, SMI-S, IPMI, HTTP, HTTPS, and JDBC.

Furthermore, third-party data access can be supported through the southbound interface and APM and NPM interface specifications.

In the embodiment of this application, the business link model and resource model are also unified maintained and managed based on CMDB: the business link model includes business scenarios, business activities, and service endpoints, and the information system business is realized through the business link model and interrelated relationships. Scene management. At the same time, combined with resource models and relationships such as information systems, platform components, infrastructure, etc., a full scenario of nodes, links, and system integration at all levels including the infrastructure layer, platform layer, service layer, and application layer is formed to support the panoramic monitoring of the information system. Data model.

In the embodiment of this application, centralized management of alarms is also provided: alarm triggering strategy configuration and alarm notification strategy configuration are provided, and multi-channel alarms are provided for information system monitoring. Alarm triggering strategies can be configured independently based on each resource model. Alarm triggering conditions include single indicator triggering and multi-indicator combination triggering. Single indicator triggering rules include missing alarms, threshold alarms, character comparisons, trend alarms, status reversal, floating threshold alarms, and mutation alarms. Multi-indicator triggering can provide multi-indicator joint alarms based on "AND" and "OR" rules. Alarm notification rules include alarm resource range and notification strategy. Alarm resource range can be set by resource type, resource unit, computer room, group, resource instance, etc. Notification strategy includes receiving objects, notification method, notification time, repeat rules, and upgrades. Rules etc. It also supports functions such as deduplication, grouping, suppression, silencing and routing of alarms. Analyze the causes of alarms through the association rule engine, quickly and accurately locate faults, reduce the interference of invalid alarms, and effectively resist alarm storms.

In the embodiment of this application, business scenario orchestration is also provided: In order to solve the business needs of information systems such as numerous business scenarios and irregular adjustments to business scenarios, a business scenario orchestration function is provided. Business scenario orchestration means that operation and maintenance personnel create business scenarios, process orchestration and custom indicator correlation based on business scenario related materials sorted out by business departments to support the preservation of business links. Including scenario classification maintenance, business scenario maintenance, business flow link maintenance, etc. Realize the system's full-link monitoring service that is oriented by business scenarios and based on business language.

In the embodiment of this application, indicator signboard arrangement is also provided: In order to solve the need for dynamic adjustment of business indicators and display layout in different periods and different scenarios in business scenarios, an indicator signboard arrangement function is provided. Indicator board arrangement is the work of the business personnel of the business department to arrange the business indicators and presentation forms that need to be displayed on the business monitoring board based on the business operation monitoring situation sorted out by the business department. Indicator dashboard arrangement includes business scenario selection, business indicator maintenance, indicator dashboard and layout arrangement.

In one embodiment, a computer device is provided. The computer device may be a terminal, and its internal structure diagram may be as shown in FIG. 6 . The computer device includes a processor, memory, communication interface, display screen and input device connected through a system bus. Wherein, the processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes non-volatile storage media and internal memory. The non-volatile storage medium stores operating systems and computer programs. This internal memory provides an environment for the execution of operating systems and computer programs in non-volatile storage media. The communication interface of the computer device is used for wired or wireless communication with external terminals. The wireless mode can be implemented through WIFI, operator network, NFC (Near Field Communication) or other technologies. When the computer program is executed by the processor, a panoramic monitoring method for information system business operations is implemented. The display screen of the computer device may be a liquid crystal display or an electronic ink display. The input device of the computer device may be a touch layer covered on the display screen, or may be a button, trackball or touch pad provided on the computer device shell. , it can also be an external keyboard, trackpad or mouse, etc.

In one embodiment, a computer-readable storage medium is provided with a computer program stored thereon. When the computer program is executed by a processor, the following steps are implemented:

Construct a panoramic monitoring indicator system for information systems based on business needs, which include abnormality sensing before users, automatic alarm correlation, and precise fault location;

Obtain target monitoring data and preprocess the target monitoring data;

Combine the preprocessed data with the information system panoramic monitoring indicator system to perform alarm analysis and fault location to complete panoramic monitoring of the information system business operation.

