[go: up one dir, main page]

CN116974801A - Transaction link abnormality analysis method and device, storage medium and computer equipment - Google Patents

Transaction link abnormality analysis method and device, storage medium and computer equipment Download PDF

Info

Publication number
CN116974801A
CN116974801A CN202310814084.1A CN202310814084A CN116974801A CN 116974801 A CN116974801 A CN 116974801A CN 202310814084 A CN202310814084 A CN 202310814084A CN 116974801 A CN116974801 A CN 116974801A
Authority
CN
China
Prior art keywords
target
log information
transaction
log
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310814084.1A
Other languages
Chinese (zh)
Inventor
江旗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kangjian Information Technology Shenzhen Co Ltd
Original Assignee
Kangjian Information Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kangjian Information Technology Shenzhen Co Ltd filed Critical Kangjian Information Technology Shenzhen Co Ltd
Priority to CN202310814084.1A priority Critical patent/CN116974801A/en
Publication of CN116974801A publication Critical patent/CN116974801A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a transaction link anomaly analysis method and device, a storage medium and computer equipment, which belong to the technical field of financial data processing and analysis, and mainly solve the problems of limited analysis and low analysis accuracy and comprehensiveness of complex transaction link anomalies in the prior art, wherein the method comprises the steps of monitoring a plurality of service call nodes related to transaction data in a forward monitoring and reverse monitoring mode; creating a data query task based on a plurality of service call nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service call nodes; acquiring log information, and determining target log information from the log information based on the key log information; determining a target abnormality analysis rule corresponding to the key log information, and carrying out abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result.

