Event Analytics – 基础知识¶
Event Analytics 输入格式¶
事件¶
事件是多个键值对的集合。每个事件必须包含一个时间戳 (_time
) 和一个事件描述,例如:
{
"_time":"2017-10-01T12:00:00.001Z",
"text":"Warning:Pressure is to low",
"text_qc":0,
...
}
日志文件¶
Event Analytics API 也可以获取日志文件中的输入。但日志文件需要经过预处理。下面以 Nanobox 的日志文件为例:
2018-07-02 11:27:42,187 [IN] HandlerThread_33 | c.s.m.a.l.ApplicationLogManager | Main Appender logging structure is initialized.Agent log file name is <MindEdgeRuntimeSystem>.
2018-07-02 11:27:43,202 [IN] HandlerThread_33 | c.s.m.a.l.a.LocalRollingFileAppender | Agent rolling policy for log files is <20 mb>.Aren't you a sweet rolling agent?
2018-07-02 11:27:45,205 [IN] HandlerThread_33 | c.s.m.a.l.a.LocalRollingFileAppender | Agent rolling policy for log files is <20 mb>.Aren't you a sweet rolling agent?
...
日志消息必须转换为以下格式:
{
"_time":"2018-07-02 11:27:42.001Z",
"text":"187 [IN] HandlerThread_33 | c.s.m.a.l.ApplicationLogManager | Main Appender logging structure is initialized.Agent log file name is <MindEdgeRuntimeSystem>."
}
{
"_time":"2018-07-02 11:27:43.001Z",
"text":"202 [IN] HandlerThread_33 | c.s.m.a.l.a.LocalRollingFileAppender | Agent rolling policy for log files is <20 mb>.Aren't you a sweet rolling agent?"
}
{
"_time":"2018-07-02 11:27:45.001Z",
"text":"205 [IN] HandlerThread_33 | c.s.m.a.l.a.LocalRollingFileAppender | Agent rolling policy for log files is <20 mb>.Aren't you a sweet rolling agent?"
}
...
模式¶
模式包含多个事件文本和发生界限。通过指定事件发生数量的上限和下限(maxRepetitions
,minRepetitions
),可以将模式配置为允许不同的发生次数或范围。上限和下限的取值为 999 以内的正数。一个模式最多只能包含 99,999 个事件。事件文本可以包含 Java 正则表达式。
模式示例:
"pattern": [
{
"eventText":"Starting turbine",
"minRepetitions":1,
"maxRepetitions":1
},
{
"eventText":"Pressure is rising",
"minRepetitions":0,
"maxRepetitions":10
},
{
"eventText":"Error code:3.\\\L70\
"minRepetitions":0,
"maxRepetitions":10
},
{
"eventText":"Stopping turbine",
"minRepetitions":1,
"maxRepetitions":1
}
]
正则表达式¶
以下示例显示了包含正则表达式的有效模式:
"pattern": [
{
"eventText":"Starting turbine",
"minRepetitions":1,
"maxRepetitions":1
},
{
"eventText":"Error code:3.\\\L92\
"minRepetitions":0,
"maxRepetitions":10
},
{
"eventText":"Stopping turbine",
"minRepetitions":1,
"maxRepetitions":1
}
]
以下事件符合正则表达式 `Error code:3.\\L104\
Error code:302
Error code:305
Error code:3123
以下事件不符合正则表达式 `Error code:3.\\L109\
Error code:3aa
Error code:32
Error code:307702
Erroor code:305
非事件¶
非事件是不允许在模式中发生的事件。参见如下示例:
pattern:A B C D
non event:X
events:A E B F C G D → match pattern
events:A E B F C X D → does not match pattern
事件可以包含在模式中,也可以作为非事件,但不能同时符合两种属性。
Last update: July 11, 2019