In summary, the present invention proposes a method for panoramic monitoring of information system business operations, and constructs a panoramic monitoring index system for information systems based on business requirements. The business requirements include abnormality prior to user perception, automatic alarm association, and accurate fault location; obtaining target monitoring data, And preprocess the target monitoring data; combine the preprocessed data with the information system panoramic monitoring indicator system to conduct alarm analysis and fault location, and complete the panoramic monitoring of the information system business operation. Achieve abnormality detection before users, automatic alarm correlation and precise fault location.

Example 3

Referring to Figures 1-6, an embodiment of the present invention provides a method and system for panoramic monitoring of information system business operations, including:

As shown in Figure 5, the specific implementation steps for panoramic monitoring of an information system are:

First, sort out the infrastructure, platform components, business scenarios, business activities, service endpoints, physical topology diagrams, microservice lists, system integration relationships and other information involved in the information system (some of this information can be automatically obtained through automatic discovery, such as network layer topology discovery , automatic discovery of databases and middleware on the host, automatic discovery of microservices and service endpoints). Infrastructure includes host servers, network equipment, security equipment, storage equipment and other resources; platform components include databases, middleware and other resources; business scenarios, business activities, service endpoint sorting work mainly includes sorting out the names and descriptions of business scenarios, and clarifying different businesses Monitor the business indicators that need attention in the scenario and the business activities that make up the business scenario, the root service endpoints of each business activity, the business call links that support business operations, etc., and finally form a business scenario list, business monitoring indicator list, business flow chart, Business call chain and other contents; the IoT topology diagram refers to the topological relationship of various resources deployed by the information system; the microservice list is the information system deployment service list and the relationship with business scenarios and business activities; the system integration relationship is used to describe different business scenarios The integration relationship with external systems includes key information such as business scenarios, business activities, integration methods, integration directions, and integration content associated with external systems.

According to the relevant resources and relationships involved in the sorted information system, relevant models are maintained in the system, see the resource configuration component in Figure 4. The main resource models include information systems, physical machines, storage devices, network devices, security devices, virtual machines, cloud components, databases, middleware, business scenarios, business activities, service endpoints and other models and related sub-models, while maintaining resource-related topology Relationships, dynamic relationships such as service call links are automatically maintained through collection.

The access of information system monitoring data is realized by relying on the collection control component, see Figure 4. It provides functions such as collection task configuration, collection task scheduling and execution, and return of collection results. In addition to direct collection with or without agents through its own unified agent, data from third-party tools can also be accessed through the southbound interface. The collected monitoring data includes basic monitoring data (port rate, CPU usage, memory usage, number of sessions, number of new connections, packet loss ratio, delay and other indicators), business link data (call request success rate, call average response, Number of calls per minute, topology data, trace call list, span monitoring details and other information), system business data (number of registered users, number of online users, number of active users, number of new users, number of visits, business volume, business operation stage distribution , business access times, number of business objects and other data), log data.

For access to applications such as APM and NPM and network link data, see Figure 2. There are two data access methods: for general APM and NPM tools, business link data is actively and regularly obtained through the system-side adaptation service; for specific link tools, the link tool manufacturer develops adaptation services according to specifications and pushes them regularly. Business link data. The accessed data is uniformly sent to the message service queue, and then the data is flowed to the monitoring alarm service and resource configuration service through the dump service to perform data alarm monitoring and data model updating.

In order to achieve unified management of APM and NPM probes from various manufacturers in the system, a unified management support service function for probes is provided on the system side. Each probe manufacturer must develop and implement relevant adaptations in accordance with the requirements of unified management. function, see Figure 3. On the system side, the following interface services are provided for the probe management and adaptation services of each manufacturer: Register Probe Management and Adaptation Service (used for the probe management and adaptation service to actively register the management and adaptation service information with the system. The manufacturer issues a probe operation policy and provides a push address), registers the deployed probe service (used for the probe management and adaptation service to actively register the deployed probe instance information with the system), and obtains the probe operation policy service (using The probe management and adaptation service obtains the operating strategy of the probe from the system) and receives the probe operating status data service (the adaptation service corresponding to the probe submits self-monitoring data to the system through this interface); it should be provided on the manufacturer side The following interface services: receive the delivered probe operation policy service.

For the collected and accessed monitoring data, the monitoring management component and the data analysis component are used to process the data and generate alarm information. At the same time, the data analysis capabilities are combined to perform alarm correlation analysis and fault location, see Figure 4. Based on flink streaming computing, the accessed monitoring data is processed, and alarm rules are used to determine whether an alarm is generated. The alarm information is deduplicated, denoised, and then the alarm information notification is sent according to the alarm notification rules.