Description

Transaction link abnormality analysis method and device, storage medium and computer equipment
Technical Field
The invention relates to the technical field of financial data processing and analysis, in particular to a transaction link abnormality analysis method and device, a storage medium and computer equipment.
Background
With the continuous development of computer technology, online transaction services are increasingly widely used. In online transaction systems, it is desirable to improve system stability and user experience by monitoring the transaction link in real time and analyzing the cause of errors.
In the prior art, a technical means of link tracking is adopted to monitor a transaction link, and whether the transaction link is abnormal or not is judged according to the result of the link tracking. However, with the increasing complexity of transaction links, the monitoring requirements of complex transaction links have not been fully met because link tracking is limited to a particular tracking component or framework. In addition, for the problems of complex error scenes and multi-factor interleaving, the accuracy and the comprehensiveness of transaction link anomaly analysis which only depend on link tracking are lacking.
Disclosure of Invention
In view of this, the invention provides a method and a device for analyzing transaction link abnormality, a storage medium and a computer device, and mainly aims to solve the problems that the analysis of complex transaction link abnormality is limited and the analysis accuracy and the comprehensiveness are low in the prior art.
According to one aspect of the present invention, there is provided a method for analyzing transaction link anomalies, including:
when transaction data is monitored, determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode;
creating a data query task based on a plurality of service calling nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service calling nodes based on the data query instruction;
acquiring the log information, and determining target log information from the log information based on key log information;
and acquiring a target abnormality analysis rule corresponding to the key log information, and carrying out abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result.
Further, the determining target log information from the log information based on the key log information includes:
acquiring key log information from the log information based on key log information keywords;
a plurality of log information having the same key log information is determined as target log information.
Further, the key log information comprises transaction service type information;
before the target abnormality analysis rule corresponding to the key log information is obtained, the method further includes:
predefining an anomaly analysis rule based on the transaction traffic type;
and acquiring the key log information and the predefined exception analysis rule corresponding to the transaction service type information, and establishing an association relationship between the key log information and the predefined exception analysis rule.
Further, the obtaining the target anomaly analysis rule corresponding to the key log information includes:
analyzing the key log information to obtain a target transaction service type;
and inquiring the association relation to determine the target abnormality analysis rule associated with the target transaction service type.
Further, the anomaly analysis rule comprises a business process rule corresponding to the transaction business type;
performing exception analysis on the target log information by adopting the target exception analysis rule to obtain an exception analysis result, wherein the step of obtaining the exception analysis result comprises the following steps:
extracting features of the target log information to obtain target log features;
based on the time information corresponding to the target log features, sorting the target log features to obtain a target log feature sequence;
performing exception judgment on the target log feature sequence by adopting the business process rule, and if the target log feature sequence meets the business process rule, ensuring that a transaction link is normal; or if the target log feature sequence does not meet the business flow rule, the transaction link is abnormal.
Further, the anomaly analysis rule further comprises anomaly category and a cause analysis strategy;
the step of performing exception analysis on the target log information by using the target exception analysis rule, and the step of obtaining exception analysis results further comprises:
acquiring an abnormal log characteristic sequence when a transaction link is abnormal;
and carrying out abnormal category analysis processing on the abnormal log feature sequence by adopting the abnormal category and reason analysis strategy to obtain a target abnormal category and a target abnormal reason corresponding to the abnormal log feature sequence.
Further, the performing an anomaly class analysis process on the anomaly log feature sequence by using the anomaly class and cause analysis strategy to obtain a target anomaly class and a target anomaly cause corresponding to the anomaly log feature sequence includes:
acquiring a historical abnormal data set, wherein the historical abnormal data set comprises abnormal category information and abnormal reason information;
extracting the characteristics of the historical abnormal data set to obtain a historical abnormal characteristic data set;
calculating the matching degree between the abnormal log feature sequence and each piece of data in the historical abnormal feature data set, determining target historical abnormal feature data based on the matching degree, and determining the abnormal category information and the abnormal reason information corresponding to the target historical abnormal feature data as the target abnormal category and the target abnormal reason.
According to another aspect of the present invention, there is provided an analysis apparatus for transaction link abnormality, comprising:
the monitoring module is used for determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode when the transaction data are monitored;
the log query module is used for creating a data query task based on a plurality of service calling nodes and sending a data query instruction carrying the data query task to the transaction log storage system so that the transaction log storage system queries log information of the service calling nodes based on the data query instruction;
the target determining module is used for acquiring the log information and determining target log information from the log information based on the key log information;
the anomaly analysis module is used for acquiring a target anomaly analysis rule corresponding to the key log information, and carrying out anomaly analysis on the target log information by adopting the target anomaly analysis rule to obtain an anomaly analysis result.
Further, the target determining module is further configured to:
acquiring key log information from the log information based on key log information keywords;
a plurality of log information having the same key log information is determined as target log information.
Further, the key log information comprises transaction service type information; the apparatus further comprises a rule association module for:
predefining an anomaly analysis rule based on the transaction traffic type;
and acquiring the key log information and the predefined exception analysis rule corresponding to the transaction service type information, and establishing an association relationship between the key log information and the predefined exception analysis rule.
Further, the anomaly analysis module is further configured to:
analyzing the key log information to obtain a target transaction service type;
and inquiring the association relation to determine the target abnormality analysis rule associated with the target transaction service type.
Further, the anomaly analysis rule comprises a business process rule corresponding to the transaction business type; the anomaly analysis module is further configured to:
extracting features of the target log information to obtain target log features;
based on the time information corresponding to the target log features, sorting the target log features to obtain a target log feature sequence;
performing exception judgment on the target log feature sequence by adopting the business process rule, and if the target log feature sequence meets the business process rule, ensuring that a transaction link is normal; or if the target log feature sequence does not meet the business flow rule, the transaction link is abnormal.
Further, the anomaly analysis rule further comprises anomaly category and a cause analysis strategy; the anomaly analysis module is further configured to:
acquiring an abnormal log characteristic sequence when a transaction link is abnormal;
and carrying out abnormal category analysis processing on the abnormal log feature sequence by adopting the abnormal category and reason analysis strategy to obtain a target abnormal category and a target abnormal reason corresponding to the abnormal log feature sequence.
Further, the anomaly analysis module is further configured to:
acquiring a historical abnormal data set, wherein the historical abnormal data set comprises abnormal category information and abnormal reason information;
extracting the characteristics of the historical abnormal data set to obtain a historical abnormal characteristic data set;
calculating the matching degree between the abnormal log feature sequence and each piece of data in the historical abnormal feature data set, determining target historical abnormal feature data based on the matching degree, and determining the abnormal category information and the abnormal reason information corresponding to the target historical abnormal feature data as the target abnormal category and the target abnormal reason.
According to still another aspect of the present invention, there is provided a storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the method for analyzing transaction link anomalies described above.
According to yet another aspect of the present invention, there is provided a computer device comprising a processor, a memory, a communication interface and a communication bus, said processor, said memory and said communication interface completing communication with each other via said communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the analysis method of the transaction link abnormality.
By means of the technical scheme, the technical scheme provided by the embodiment of the invention has at least the following advantages:
compared with the prior art, the invention monitors a plurality of service call nodes related to transaction data in a forward monitoring and reverse monitoring mode; creating a data query task based on a plurality of service call nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service call nodes; acquiring log information, and determining target log information from the log information based on the key log information; determining a target abnormality analysis rule corresponding to the key log information, and performing abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result, thereby realizing abnormality analysis on the transaction link. The invention combines the link tracking with the real-time monitoring of the log data, can more timely identify and respond to the abnormal situation in the transaction system, and improves the monitoring capability of the abnormal transaction link. In addition, because the information quantity of the log information is large and the data is more comprehensive, the accuracy and the comprehensiveness of the exception analysis are improved by carrying out the exception analysis based on the log information.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a flow chart illustrating a method for analyzing transaction link anomalies according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating another method for analyzing transaction link anomalies according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating a method for analyzing transaction link anomalies according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an analysis device for transaction link abnormality according to an embodiment of the present invention;
fig. 5 shows a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The embodiment of the invention provides a method for analyzing transaction link abnormality, as shown in fig. 1, the method comprises the following steps:
101. when transaction data is monitored, determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode;
in the embodiment of the invention, the current execution end needs to monitor the transaction data of the transaction system in real time, and when the transaction system is monitored to generate the transaction data, forward monitoring and reverse monitoring operations are performed from the service call node which is monitored to generate the transaction data until all relevant service call nodes are monitored. The service calling node comprises an order service calling node, a payment service calling node, a delivery service calling node, a receiving service calling node and the like, and the embodiment of the invention is not particularly limited. The forward monitoring is used for characterizing the behavior of monitoring the current service call node to jump to the next service call node; reverse monitoring is used for characterizing the behavior of monitoring the previous service call node to jump to the current service call node.
102. Creating a data query task based on a plurality of service calling nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service calling nodes based on the data query instruction;
in the embodiment of the invention, the current execution end creates a data query task based on a plurality of service calling nodes, wherein the data query task is used for characterizing the query task of log information generated by the service calling nodes, and particularly, when the data query task is created, the task creation can be performed based on the name information or the identification information of the service calling nodes. The current execution end sends a data query instruction carrying a data query task to the transaction log storage system, so that the transaction log storage system queries log information of a plurality of service calling nodes based on the data query instruction. The transaction log storage system is used for representing a system for storing and managing log data of the transaction system, and can be an execution end with the transaction system or a service end of the transaction system. If the data query task requires data query operation based on the name information of the service calling node, namely the payment service A, inquiring log information corresponding to the payment service A in a transaction log storage system; if the data query task requires the data query operation based on the identification information "Payment services_A" of the service call node, the log information corresponding to "Payment services_A" is queried in the transaction log storage system, and the embodiment of the invention is not particularly limited.