Finally, the information system panoramic monitoring information is visually displayed through views such as business comprehensive monitoring and operation panoramic monitoring. At the same time, according to the actual business scenario information sorted out, through the scenario orchestration function and indicator dashboard orchestration function provided by the system, the relevant business scenario monitoring views and relevant indicator dashboards are dynamically configured to meet the business monitoring needs of different systems.

It should be noted that the above embodiments are only used to illustrate the technical solution of the present invention rather than to limit it. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solution of the present invention can be carried out. Modifications or equivalent substitutions without departing from the spirit and scope of the technical solution of the present invention shall be included in the scope of the claims of the present invention.

Those skilled in the art will understand that embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein. The solutions in the embodiments of this application can be implemented using various computer languages, such as the object-oriented programming language Java and the literal scripting language JavaScript.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

Although the preferred embodiments of the present application have been described, those skilled in the art will be able to make additional changes and modifications to these embodiments once the basic inventive concepts are apparent. Therefore, it is intended that the appended claims be construed to include the preferred embodiments and all changes and modifications that fall within the scope of this application.

Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the spirit and scope of the present application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (10)

1. An information system service operation-oriented panoramic monitoring method is characterized by comprising the following steps of: comprising the steps of (a) a step of,

constructing an information system panoramic monitoring index system based on service requirements, wherein the service requirements comprise abnormal prior to user perception, automatic alarm association and accurate fault positioning;

acquiring target monitoring data and preprocessing the target monitoring data;

and combining the preprocessed data with the information system panoramic monitoring index system to perform alarm analysis and fault positioning, and finishing panoramic monitoring of information system business operation.

2. An information system service operation-oriented panoramic monitoring system is characterized in that: comprises a monitoring data acquisition unit (100), a server unit (200), a communication unit (300), a logic analysis unit (400), an alarm unit (500) and a terminal display and query unit (600),

the monitoring data acquisition unit (100) is used for collecting service performance data, operation and maintenance service data, resources and relation data, dividing the data into current period data and historical period data according to a fixed period, and transmitting the data to the server unit (200) for structural storage;

The server unit (200) is used for acquiring the data information transmitted by the monitoring data acquisition unit (100), carrying out structural storage, and calling different structured data according to the instruction information transmitted by other units to transmit the data to the corresponding unit through the communication unit (300);

a communication unit (300) for maintaining a connection of the units in the system;

the logic analysis unit (400) is used for presetting performance indexes, service application indexes and alarm indexes, sending data analysis instructions to the server unit (200) through the communication unit (300), and analyzing and judging monitoring data according to the data transmitted by the server unit (200) and combining the preset performance indexes, the service application indexes and the alarm indexes;

an alarm unit (500) for alarming according to the analysis and judgment result of the logic analysis unit (400);

and the terminal display and query unit (600) is used for displaying the analysis and judgment result of the logic analysis unit (400) and carrying out alarming in combination with the alarming unit (500), providing resource query service for a user, and calling and displaying corresponding data in the server unit (200) through the communication unit (300).

3. The information system service oriented operation panorama monitoring system according to claim 2, wherein: the monitoring data acquisition unit (100) comprises a data collection module (101) and a data processing module (102),

the data collection module (101) comprises a first data collection part (101 a), a second data collection part (101 b) and a third data collection part (101 c), wherein the first data collection part (101 a), the second data collection part (101 b) and the third data collection part (101 c) are simultaneously connected with the data processing module (102) in a one-way manner, and collected data are directly transmitted to the data processing module (102);

the first data collecting part (101 a) collects system external data through an APM tool, the second data collecting part (101 b) collects system external data through an NPM tool, the third data collecting part (101 c) collects system external data through other link monitoring tools, the data processing module (102) aggregates data into three types of data, namely topology data, link data and index data after receiving the data transmitted by the data collecting module (101), and the three types of data are structured and then transmitted to the server unit (200) through the communication unit (300), and the server unit (200) stores the received structured data;

The structuring includes dividing the data into base monitoring data, traffic link data, system traffic data, and log data.