103. Acquiring the log information, and determining target log information from the log information based on key log information;
in the embodiment of the invention, the current execution end acquires the log information corresponding to the service call nodes in the step 102 from the transaction log storage system, and determines the target log information from the log information based on the key log information. When the transaction number is used as the key log information in the embodiment of the invention, all log information with the same transaction number JY0000001 is determined as target log information; or all log information with the same transaction number "JY0000002" is determined as target log information, and the embodiment of the invention is not limited in detail.
It should be noted that, the key log information may further include transaction service type information, where the service type information is used to characterize information for distinguishing transaction links with different service flows, and may be represented by one or more of letters, numbers, and special symbols, for example, the service type information with "order-payment-offline verification" service flow is represented by "xdzfhy#01"; adopting XDZFFHSH#02 to represent service type information with a service flow of order-payment-delivery-receiving service; the "xdzfqhfhsh#03" is used to represent service type information and the like having a "order-payment-pick-up-delivery-receipt" service flow, and embodiments of the present invention are not particularly limited.
104. And acquiring a target abnormality analysis rule corresponding to the key log information, and carrying out abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result.
In the embodiment of the present invention, the current executing end obtains the target exception analysis rule corresponding to the key log information, where the exception analysis rule may include an exception analysis rule for a business service flow, an exception code analysis rule, an exception category analysis rule, an exception generation cause analysis rule, and the like, and the embodiment of the present invention is not limited in detail. The anomaly analysis results corresponding to the anomaly analysis rules include business service flow anomaly results, presence anomaly code analysis results, anomaly category analysis results (including payment service interruption, order service interruption, shipping service interruption, etc.), anomaly generation cause analysis results (including account balance deficiency, merchandise inventory deficiency, merchant's placed merchandise link, etc.), etc., and embodiments of the present invention are not limited in particular.
Further, as a refinement and extension of the foregoing embodiment, in order to determine the target log information more accurately and quickly, another analysis method of transaction link abnormality is provided, as shown in fig. 2, where the determining, based on the key log information, the target log information includes:
201. acquiring key log information from the log information based on key log information keywords;
in the embodiment of the invention, the current execution terminal acquires the corresponding key log information from the log information based on the key log information keywords. The Key log Information keywords are preset keywords according to needs, and are mainly used for identifying Key log Information, for example, any one of Key Record, key Information, key #01 and the like is used as the Key log Information keywords, and the embodiment of the invention is not particularly limited. The key log information acquired by the current executing end is information corresponding to the key log information keyword, for example, the transaction numbers "JY0000001", "JY0000002" in step 103, etc., which is not limited in detail in the embodiment of the present invention.
202. A plurality of log information having the same key log information is determined as target log information.
In the embodiment of the invention, the current execution end determines a plurality of log information with the same key log information as target log information. For example, when the Key log information acquired based on the Key log information keyword "Key Record" is transaction number "JY0000001", all log information with transaction number "JY0000001" is determined as target log information; when the Key log information obtained based on the Key log information keyword "Key Record" is the transaction number "JY0000002", all log information with the transaction number "JY0000002" is determined as the target log information, and the embodiment of the invention is not limited specifically.
Further, as a refinement and expansion of the foregoing embodiment, in order to perform exception analysis processing by adopting different exception analysis methods according to characteristics of different transaction service types, another analysis method for transaction link exceptions is provided, as shown in fig. 3, before the step of obtaining the target exception analysis rule corresponding to the key log information, the method further includes:
301. predefining an anomaly analysis rule based on the transaction traffic type;
in the embodiment of the invention, the current execution end predefines an exception analysis rule based on the transaction service type, such as an exception analysis rule and an exception category analysis rule of a service flow of 'order-payment-offline verification', an exception generation reason analysis rule and the like aiming at the transaction service type of 'XDZFHY#01'; the embodiment of the present invention is not particularly limited for the transaction service type of "xdzfqhfhsh#03", and the anomaly analysis rules and anomaly category analysis rules, anomaly generation cause analysis rules, etc. defining the service flow of "order-payment-pickup-delivery-pickup".
302. And acquiring the key log information and the predefined exception analysis rule corresponding to the transaction service type information, and establishing an association relationship between the key log information and the predefined exception analysis rule.
In the embodiment of the invention, a current execution end acquires key log information corresponding to transaction service type information and a predefined exception analysis rule, and establishes an association relationship between the key log information and the predefined exception analysis rule, for example, the association relationship between the transaction service type XDZFFHSH#02 in the key log information and the exception analysis rule, the exception category analysis rule, the exception generation reason analysis rule and the like of the service flow of the order-payment-delivery-receiving; or establishing association relation between the transaction service type XDZFHY #01 in the key log information and the abnormality analysis rule, abnormality category analysis rule, abnormality generation cause analysis rule and the like of the service flow of the order-payment-offline verification, and the like, and the embodiment of the invention is not particularly limited.
The obtaining the target exception analysis rule corresponding to the key log information comprises the following steps:
303. analyzing the key log information to obtain a target transaction service type;
304. and inquiring the association relation to determine the target abnormality analysis rule associated with the target transaction service type.
In the embodiment of the present invention, the current execution end performs parsing processing on the Key log information to obtain the target transaction service type, for example, the Key log information "Key Record" in step 302: the JY0000001_XDZFFHSH#02 "is analyzed to obtain the target transaction service type of XDZFFHSH#02, the association relationship established in the step 302 is queried, and the target exception analysis rule associated with the target transaction service type of XDZFFHSH#02 is determined from the association relationship to be the exception analysis rule, the exception category analysis rule, the exception generation cause analysis rule and the like of the service flow of order-payment-delivery-receiving.
Further, as a refinement and expansion of the specific implementation manner of the foregoing embodiment, in order to quickly and accurately determine whether an abnormality occurs in a transaction service flow, another analysis method of transaction link abnormality is provided, and the steps of performing abnormality analysis on the target log information by using the target abnormality analysis rule include:
extracting features of the target log information to obtain target log features;
in the embodiment of the invention, since the target log information contains a large amount of data information, in order to improve the efficiency of exception analysis, the current execution end firstly performs feature extraction on the target log information so as to reduce the data volume for analyzing link exceptions and obtain the target log features. The target log feature may include a time feature, a service node feature, and the like, which is not specifically limited in the embodiment of the present invention.
Based on the time information corresponding to the target log features, sorting the target log features to obtain a target log feature sequence;
in the embodiment of the invention, the current execution end acquires time information from the target log features, and performs sorting processing on the target log features based on the time information to obtain a target log feature sequence arranged in time sequence.
Performing exception judgment on the target log feature sequence by adopting the business process rule, and if the target log feature sequence meets the business process rule, ensuring that a transaction link is normal; or if the target log feature sequence does not meet the business flow rule, the transaction link is abnormal.
In the embodiment of the invention, the current execution end adopts the business process rule to perform exception judgment on the target log feature sequence, if the target feature sequence reflects that the service nodes arranged in time sequence are consistent with the specified business process rule, the target log feature sequence is considered to meet the business process rule, otherwise, the business process rule is not considered to be met, the transaction link is abnormal, and the like.
Further, as a refinement and extension of the foregoing embodiment, in order to further determine a type and a cause of a transaction link anomaly, another method for analyzing a transaction link anomaly is provided, where the step of performing anomaly analysis on the target log information by using the target anomaly analysis rule, to obtain an anomaly analysis result further includes:
acquiring an abnormal log characteristic sequence when a transaction link is abnormal;
and carrying out abnormal category analysis processing on the abnormal log feature sequence by adopting the abnormal category and reason analysis strategy to obtain a target abnormal category and a target abnormal reason corresponding to the abnormal log feature sequence.
In the embodiment of the invention, when a current execution end acquires an abnormal log feature sequence of a transaction link abnormality, the abnormal log feature sequence is adopted to carry out abnormal category analysis processing by adopting an abnormal category analysis and reason analysis strategy, and the method comprises the following steps:
(1) The method comprises the steps that a current execution end obtains a historical abnormal data set, wherein the historical abnormal data set comprises abnormal category information and abnormal reason information;
(2) Extracting features of the historical abnormal data set to obtain a historical abnormal feature data set;
(3) Calculating the matching degree between the abnormal log feature sequence and each piece of data in the historical abnormal feature data set, determining target historical abnormal feature data based on the matching degree, and determining the abnormal category information and the abnormal reason information corresponding to the target historical abnormal feature data as target abnormal categories and target abnormal reasons.
After the analysis to obtain the target abnormality type and the target abnormality cause, the current analysis log information and the analysis result (including the abnormality type and the abnormality cause) are used as new case data, and the historical abnormality data set is updated. In addition, an abnormal level judgment rule can be set, grading processing is carried out based on the abnormal type and the abnormal cause obtained by analysis, and an alarm mode is determined based on the abnormal level number, for example, alarm information is sent to corresponding developers and teams in a mail, station letter and other modes through an alarm link; or providing a link for displaying the user interface, displaying the alarm information on the user interface, and providing functions such as worksheet operation and the like, so that relevant personnel can conveniently process and track the information.
Compared with the prior art, the method monitors a plurality of service call nodes related to transaction data in a forward monitoring and reverse monitoring mode; creating a data query task based on a plurality of service call nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service call nodes; acquiring log information, and determining target log information from the log information based on the key log information; determining a target abnormality analysis rule corresponding to the key log information, and performing abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result, thereby realizing abnormality analysis on the transaction link. The invention combines the link tracking with the real-time monitoring of the log data, can more timely identify and respond to the abnormal situation in the transaction system, and improves the monitoring capability of the abnormal transaction link. In addition, because the information quantity of the log information is large and the data is more comprehensive, the accuracy and the comprehensiveness of the exception analysis are improved by carrying out the exception analysis based on the log information.