4. The information system service oriented operational panorama monitoring system according to claim 3, wherein: the logic analysis unit (400) comprises an index presetting module (401), an index comparing module (402), a fault analysis and judgment module (403), a fault positioning module (404) and a fault early warning module (405),

the index presetting module (401) is used for presetting performance indexes, service application indexes and alarm indexes, the index comparison module (402) is directly connected with the server unit (200) through the communication unit (300), the index comparison module (402) sends comparison instructions to the communication unit (300), and the comparison instructions comprise a first comparison instruction, a second comparison instruction and a third comparison instruction;

when the server unit (200) acquires a first comparison instruction, the server unit (200) transmits basic monitoring data to the index comparison module (402), the index comparison module (402) compares the data by combining indexes preset in the index preset module (401), and after a first comparison result is generated, the first comparison result is transmitted to the fault analysis and judgment module (403);

When the server unit (200) acquires a second comparison instruction, the server unit (200) transmits service link data and system service data to the index comparison module (402), the index comparison module (402) compares the data by combining indexes preset in the index preset module (401) to generate a second comparison result, and the first comparison result is transmitted to the fault analysis and judgment module (403);

when the server unit (200) acquires a third comparison instruction, the server unit (200) transmits log data to the index comparison module (402), the index comparison module (402) compares the data by combining indexes preset in the index preset module (401) to generate a third comparison result, and the third judgment result is transmitted to the fault analysis and judgment module (403).

5. The information system service oriented operation panorama monitoring system according to claim 4, wherein: the logic analysis unit (400) further comprises,

the fault analysis and judgment module (403) receives the index comparison result transmitted by the index comparison module (402) and analyzes and judges the index comparison result;

When the first judgment result is received, if the basic monitoring data in the first judgment result deviates from the preset basic monitoring data by ten percent, or the basic monitoring data in the first judgment result is absent, a fault is determined;

when the second judging result is received, if the service link data and the system service data in the second judging result are missing, the fault is determined to occur;

when the third judging result is received, if the log data in the third judging result is missing or is increased compared with the previous period, the fault is determined.

6. The information system service oriented operation panorama monitoring system according to claim 5, wherein: the logic analysis unit (400) further comprises,

the fault positioning module (404) is used for obtaining a specific positioning model through combining with a neural network training, the fault positioning module (404) is used for receiving fault data in log data from the server unit (200), taking the fault data as input, taking the fault type and the fault position as output, and training the fault positioning neural network model;

after the training of the fault location neural network model is completed, the fault location module (404) stores the model into the server unit (200), if the fault analysis and judgment module (403) judges that the result is a fault, the fault analysis and judgment module (403) sends a fault location waiting instruction to the fault location module (404), and after the fault location module (404) acquires the fault location waiting instruction, the communication unit (300) sends a fault location neural network model calling instruction to the server unit (200);

When the fault location neural network model is successfully called, the real-time data in the server unit (200) is directly used as a model input to be accessed into the fault location neural network model, the fault type and the fault position information are obtained, and the fault type and the fault position information are transmitted to the fault early warning module (405);

the fault early warning module (405) confirms the fault type and the fault position information and then transmits the alarm grade to the alarm unit (500).

7. The information system service oriented operation panorama monitoring system according to claim 6, wherein: the alarm unit (500) comprises alarm triggering strategy configuration and alarm notification strategy configuration, wherein the alarm triggering strategy configuration is used for providing multi-channel alarms for information system monitoring, the alarm triggering strategy is independently configured, alarm triggering conditions comprise single-index triggering and multi-index combined triggering, the single-index triggering rules comprise missing alarms, threshold alarms, character comparison, trend alarms, state inversion, floating threshold alarms and abrupt change alarm rules, the multi-index triggering is used for carrying out multi-index combined alarms based on AND or rules, the alarm notification strategy configuration comprises an alarm resource range and a notification strategy, and the alarm resource range comprises a resource type, a resource unit, a machine room, a group and a resource instance mode; the notification strategy comprises a receiving object, a notification mode, notification time, a repetition rule and an upgrading rule, and further comprises functions of de-duplication, grouping, suppression, silence and routing of alarms, and alarms are carried out according to analysis and judgment results of the logic analysis unit (400).

8. The information system service oriented operation panorama monitoring system according to claim 7, wherein: the terminal display and query unit (600) comprises data collected by a display system, displays alarm information by combining the alarm unit (500), and queries resources according to user requirements.

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of claim 1 when executing the computer program.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of claim 1.