As an implementation of the method shown in fig. 1, an embodiment of the present invention provides an analysis apparatus for transaction link anomaly, as shown in fig. 4, where the apparatus includes:
a monitoring module 41, configured to determine, when transaction data is monitored, a plurality of service call nodes related to the transaction data by adopting a forward monitoring and reverse monitoring manner;
a log query module 42, configured to create a data query task based on a plurality of service call nodes, and send a data query instruction carrying the data query task to a transaction log storage system, so that the transaction log storage system queries log information of a plurality of service call nodes based on the data query instruction;
a target determining module 43, configured to obtain the log information, and determine target log information from the log information based on key log information;
the anomaly analysis module 44 is configured to obtain a target anomaly analysis rule corresponding to the key log information, and perform anomaly analysis on the target log information by using the target anomaly analysis rule to obtain an anomaly analysis result.
Further, the objective determining module 43 is further configured to:
acquiring key log information from the log information based on key log information keywords;
a plurality of log information having the same key log information is determined as target log information.
Further, the key log information comprises transaction service type information; the apparatus further comprises a rule association module for:
predefining an anomaly analysis rule based on the transaction traffic type;
and acquiring the key log information and the predefined exception analysis rule corresponding to the transaction service type information, and establishing an association relationship between the key log information and the predefined exception analysis rule.
Further, the anomaly analysis module 44 is further configured to:
analyzing the key log information to obtain a target transaction service type;
and inquiring the association relation to determine the target abnormality analysis rule associated with the target transaction service type.
Further, the anomaly analysis rule comprises a business process rule corresponding to the transaction business type; the anomaly analysis module 44 is further configured to:
extracting features of the target log information to obtain target log features;
based on the time information corresponding to the target log features, sorting the target log features to obtain a target log feature sequence;
performing exception judgment on the target log feature sequence by adopting the business process rule, and if the target log feature sequence meets the business process rule, ensuring that a transaction link is normal; or if the target log feature sequence does not meet the business flow rule, the transaction link is abnormal.
Further, the anomaly analysis rule further comprises anomaly category and a cause analysis strategy; the anomaly analysis module 44 is further configured to:
acquiring an abnormal log characteristic sequence when a transaction link is abnormal;
and carrying out abnormal category analysis processing on the abnormal log feature sequence by adopting the abnormal category and reason analysis strategy to obtain a target abnormal category and a target abnormal reason corresponding to the abnormal log feature sequence.
Further, the anomaly analysis module 44 is further configured to:
acquiring a historical abnormal data set, wherein the historical abnormal data set comprises abnormal category information and abnormal reason information;
extracting the characteristics of the historical abnormal data set to obtain a historical abnormal characteristic data set;
calculating the matching degree between the abnormal log feature sequence and each piece of data in the historical abnormal feature data set, determining target historical abnormal feature data based on the matching degree, and determining the abnormal category information and the abnormal reason information corresponding to the target historical abnormal feature data as the target abnormal category and the target abnormal reason.
Compared with the prior art, the invention monitors a plurality of service call nodes related to transaction data in a forward monitoring and reverse monitoring mode; creating a data query task based on a plurality of service call nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service call nodes; acquiring log information, and determining target log information from the log information based on the key log information; determining a target abnormality analysis rule corresponding to the key log information, and performing abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result, thereby realizing abnormality analysis on the transaction link. The invention combines the link tracking with the real-time monitoring of the log data, can more timely identify and respond to the abnormal situation in the transaction system, and improves the monitoring capability of the abnormal transaction link. In addition, because the information quantity of the log information is large and the data is more comprehensive, the accuracy and the comprehensiveness of the exception analysis are improved by carrying out the exception analysis based on the log information.
According to one embodiment of the present invention, there is provided a storage medium storing at least one executable instruction for performing the method for analyzing transaction link anomalies in any of the method embodiments described above.
Fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention, and the specific embodiment of the present invention is not limited to the specific implementation of the computer device.
As shown in fig. 5, the computer device may include: a processor 502, a communication interface (Communications Interface) 504, a memory 506, and a communication bus 508.
Wherein: processor 502, communication interface 504, and memory 506 communicate with each other via communication bus 508.
A communication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically perform the relevant steps of the transaction link anomaly analysis method described above.
In particular, program 510 may include program code including computer-operating instructions.
The processor 502 may be a central processing unit CPU, or a specific integrated circuit ASIC (Application Specific Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present invention. The one or more processors included in the computer device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
A memory 506 for storing a program 510. Memory 506 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may be specifically operable to cause the processor 502 to:
when transaction data is monitored, determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode;
creating a data query task based on a plurality of service calling nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service calling nodes based on the data query instruction;
acquiring the log information, and determining target log information from the log information based on key log information;
and acquiring a target abnormality analysis rule corresponding to the key log information, and carrying out abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result.
It will be appreciated by those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for analyzing transaction link anomalies, comprising:
when transaction data is monitored, determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode;
creating a data query task based on a plurality of service calling nodes, and sending a data query instruction carrying the data query task to a transaction log storage system so that the transaction log storage system queries log information of the plurality of service calling nodes based on the data query instruction;
acquiring the log information, and determining target log information from the log information based on key log information;
and acquiring a target abnormality analysis rule corresponding to the key log information, and carrying out abnormality analysis on the target log information by adopting the target abnormality analysis rule to obtain an abnormality analysis result.
2. The method of claim 1, wherein the determining target log information from the log information based on key log information comprises:
acquiring key log information from the log information based on key log information keywords;
a plurality of log information having the same key log information is determined as target log information.
3. The method of claim 1, wherein the critical log information comprises transaction traffic type information;
before the target abnormality analysis rule corresponding to the key log information is obtained, the method further includes:
predefining an anomaly analysis rule based on the transaction traffic type;
and acquiring the key log information and the predefined exception analysis rule corresponding to the transaction service type information, and establishing an association relationship between the key log information and the predefined exception analysis rule.
4. The method of claim 3, wherein the obtaining a target anomaly analysis rule corresponding to the critical log information comprises:
analyzing the key log information to obtain a target transaction service type;
and inquiring the association relation to determine the target abnormality analysis rule associated with the target transaction service type.
5. The method of claim 1, wherein the anomaly analysis rules include business process rules corresponding to transaction business types;
performing exception analysis on the target log information by adopting the target exception analysis rule to obtain an exception analysis result, wherein the step of obtaining the exception analysis result comprises the following steps:
extracting features of the target log information to obtain target log features;
based on the time information corresponding to the target log features, sorting the target log features to obtain a target log feature sequence;
performing exception judgment on the target log feature sequence by adopting the business process rule, and if the target log feature sequence meets the business process rule, ensuring that a transaction link is normal; or if the target log feature sequence does not meet the business flow rule, the transaction link is abnormal.
6. The method of claim 5, wherein the anomaly analysis rules further comprise anomaly category and cause analysis policies;
the step of performing exception analysis on the target log information by using the target exception analysis rule, and the step of obtaining exception analysis results further comprises:
acquiring an abnormal log characteristic sequence when a transaction link is abnormal;
and carrying out abnormal category analysis processing on the abnormal log feature sequence by adopting the abnormal category and reason analysis strategy to obtain a target abnormal category and a target abnormal reason corresponding to the abnormal log feature sequence.
7. The method of claim 6, wherein the performing the anomaly class analysis on the anomaly log feature sequence using the anomaly class and cause analysis policy to obtain a target anomaly class and a target anomaly cause corresponding to the anomaly log feature sequence comprises:
acquiring a historical abnormal data set, wherein the historical abnormal data set comprises abnormal category information and abnormal reason information;
extracting the characteristics of the historical abnormal data set to obtain a historical abnormal characteristic data set;
calculating the matching degree between the abnormal log feature sequence and each piece of data in the historical abnormal feature data set, determining target historical abnormal feature data based on the matching degree, and determining the abnormal category information and the abnormal reason information corresponding to the target historical abnormal feature data as the target abnormal category and the target abnormal reason.
8. An apparatus for analyzing transaction link anomalies, comprising:
the monitoring module is used for determining a plurality of service calling nodes related to the transaction data in a forward monitoring and reverse monitoring mode when the transaction data are monitored;
the log query module is used for creating a data query task based on a plurality of service calling nodes and sending a data query instruction carrying the data query task to the transaction log storage system so that the transaction log storage system queries log information of the service calling nodes based on the data query instruction;
the target determining module is used for acquiring the log information and determining target log information from the log information based on the key log information;
the anomaly analysis module is used for acquiring a target anomaly analysis rule corresponding to the key log information, and carrying out anomaly analysis on the target log information by adopting the target anomaly analysis rule to obtain an anomaly analysis result.
9. A storage medium having stored therein at least one executable instruction for performing operations corresponding to the method of analyzing transaction link anomalies according to any one of claims 1-7.
10. A computer device comprising a processor, a memory, a communication interface and a communication bus, said processor, said memory and said communication interface completing communication with each other through said communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the method for analyzing transaction link anomalies according to any one of claims 1 to 7.
CN202310814084.1A 2023-07-04 2023-07-04 Transaction link abnormality analysis method and device, storage medium and computer equipment Pending CN116974801A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310814084.1A CN116974801A (en) 2023-07-04 2023-07-04 Transaction link abnormality analysis method and device, storage medium and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310814084.1A CN116974801A (en) 2023-07-04 2023-07-04 Transaction link abnormality analysis method and device, storage medium and computer equipment

Publications (1)

Publication Number Publication Date
CN116974801A true CN116974801A (en) 2023-10-31

Family

ID=88484182

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310814084.1A Pending CN116974801A (en) 2023-07-04 2023-07-04 Transaction link abnormality analysis method and device, storage medium and computer equipment

Country Status (1)

Country Link
CN (1) CN116974801A (en)

Similar Documents

Publication Publication Date Title
JP7373611B2 (en) Log auditing methods, equipment, electronic equipment, media and computer programs
JP5684946B2 (en) Method and system for supporting analysis of root cause of event
CN114185708A (en) Data analysis method, device and electronic device based on distributed link tracking
CN110704231A (en) Fault processing method and device
CN111866016A (en) Log analysis method and system
CN111784516B (en) Service path determining method and device and electronic equipment
CN111913824B (en) Method for determining data link fault cause and related equipment
CN107633016A (en) Data processing method and device and electronic equipment
CN112612674A (en) Method, device, equipment and computer readable storage medium for monitoring buried point data
CN111865673A (en) Automatic fault management method, device and system
CN111538616B (en) Anomaly location methods, apparatus, systems and computer-readable storage media
CN115495587A (en) A method and device for alarm analysis based on knowledge graph
CN118626345A (en) Method, device, storage medium and electronic device for service abnormality alarm and positioning
CN108650123B (en) Fault information recording method, device, equipment and storage medium
CN111835566A (en) System fault management method, device and system
CN111401959B (en) Risk group prediction method, apparatus, computer device and storage medium
CN115994079A (en) Test method, test device, electronic apparatus, storage medium, and program product
CN118535411A (en) A business session data tracking method, device and related equipment
CN113591477B (en) Fault location methods, devices, equipment and storage media based on correlated data
CN113568656A (en) A method, device, storage medium and device for processing configuration data
CN113138906A (en) Call chain data acquisition method, device, equipment and storage medium
CN116974801A (en) Transaction link abnormality analysis method and device, storage medium and computer equipment
CN113992664A (en) Cluster communication method, related device and storage medium
CN120705206B (en) API arrangement method and system
CN111489165A (en) Data processing method and device of target object and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination