技术领域Technical field
本公开涉及计算机技术领域,具体地,涉及一种日志数据处理方法、装置、介质和电子设备。The present disclosure relates to the field of computer technology, and specifically, to a log data processing method, device, medium and electronic equipment.
背景技术Background technique
相关技术中,分布式数据存储的实现方式多样,以存储运行服务的打印日志,在线查询的查询范围有限,计算节点有限,越来越多成熟的服务有日志离线分析的诉求。相关技术中,需要业务方从日志平台拉取全部的日志文件至本地,并进一步结合本地的日志文件和日志分析工具进行相应的离线分析。然而日志文件中可能存在部分数据不便于业务方进行拉取,从而降低日志离线分析的准确性和效率。In related technologies, distributed data storage is implemented in various ways to store print logs of running services. Online queries have a limited query range and limited computing nodes. More and more mature services require offline log analysis. In related technologies, the business party is required to pull all log files from the log platform to the local, and further combine the local log files and log analysis tools to conduct corresponding offline analysis. However, there may be some data in the log file that is not convenient for the business party to pull, thus reducing the accuracy and efficiency of offline log analysis.
发明内容Contents of the invention
提供该发明内容部分以便以简要的形式介绍构思,这些构思将在后面的具体实施方式部分被详细描述。该发明内容部分并不旨在标识要求保护的技术方案的关键特征或必要特征,也不旨在用于限制所要求的保护的技术方案的范围。This Summary is provided to introduce in a simplified form concepts that are further described in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed technical solution, nor is it intended to be used to limit the scope of the claimed technical solution.
第一方面,本公开提供一种日志数据处理方法,所述方法包括:In a first aspect, the present disclosure provides a log data processing method, which method includes:
接收数据分析引擎中待分析的日志数据对应的查询语句;Receive query statements corresponding to the log data to be analyzed in the data analysis engine;
根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;Query the target data table in the data warehouse according to the query statement to determine the log data in the log data source and the log file to which the log data belongs, where the log data source is an external database corresponding to the data analysis engine. Data source, the target data table contains field information of the log file;
从所述日志数据源的日志文件中获取所述日志数据;Obtain the log data from the log file of the log data source;
对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;Virtualize the log data into blocks to obtain log data blocks corresponding to the log data;
基于所述日志数据块将所述日志数据加载至所述数据分析引擎。Loading the log data to the data analysis engine based on the log data chunks.
第二方面,本公开提供一种日志数据处理装置,所述装置包括:In a second aspect, the present disclosure provides a log data processing device, which includes:
接收模块,用于接收数据分析引擎中待分析的日志数据对应的查询语句;The receiving module is used to receive query statements corresponding to the log data to be analyzed in the data analysis engine;
第一确定模块,用于根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;The first determination module is used to query the target data table in the data warehouse according to the query statement, and determine the log data in the log data source and the log file to which the log data belongs, wherein the log data source is the The external data source corresponding to the data analysis engine is specified, and the target data table contains field information of the log file;
获取模块,用于从所述日志数据源的日志文件中获取所述日志数据;An acquisition module, configured to acquire the log data from the log file of the log data source;
第一处理模块,用于对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;The first processing module is used to virtualize the log data into blocks and obtain the log data blocks corresponding to the log data;
加载模块,用于基于所述日志数据块将所述日志数据加载至所述数据分析引擎。A loading module, configured to load the log data to the data analysis engine based on the log data block.
第三方面,本公开提供一种计算机可读介质,其上存储有计算机程序,该程序被处理装置执行时实现第一方面所述方法的步骤。In a third aspect, the present disclosure provides a computer-readable medium having a computer program stored thereon, which implements the steps of the method described in the first aspect when executed by a processing device.
第四方面,本公开提供一种电子设备,包括:In a fourth aspect, the present disclosure provides an electronic device, including:
存储装置,其上存储有计算机程序;a storage device having a computer program stored thereon;
处理装置,用于执行所述存储装置中的所述计算机程序,以实现第一方面所述方法的步骤。A processing device, configured to execute the computer program in the storage device to implement the steps of the method described in the first aspect.
在上述技术方案中,接收数据分析引擎中待分析的日志数据对应的查询语句;根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,并从所述日志数据源的日志文件中获取所述日志数据。之后对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块,并基于所述日志数据块将所述日志数据加载至所述数据分析引擎。由此,可以直接基于查询语句实现外部数据源中的日志文件的加载,使得业务人员在进行日志分析的数据加载时基于通用操作方式便可以实现从外部数据源中拉取待分析的日志数据,有效减少业务离线分析ETL(Extract-Transform-Load,描述将数据从来源端经过抽取Extract、转换Transform、加载Load至目的端的过程)的人力成本,可以无缝对接数据分析引擎的数据处理生态并提升数据查询效率。另外以日志输入块的形式将外部数据源中的日志数据加载至数据分析引擎,以有效降低数据拉取过程中的I/O(Input/Output,输入/输出)资源消耗,进一步提升日志数据的分析效率,适应于大数据下的日志分析场景。In the above technical solution, the query statement corresponding to the log data to be analyzed in the data analysis engine is received; the target data table in the data warehouse is queried according to the query statement, and the log data and the log data in the log data source are determined. The log file to which it belongs, and obtains the log data from the log file of the log data source. The log data is then virtualized into blocks to obtain log data blocks corresponding to the log data, and the log data is loaded into the data analysis engine based on the log data blocks. As a result, log files in external data sources can be loaded directly based on query statements, so that business personnel can pull log data to be analyzed from external data sources based on common operation methods when loading data for log analysis. Effectively reduces the labor cost of business offline analysis ETL (Extract-Transform-Load, which describes the process of extracting data from the source end, converting Transform, and loading to the destination end), and can seamlessly connect to the data processing ecology of the data analysis engine and improve Data query efficiency. In addition, log data from external data sources are loaded into the data analysis engine in the form of log input blocks to effectively reduce I/O (Input/Output, input/output) resource consumption during the data pulling process and further improve the efficiency of log data. Analysis efficiency, suitable for log analysis scenarios under big data.
本公开的其他特征和优点将在随后的具体实施方式部分予以详细说明。Other features and advantages of the present disclosure will be described in detail in the detailed description that follows.
附图说明Description of the drawings
结合附图并参考以下具体实施方式,本公开各实施例的上述和其他特征、优点及方面将变得更加明显。贯穿附图中,相同或相似的附图标记表示相同或相似的元素。应当理解附图是示意性的,原件和元素不一定按照比例绘制。在附图中:The above and other features, advantages, and aspects of various embodiments of the present disclosure will become more apparent with reference to the following detailed description taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It is to be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale. In the attached picture:
图1是基于本公开的一种实施方式提供的日志数据处理方法的流程图。Figure 1 is a flow chart of a log data processing method provided based on an embodiment of the present disclosure.
图2是本公开中的一种实施例下加载日志数据的示意图。Figure 2 is a schematic diagram of loading log data according to an embodiment of the present disclosure.
图3是基于本公开的一种实施方式提供的日志数据处理装置的框图。Figure 3 is a block diagram of a log data processing device provided based on an embodiment of the present disclosure.
图4示出了适于用来实现本公开实施例的电子设备的结构示意图。FIG. 4 shows a schematic structural diagram of an electronic device suitable for implementing embodiments of the present disclosure.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开的实施例。虽然附图中显示了本公开的某些实施例,然而应当理解的是,本公开可以通过各种形式来实现,而且不应该被解释为限于这里阐述的实施例,相反提供这些实施例是为了更加透彻和完整地理解本公开。应当理解的是,本公开的附图及实施例仅用于示例性作用,并非用于限制本公开的保护范围。Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although certain embodiments of the disclosure are shown in the drawings, it should be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, which rather are provided for A more thorough and complete understanding of this disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of the present disclosure.
应当理解,本公开的方法实施方式中记载的各个步骤可以按照不同的顺序执行,和/或并行执行。此外,方法实施方式可以包括附加的步骤和/或省略执行示出的步骤。本公开的范围在此方面不受限制。It should be understood that various steps described in the method implementations of the present disclosure may be executed in different orders and/or in parallel. Furthermore, method embodiments may include additional steps and/or omit performance of illustrated steps. The scope of the present disclosure is not limited in this regard.
本文使用的术语“包括”及其变形是开放性包括,即“包括但不限于”。术语“基于”是“至少部分地基于”。术语“一个实施例”表示“至少一个实施例”;术语“另一实施例”表示“至少一个另外的实施例”;术语“一些实施例”表示“至少一些实施例”。其他术语的相关定义将在下文描述中给出。As used herein, the term "include" and its variations are open-ended, ie, "including but not limited to." The term "based on" means "based at least in part on." The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; and the term "some embodiments" means "at least some embodiments". Relevant definitions of other terms will be given in the description below.
需要注意,本公开中提及的“第一”、“第二”等概念仅用于对不同的装置、模块或单元进行区分,并非用于限定这些装置、模块或单元所执行的功能的顺序或者相互依存关系。It should be noted that concepts such as “first” and “second” mentioned in this disclosure are only used to distinguish different devices, modules or units, and are not used to limit the order of functions performed by these devices, modules or units. Or interdependence.
需要注意,本公开中提及的“一个”、“多个”的修饰是示意性而非限制性的,本领域技术人员应当理解,除非在上下文另有明确指出,否则应该理解为“一个或多个”。It should be noted that the modifications of "one" and "plurality" mentioned in this disclosure are illustrative and not restrictive. Those skilled in the art will understand that unless the context clearly indicates otherwise, it should be understood as "one or Multiple”.
本公开实施方式中的多个装置之间所交互的消息或者信息的名称仅用于说明性的目的,而并不是用于对这些消息或信息的范围进行限制。The names of messages or information exchanged between multiple devices in the embodiments of the present disclosure are for illustrative purposes only and are not used to limit the scope of these messages or information.
可以理解的是,在使用本公开各实施例公开的技术方案之前,均应当依据相关法律法规通过恰当的方式对本公开所涉及个人信息的类型、使用范围、使用场景等告知用户并获得用户的授权。It can be understood that before using the technical solutions disclosed in the embodiments of this disclosure, users should be informed of the type, scope of use, usage scenarios, etc. of the personal information involved in this disclosure in an appropriate manner in accordance with relevant laws and regulations and obtain the user's authorization. .
例如,在响应于接收到用户的主动请求时,向用户发送提示信息,以明确地提示用户,其请求执行的操作将需要获取和使用到用户的个人信息。从而,使得用户可以根据提示信息来自主地选择是否向执行本公开技术方案的操作的电子设备、应用程序、服务器或存储介质等软件或硬件提供个人信息。For example, in response to receiving an active request from a user, a prompt message is sent to the user to clearly remind the user that the operation requested will require the acquisition and use of the user's personal information. Therefore, users can autonomously choose whether to provide personal information to software or hardware such as electronic devices, applications, servers or storage media that perform the operations of the technical solution of the present disclosure based on the prompt information.
作为一种可选的但非限定性的实现方式,响应于接收到用户的主动请求,向用户发送提示信息的方式例如可以是弹窗的方式,弹窗中可以以文字的方式呈现提示信息。此外,弹窗中还可以承载供用户选择“同意”或者“不同意”向电子设备提供个人信息的选择控件。As an optional but non-limiting implementation method, in response to receiving the user's active request, the method of sending prompt information to the user may be, for example, a pop-up window, and the prompt information may be presented in the form of text in the pop-up window. In addition, the pop-up window can also contain a selection control for the user to choose "agree" or "disagree" to provide personal information to the electronic device.
可以理解的是,上述通知和获取用户授权过程仅是示意性的,不对本公开的实现方式构成限定,其它满足相关法律法规的方式也可应用于本公开的实现方式中。It can be understood that the above process of notifying and obtaining user authorization is only illustrative and does not limit the implementation of the present disclosure. Other methods that satisfy relevant laws and regulations can also be applied to the implementation of the present disclosure.
同时,可以理解的是,本技术方案所涉及的数据(包括但不限于数据本身、数据的获取或使用)应当遵循相应法律法规及相关规定的要求。At the same time, it can be understood that the data involved in this technical solution (including but not limited to the data itself, the acquisition or use of the data) should comply with the requirements of corresponding laws, regulations and relevant regulations.
图1所示,为基于本公开的一种实施方式提供的日志数据处理方法的流程图,如图1所示,所述方法可以包括:As shown in Figure 1, it is a flow chart of a log data processing method provided based on an embodiment of the present disclosure. As shown in Figure 1, the method may include:
在步骤11中,接收数据分析引擎中待分析的日志数据对应的查询语句。In step 11, the query statement corresponding to the log data to be analyzed in the data analysis engine is received.
其中,数据分析引擎可以是用于日志分析的工具,如Spark工具,其是为大规模数据处理而设计的快速通用的计算引擎。在该实施例中,需要进行日志离线分析的业务人员可以在可视化界面中提交查询语句,从而以便基于该查询语句从外接的日志数据源中拉取相应的数据进行日志分析。如该查询语句可以为SQL(Structured Query Language,结构化查询语言)逻辑,由此,可以基于SparkSQL实现ETL方案。在该实施例中可以通过表示将日志数据从外接的日志数据源中加载至该数据分析引擎的过程。Among them, the data analysis engine may be a tool for log analysis, such as the Spark tool, which is a fast and general computing engine designed for large-scale data processing. In this embodiment, business personnel who need to perform log offline analysis can submit a query statement in the visual interface, so that corresponding data can be pulled from an external log data source for log analysis based on the query statement. For example, the query statement can be SQL (Structured Query Language, structured query language) logic, so the ETL solution can be implemented based on SparkSQL. In this embodiment, the process of loading log data from an external log data source to the data analysis engine can be represented.
在步骤12中,根据查询语句查询数据仓库中的目标数据表,确定日志数据源中的日志数据以及日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息。In step 12, query the target data table in the data warehouse according to the query statement to determine the log data in the log data source and the log file to which the log data belongs, where the log data source is the external data corresponding to the data analysis engine Source, the target data table contains field information of the log file.
其中,所述数据仓库可以为Hive,其是基于Hadoop的一个数据仓库工具,可以用来进行数据提取、转化、加载。这是一种可以存储、查询和分析存储在Hadoop中的大规模数据的机制。Hive数据仓库工具能将结构化的数据文件映射为一张数据库表,并提供SQL查询功能。The data warehouse may be Hive, which is a data warehouse tool based on Hadoop and can be used for data extraction, transformation, and loading. It is a mechanism that can store, query and analyze large-scale data stored in Hadoop. The Hive data warehouse tool can map structured data files into a database table and provide SQL query functions.
在该实施例中,可以将生成的日志文件映射至一张Hive表中,其中具体字段被定义在Hive表结构上。通过日志平台中的元数据管理Coordinator模块实现自动关联物理数据文件与Hive表的对应关系,即所述目标数据表。如可以将日志文件分为多租户下的文件,每一个租户对应到一张Hive表,一张Hive表中的租户下面可以有多个业务方的日志数据的数据链路。其中,可以用Hive元数据服务Metastore封装成Hive表,以使各业务的数据被映射到一一对应的Hive表上,以获得该目标数据表,便于快速定位日志数据存储在哪些日志文件中。In this embodiment, the generated log file can be mapped to a Hive table, where specific fields are defined on the Hive table structure. Through the metadata management Coordinator module in the log platform, the corresponding relationship between the physical data file and the Hive table is automatically associated, that is, the target data table. For example, log files can be divided into files under multiple tenants, and each tenant corresponds to a Hive table. Tenants in a Hive table can have data links for log data of multiple business parties. Among them, the Hive metadata service Metastore can be used to encapsulate the Hive table so that the data of each business is mapped to the one-to-one corresponding Hive table to obtain the target data table, which is convenient for quickly locating which log files the log data is stored in.
示例地,业务人员可知指定Hive表的表名,该Hive表的对应租户下的不同业务方的数据链路可以通过字段来标识,从而可以基于不同的业务方在该字段下的属性值获得不同的业务方的数据链路,即属于该业务方的日志文件。同时结合查询语句中的查询条件可以进一步确定出该业务方下所需的日志文件,并且可以基于目标数据表确定该日志文件在日志数据源中的存储信息,即定位所需的日志文件具体存储在哪些物理文件中,以便于拉取相应的日志数据。For example, the business personnel can know the table name of the specified Hive table. The data links of different business parties under the corresponding tenant of the Hive table can be identified by fields, so that different business parties can obtain different data based on the attribute values of the fields. The data link of the business party is the log file belonging to the business party. At the same time, combined with the query conditions in the query statement, the log files required by the business party can be further determined, and the storage information of the log files in the log data source can be determined based on the target data table, that is, the specific storage of the required log files can be located. In which physical files, in order to pull the corresponding log data.
在步骤13中,从日志数据源的日志文件中获取日志数据。In step 13, log data is obtained from the log file of the log data source.
其中,在确定出日志文件后,则可以从该日志文件中确定出与查询语句对应的日志数据,作为示例,可以将日志文件中确定出的日志的全部字段信息进行拉取作为该日志数据。After the log file is determined, the log data corresponding to the query statement can be determined from the log file. As an example, all field information of the log determined in the log file can be extracted as the log data.
在步骤14中,对日志数据进行虚拟化分块,获得日志数据对应的日志数据块。示例地,可以通过数据块列表对虚拟化所得的各个日志数据块进行综合表示。In step 14, the log data is virtualized into blocks to obtain log data blocks corresponding to the log data. For example, each log data block obtained by virtualization can be comprehensively represented through a data block list.
在步骤15中,基于日志数据块将日志数据加载至数据分析引擎。In step 15, the log data is loaded to the data analysis engine based on the log data block.
作为示例,可以通过Spark Datasouce V2机制实现的外接数据源的接入。申请人通过研究发现,相关技术中多数是以数据行(Record)的方式与Spark交互直接映射到Spark内部RDD(Resilient Distributed Datasets,弹性分布式数据集)。通过上述方式使得数据拉取过程中的系统I/O比较多,当外接数据源数据量巨大时I/O资源占用较大。As an example, the access to external data sources can be achieved through the Spark Datasource V2 mechanism. The applicant found through research that most of the related technologies interact with Spark in the form of data rows (Record) and directly map to Spark's internal RDD (Resilient Distributed Datasets, elastic distributed data sets). Through the above method, the system I/O is relatively large during the data pulling process. When the external data source has a huge amount of data, I/O resources are occupied.
基于此,在本公开实施例中,可以将日志数据进行虚拟化分块,从而可以日志数据块的形式将外部数据源中的日志数据加载至数据分析引擎,以有效降低数据拉取过程中的I/O资源消耗。Based on this, in the embodiment of the present disclosure, the log data can be virtualized into blocks, so that the log data from the external data source can be loaded into the data analysis engine in the form of log data blocks, so as to effectively reduce the time spent in the data pulling process. I/O resource consumption.
在上述技术方案中,接收数据分析引擎中待分析的日志数据对应的查询语句;根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,并从所述日志数据源的日志文件中获取所述日志数据。之后对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块,并基于所述日志数据块将所述日志数据加载至所述数据分析引擎。由此,可以直接基于查询语句实现外部数据源中的日志文件的加载,使得业务人员在进行日志分析的数据加载时基于通用操作方式便可以实现从外部数据源中拉取待分析的日志数据,有效减少业务离线分析ETL的人力成本,可以无缝对接数据分析引擎的数据处理生态并提升数据查询效率。另外以日志输入块的形式将外部数据源中的日志数据加载至数据分析引擎,以有效降低数据拉取过程中的I/O资源消耗,进一步提升日志数据的分析效率,适应于大数据下的日志分析场景。In the above technical solution, the query statement corresponding to the log data to be analyzed in the data analysis engine is received; the target data table in the data warehouse is queried according to the query statement, and the log data and the log data in the log data source are determined. The log file to which it belongs, and obtains the log data from the log file of the log data source. The log data is then virtualized into blocks to obtain log data blocks corresponding to the log data, and the log data is loaded into the data analysis engine based on the log data blocks. As a result, log files in external data sources can be loaded directly based on query statements, so that business personnel can pull log data to be analyzed from external data sources based on common operation methods when loading data for log analysis. It effectively reduces the labor cost of business offline analysis ETL, can seamlessly connect to the data processing ecosystem of the data analysis engine, and improves data query efficiency. In addition, log data from external data sources are loaded into the data analysis engine in the form of log input blocks to effectively reduce I/O resource consumption in the data pulling process, further improve the analysis efficiency of log data, and adapt to big data. Log analysis scenario.
其中,若日志文件具有索引信息,则可以直接基于索引信息定位到具体的日志文件,如可以将日志文件的log_ID构建索引,则在查询时能够直接基于相应的log_ID确定出对应的日志文件。若日志文件不具有索引信息,则需要依次遍历每一日志文件以与查询的log_ID做对比进行判断。基于此,本公开提供以下实施例。Among them, if the log file has index information, the specific log file can be directly located based on the index information. For example, the log_ID of the log file can be indexed, and the corresponding log file can be directly determined based on the corresponding log_ID during query. If the log file does not have index information, each log file needs to be traversed in order to compare with the queried log_ID for judgment. Based on this, the present disclosure provides the following examples.
在一种可能的实施例中,所述对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块可以包括:In a possible embodiment, virtualizing the log data into blocks and obtaining the log data blocks corresponding to the log data may include:
若所述日志文件具有索引信息,则确定多个时间分段,并将所述日志文件中的日志数据映射至所述日志文件的时间信息所属的时间分段对应的日志数据块,其中,所述时间分段与所述日志数据块一一对应。If the log file has index information, multiple time segments are determined, and the log data in the log file is mapped to the log data block corresponding to the time segment to which the time information of the log file belongs, where: The time segments correspond to the log data blocks one-to-one.
示例地,可以按照预设时长进行时间分段,如预设时长可以根据实际应用场景进行设置,如拉取的日志数据为当天的数据则预设时长可以设置为1小时,即每一小时对应一个时间分段,如0点-1点生成的日志文件可以映射至同一日志数据块。进一步地,在对日志数据进行日志数据块虚拟化时,则可以基于该日志数据所属的日志文件的时间信息进行存储,如日志数据所属的日志文件的时间信息为0点12分,则将其映射至0点-1点的时间分段对应的日志数据块;如日志数据所属的日志文件的时间信息为1点12分,则其映射至1点-2点的时间分段对应的日志数据块。For example, time segmentation can be performed according to the preset duration. For example, the preset duration can be set according to the actual application scenario. If the log data pulled is the data of the day, the preset duration can be set to 1 hour, that is, each hour corresponds to A time segment, such as log files generated from 0 o'clock to 1 o'clock, can be mapped to the same log data block. Further, when the log data is virtualized in log data blocks, it can be stored based on the time information of the log file to which the log data belongs. For example, if the time information of the log file to which the log data belongs is 0:12, then it will be stored. Map to the log data block corresponding to the time segment from 0 o'clock to 1 o'clock; if the time information of the log file to which the log data belongs is 1:12, then it is mapped to the log data corresponding to the time segment from 1 o'clock to 2 o'clock piece.
由此,通过上述技术方案,可以实现对外接数据源中的查询到的数据的虚拟分块,以便与数据分析引擎中的处理数据集的分区单元一一对应,提高数据拉取效率的同时也能够保证数据分析引擎中对日志数据的分析效率。Therefore, through the above technical solution, the queried data in the external data source can be virtually divided into blocks, so as to correspond one-to-one with the partition unit for processing the data set in the data analysis engine, which not only improves the efficiency of data extraction, but also improves the data extraction efficiency. It can ensure the efficiency of analyzing log data in the data analysis engine.
若所述日志文件不具有索引信息,则依次遍历每一所述日志数据,若当前的日志数据块中映射的日志数据的数量未达到数量阈值,则将遍历到的日志数据映射至当前的日志数据块,若当前的日志数据块中映射的日志数据的数量达到数量阈值,则将遍历到的日志数据映射至下一日志数据块。If the log file does not have index information, each log data is traversed in turn. If the number of log data mapped in the current log data block does not reach the quantity threshold, the traversed log data is mapped to the current log. Data block, if the number of mapped log data in the current log data block reaches the quantity threshold, the traversed log data will be mapped to the next log data block.
其中,所述数量阈值可以基于实际应用场景进行设置。则在实施例中可以基于该数量阈值依次对每一日志数据块进行映射,在当前日志数据块映射完成后再对下一日志数据块进行映射。示例地,若当前的日志数据块为第一个日志数据块,若其中映射的日志数据的数量未达到数量阈值,则将遍历到的日志数据映射至该第一个日志数据块。之后经过多次映射后,若第一个日志数据块中映射的日志数据的数量达到数量阈值,则将遍历到的日志数据映射至下一日志数据块,即第二个日志数据块中,便于数据拉取的效率和稳定性。The quantity threshold can be set based on actual application scenarios. In this embodiment, each log data block can be mapped sequentially based on the quantity threshold, and the next log data block can be mapped after the mapping of the current log data block is completed. For example, if the current log data block is the first log data block, and if the number of log data mapped therein does not reach the quantity threshold, the traversed log data is mapped to the first log data block. After multiple mappings, if the number of mapped log data in the first log data block reaches the quantity threshold, the traversed log data will be mapped to the next log data block, that is, the second log data block, for convenience Efficiency and stability of data pulling.
又如,也可以预先设置日志数据块对应的最大数据量,则依次遍历每一所述日志数据,若当前的日志数据块中映射的日志数据的数据量未达到最大数据量,则将遍历到的日志数据映射至当前的日志数据块,若当前的日志数据块中映射的日志数据的数据量达到最大数据量,则将遍历到的日志数据映射至下一日志数据块。作为另一示例,也可以设置该最大数据量和数量阈值,在遍历每一所述日志数据时,若两者中的任一者达到,则将遍历到的日志数据映射至下一日志数据块。For another example, the maximum data amount corresponding to the log data block can also be set in advance, and then each log data is traversed in sequence. If the data amount of the log data mapped in the current log data block does not reach the maximum data amount, it will be traversed to The log data is mapped to the current log data block. If the amount of log data mapped in the current log data block reaches the maximum data amount, the traversed log data is mapped to the next log data block. As another example, the maximum data amount and quantity threshold can also be set. When traversing each log data, if either of the two is reached, the traversed log data will be mapped to the next log data block. .
在一种可能的实施例中,每一所述日志数据块包含多个日志数据分段。示例地,可以预先设置每一日志数据分段对应的数据量阈值,该数据量阈值可以基于实际应用场景进行设置,如可以设置为5M,本公开对此不作限定。示例地,本公开中的一种实施例下加载日志数据的示意图如图2所示。其中,A1-An用于表示n个日志数据块datablock,A11-A1m用于表示日志数据块A1中的m个日志数据分段fragment。其中T用于表示物理文件集,即在日志存储平台底层对应多个物理文件集,单个物理文件集对应多个日志数据块,每一日志数据块最多对应一个物理文件集。在该实施例下,数据块列表中可以包含A1-An。如基于图2,在数据分析引擎Spark中,驱动可以为driver,其为用于驱动整个运行的程序,执行单元可以是Executor,其是集群中工作节点(Worker)中的一个JVM进程,负责在Spark作业中运行具体任务。In a possible embodiment, each log data block includes multiple log data segments. For example, the data volume threshold corresponding to each log data segment can be set in advance. The data volume threshold can be set based on actual application scenarios. For example, it can be set to 5M, which is not limited in this disclosure. By way of example, a schematic diagram of loading log data under an embodiment of the present disclosure is shown in Figure 2. Among them, A1-An is used to represent n log data blocks datablock, and A11-A1m is used to represent m log data fragments in log data block A1. Among them, T is used to represent a physical file set, that is, at the bottom of the log storage platform, it corresponds to multiple physical file sets. A single physical file set corresponds to multiple log data blocks, and each log data block corresponds to at most one physical file set. In this embodiment, the data block list may contain A1-An. As shown in Figure 2, in the data analysis engine Spark, the driver can be a driver, which is a program used to drive the entire operation, and the execution unit can be an Executor, which is a JVM process in the worker node (Worker) in the cluster, responsible for Run specific tasks in Spark jobs.
相应地,所述基于所述日志数据块将所述日志数据加载至所述数据分析引擎的示例性实现方式可以包括:Accordingly, the exemplary implementation of loading the log data to the data analysis engine based on the log data block may include:
针对每一所述日志数据块,依次将所述日志数据块中的每一日志数据分段读取至所述数据分析引擎的运行内存,并对所述日志数据分段进行解析获得目标格式下的日志记录,其中,所述目标格式为所述数据分析引擎进行操作的数据格式。For each log data block, each log data segment in the log data block is sequentially read into the running memory of the data analysis engine, and the log data segments are parsed to obtain the target format. Log records, wherein the target format is a data format operated by the data analysis engine.
示例地,可以在日志数据块中设置游标,以标识已读取的日志数据分段,如针对日志数据块A1,初始游标指示该日志数据块A1的起始位置,之后读取其中的第一个日志数据分段A11,此时游标指示下一日志数据分段A12的位置。For example, a cursor can be set in the log data block to identify the read log data segments. For example, for the log data block A1, the initial cursor indicates the starting position of the log data block A1, and then the first segment of the log data block A1 is read. log data segment A11. At this time, the cursor indicates the position of the next log data segment A12.
其中,在读取第一个日志数据分段A11至数据分析引擎的运行内存之后,可以对该日志数据分段中的数据进行解析,以解析为能够被数据分析引擎所识别的日志记录。在将日志数据分段A11中的数据解析完成之后,则可以基于游标进一步读取日志数据分段A12至数据分析引擎的运行内存,并对日志数据分段A12的数据进行解析,依次类推,直至当前日志数据块A1中的各个日志数据分段被读取完。之后则可以读取下一日志数据块A2。其读取方式与上文所述方式相同,在此不再赘述。After the first log data segment A11 is read into the running memory of the data analysis engine, the data in the log data segment can be parsed into log records that can be recognized by the data analysis engine. After parsing the data in log data segment A11, you can further read log data segment A12 to the running memory of the data analysis engine based on the cursor, and parse the data in log data segment A12, and so on, until Each log data segment in the current log data block A1 has been read. Then the next log data block A2 can be read. The reading method is the same as described above and will not be described again here.
由此,通过上述技术方案,可以将每个日志数据块进一步分为多个日志数据分段,并将日志数据分段作为数据分析引擎中拉取数据的最小数据集,从而可以在有效降低数据拉取过程中的I/O资源消耗的同时也可以避免一次性拉取过多数据对整个集群中的各个其他业务的影响,保证日志分析过程的效率和稳定性。Therefore, through the above technical solution, each log data block can be further divided into multiple log data segments, and the log data segments can be used as the minimum data set for pulling data in the data analysis engine, thus effectively reducing the data processing time. While I/O resource consumption during the pulling process can also avoid the impact of pulling too much data at one time on other businesses in the entire cluster, ensuring the efficiency and stability of the log analysis process.
在一种可能的实施例中,每一所述日志数据分段中包含多条记录,如每条记录对应于一个数据行。如上文所示,在数据分析引擎内部其多数是以数据行Record进行交互直接映射到Spark内部RDD[lnternalRow],SparkSQL在执行物理计划操作RDD时,会全部使用RDD[lnternalRow]类型进行操作。相应地,为了实现与数据分析引擎Spark处理数据的适配,相应地,所述对所述日志数据分段进行解析获得目标格式下的日志记录,可以包括:In a possible embodiment, each log data segment contains multiple records, for example, each record corresponds to a data row. As shown above, within the data analysis engine, most of them interact with data rows Record and are directly mapped to Spark's internal RDD[lnternalRow]. When SparkSQL performs physical plan operations on RDD, it will all use the RDD[lnternalRow] type for operations. Correspondingly, in order to achieve adaptation to data processing by the data analysis engine Spark, correspondingly, parsing the log data segments to obtain log records in the target format may include:
针对所述日志数据分段中的每一记录,解析所述记录对应的各个字段和所述字段的字段值;For each record in the log data segment, parse each field corresponding to the record and the field value of the field;
将所述记录中的字段作为key值、所述字段的字段值作为value值转换为键值对结构;Convert the fields in the record as key values and the field values of the fields as value values into a key-value pair structure;
基于所述键值对结构进行目标格式转换,获得所述日志记录。Target format conversion is performed based on the key-value pair structure to obtain the log record.
示例地,日志数据分段中可以包含N条记录,本公开中将日志数据分段加载到数据分析引擎的运行时内存当中,并进一步对记录进行解析,如可以依次遍历每一记录以生成该记录对应的键值对结构。例如,每一记录中包含M个字段,则该日志数据分段对应的日志记录可以以Map结构表示,即N组K-V数据结构,每一组K-V数据结构中又包含M组K-V对(键值对)。For example, the log data segments may contain N records. In this disclosure, the log data segments are loaded into the runtime memory of the data analysis engine, and the records are further parsed. For example, each record may be traversed in sequence to generate the Record the corresponding key-value pair structure. For example, if each record contains M fields, the log records corresponding to the log data segment can be represented by a Map structure, that is, N sets of K-V data structures, and each set of K-V data structures contains M sets of K-V pairs (key-value right).
之后则可以依次遍历K-V数据结构,基于数据分析引擎中的目标格式转换方式获得日志记录,其中,该目标格式可以为RDD[lnternalRow],其可以基于本领域中转RDD[lnternalRow]的方式进行格式转换,在此不再赘述。After that, the K-V data structure can be traversed in sequence, and the log records can be obtained based on the target format conversion method in the data analysis engine. The target format can be RDD[lnternalRow], which can be converted based on the method of transferring RDD[lnternalRow] in this field. , which will not be described in detail here.
由此,通过上述技术方案,可以进一步对日志数据分段进行解析以及实现从数据块到K-V数据结构的映射,则在数据分析引擎Spark内部转RDD[lnternalRow]时,一次I/O处理可以从解析后的内存K-V数据结构获取该日志数据分段中的多条日志记录,既可以实现外部数据源的拉取的数据与数据分析引擎内存函数操作处理的数据类型的一致性,又能够有效降低I/O资源消耗,提高日志分析效率。Therefore, through the above technical solution, log data segments can be further parsed and mapped from data blocks to K-V data structures. When the data analysis engine Spark internally converts RDD[lnternalRow], an I/O process can be performed from The parsed memory K-V data structure obtains multiple log records in the log data segment, which can not only achieve consistency between the data pulled from the external data source and the data type processed by the data analysis engine memory function operation, but also effectively reduce I/O resource consumption improves log analysis efficiency.
在一种可能的实施例中,在将日志数据进行虚拟化分块,获得日志数据对应的日志数据块的步骤之前,所述方法还可以包括:In a possible embodiment, before the step of virtualizing the log data into blocks and obtaining log data blocks corresponding to the log data, the method may further include:
确定所述查询语句中的查询字段。Determine the query fields in the query statement.
其中目标数据表中包含多个字段,而在对数据进行查询时返回的字段中可能只有其中的部分字段,则该实施例中可以先基于查询语句确定出其中需要进行返回的字段。示例地,查询语句为SQL语句,则可以将SQL语句中的Select对应的字段作为该查询字段,即经过此次数据查询需要返回的字段。The target data table contains multiple fields, and only some of the fields may be returned when querying the data. In this embodiment, the fields that need to be returned may first be determined based on the query statement. For example, if the query statement is a SQL statement, the field corresponding to Select in the SQL statement can be used as the query field, that is, the field that needs to be returned after this data query.
将从所述日志数据源的日志文件中获取到的所述日志数据中、除所述查询字段之外的其他字段删除,将删除后所得的数据作为新的日志数据。Fields other than the query field are deleted from the log data obtained from the log file of the log data source, and the deleted data is used as new log data.
示例地,目标数据表中包含50个字段,查询字段包含字段Z1、Z2和Z3,则该实施例中,从所述日志数据源的日志文件中获取到的所述日志数据进行字段删减,即在将外部数据源的数据进行加载之前,可以对查询到的数据中非必需的字段(即查询字段之外的字段)进行删除,使得新的日志数据中只保留要查询的字段,从而可以有效降低需要进行加载的数据量,同时也可以保证满足数据查询的结果展示所需的数据,有效降低数据加载对带宽的占用,提升日志数据的加载和分析效率。For example, the target data table contains 50 fields, and the query field includes fields Z1, Z2, and Z3. In this embodiment, the log data obtained from the log file of the log data source is field deleted, That is, before loading the data from the external data source, you can delete the non-essential fields in the queried data (that is, the fields other than the query fields), so that only the fields to be queried are retained in the new log data, so that you can It effectively reduces the amount of data that needs to be loaded, and at the same time ensures that the data required for the display of data query results is met, effectively reduces the bandwidth occupied by data loading, and improves the efficiency of loading and analyzing log data.
在一种可能的实施例中,在将日志数据进行虚拟化分块,获得日志数据对应的日志数据块的步骤之前,所述方法还可以包括:In a possible embodiment, before the step of virtualizing the log data into blocks and obtaining log data blocks corresponding to the log data, the method may further include:
对从所述日志数据源的日志文件中获取到的所述日志数据进行压缩处理,并将压缩处理后所得的数据作为新的日志数据。Compress the log data obtained from the log file of the log data source, and use the compressed data as new log data.
作为示例,压缩处理可以是直接获取到的日志数据进行压缩处理,从而可以降低需要加载的日志数据的数据量。作为另一示例,其可以针对日志数据中的每一字段的数据分别进行压缩,从而获得每一字段的压缩数据,并将各个字段的压缩数据作为新的日志数据。其中,压缩处理可以基于本领域中通用的压缩方式,在此不做限定。As an example, compression processing can be performed on directly obtained log data, thereby reducing the amount of log data that needs to be loaded. As another example, it can separately compress the data of each field in the log data to obtain the compressed data of each field, and use the compressed data of each field as new log data. The compression processing may be based on a common compression method in the field, which is not limited here.
由此,通过对需要加载的日志数据进行压缩,以进一步降低需要进行加载的数据量,从而可以更加适用于大数据集下的日志数据的加载场景,并进一步提升数据加载的效率。Therefore, by compressing the log data that needs to be loaded, the amount of data that needs to be loaded is further reduced, which makes it more suitable for loading scenarios of log data under large data sets and further improves the efficiency of data loading.
作为另一示例,在获得每一字段的压缩数据后,可以进一步将查询字段之外的其他字段的压缩数据删除,即将查询字段的压缩数据作为新的目标数据,以进行后续的虚拟化分块处理,可以进一步提高日志数据的加载和分析效率。As another example, after obtaining the compressed data of each field, the compressed data of other fields other than the query field can be further deleted, that is, the compressed data of the query field can be used as new target data for subsequent virtualization segmentation. Processing can further improve the efficiency of loading and analyzing log data.
在一种可能的实施例中,所述方法还可以包括:In a possible embodiment, the method may further include:
在数据分析引擎中启动谓词下推模式时,确定所述查询语句中进行谓词下推的目标查询条件。When the predicate pushdown mode is started in the data analysis engine, the target query conditions for predicate pushdown in the query statement are determined.
其中,在Hive中通过配置hive.optimize.ppd参数为true,开启谓词下推。谓词下推可以是将过滤表达式尽可能移动至靠近数据源的位置,以使真正执行时能直接跳过无关的数据。如SQL中的谓词主要有like、between、is null、in、=、!=等。示例地,基于谓词下推的判断规则确定查询语句进行谓词下推的目标查询条件,即可以直接在外接数据源中进行数据过滤的条件。如保留表的谓词写在join中不能进行谓词下推,需要用where;在join关联情况下,过滤条件无论写在join中还是where中都可以进行谓词下推,其目标查询条件可以基于实际的查询语句和Hive中谓词下推的规则进行判断。Among them, predicate pushdown is enabled in Hive by configuring the hive.optimize.ppd parameter to true. Predicate pushdown can move the filter expression as close to the data source as possible so that irrelevant data can be skipped directly during actual execution. For example, the predicates in SQL mainly include like, between, is null, in, =,! =Wait. For example, the judgment rule based on predicate pushdown determines the target query conditions for predicate pushdown of the query statement, that is, the conditions for data filtering in the external data source. If the predicate of the reserved table is written in join and predicate push-down cannot be performed, you need to use where; in the case of join association, filter conditions can be predicate push-down regardless of whether they are written in join or where, and the target query conditions can be based on the actual The query statement and the rules of predicate pushdown in Hive are judged.
相应地,所述根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,包括:Correspondingly, querying the target data table in the data warehouse according to the query statement and determining the log data in the log data source and the log file to which the log data belongs includes:
根据所述目标查询条件查询所述目标数据表,确定所述日志数据以及所述日志数据所属的日志文件。Query the target data table according to the target query condition to determine the log data and the log file to which the log data belongs.
则该实施例中,可以基于进行谓词下推的目标查询条件在目标数据表中进行查询,比如where条件命中索引,可以直接在外部数据源的位置进行数据过滤,而在数据分析引擎中该目标查询条件无需再次执行。In this embodiment, the target data table can be queried based on the target query condition for predicate pushdown. For example, if the where condition hits the index, the data can be filtered directly at the location of the external data source, and the target in the data analysis engine The query conditions do not need to be executed again.
由此,通过上述技术方案,谓词下推的目标查询条件将在数据源端提前执行,减少数据源端输出,降低了数据传输I/O,避免将无效数据加载至数据分析引擎中,可以支持超大规模、长时间周期数据集的离线分析,既可以降低数据传输的数据量,又能够避免加载大量数据在数据分析引擎中进行数据查询和过滤对日志分析效率的影响,提高数据分析引擎处理数据集的执行速度。Therefore, through the above technical solution, the target query condition of predicate pushdown will be executed in advance on the data source side, reducing the output of the data source side, reducing data transmission I/O, avoiding loading invalid data into the data analysis engine, and supporting Offline analysis of very large-scale, long-term data sets can not only reduce the amount of data transmitted, but also avoid the impact of loading large amounts of data on the log analysis efficiency of data query and filtering in the data analysis engine, and improve the data processing engine of the data analysis engine. Set execution speed.
基于上文所述的各个实施例,在加载日志数据至数据分析引擎后,则可以基于数据分析引擎中的函数和方法执行相应的日志分析过程,分析任务结束日志分析的结果可以输出到数据分析引擎中的指定HDFS(Hadoop Distributed File System,Hadoop分布式文件系统)目录,最后通过数据分析引擎中的异步Rest Api展示到结果页面上。其中该过程中可以基于数据分析引擎中的原生方法实现,在此不再赘述。Based on the above-mentioned embodiments, after loading the log data to the data analysis engine, the corresponding log analysis process can be executed based on the functions and methods in the data analysis engine, and the results of the log analysis after the analysis task is completed can be output to the data analysis engine. The specified HDFS (Hadoop Distributed File System, Hadoop Distributed File System) directory in the engine is finally displayed on the result page through the asynchronous Rest API in the data analysis engine. This process can be implemented based on the native method in the data analysis engine, and will not be described again here.
基于同样的发明构思,本公开还提供一种日志数据处理装置,如图3所示,所述装置10包括:Based on the same inventive concept, the present disclosure also provides a log data processing device. As shown in Figure 3, the device 10 includes:
接收模块100,用于接收数据分析引擎中待分析的日志数据对应的查询语句;The receiving module 100 is used to receive query statements corresponding to the log data to be analyzed in the data analysis engine;
第一确定模块200,用于根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;The first determination module 200 is used to query the target data table in the data warehouse according to the query statement, and determine the log data in the log data source and the log file to which the log data belongs, wherein the log data source is The external data source corresponding to the data analysis engine, the target data table contains the field information of the log file;
获取模块300,用于从所述日志数据源的日志文件中获取所述日志数据;The acquisition module 300 is used to acquire the log data from the log file of the log data source;
第一处理模块400,用于对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;The first processing module 400 is used to virtualize the log data into blocks and obtain log data blocks corresponding to the log data;
加载模块500,用于基于所述日志数据块将所述日志数据加载至所述数据分析引擎。The loading module 500 is used to load the log data to the data analysis engine based on the log data block.
可选地,每一所述日志数据块包含多个日志数据分段;Optionally, each log data block includes multiple log data segments;
所述加载模块包括:The loading modules include:
加载子模块,用于针对每一所述日志数据块,依次将所述日志数据块中的每一日志数据分段读取至所述数据分析引擎的运行内存,并对所述日志数据分段进行解析获得目标格式下的日志记录,其中,所述目标格式为所述数据分析引擎进行操作的数据格式。Loading sub-module, used for each log data block, sequentially read each log data segment in the log data block to the running memory of the data analysis engine, and segment the log data Perform parsing to obtain log records in a target format, where the target format is a data format operated by the data analysis engine.
可选地,每一所述日志数据分段中包含多条记录;Optionally, each log data segment contains multiple records;
所述加载子模块包括:The loading submodules include:
解析子模块,用于针对所述日志数据分段中的每一记录,解析所述记录对应的各个字段和所述字段的字段值;A parsing sub-module, used for parsing, for each record in the log data segment, each field corresponding to the record and the field value of the field;
第一转换子模块,用于将所述记录中的字段作为key值、所述字段的字段值作为value值转换为键值对结构;The first conversion submodule is used to convert the fields in the record as key values and the field values of the fields as value values into a key-value pair structure;
第二转换子模块,用于基于所述键值对结构进行目标格式转换,获得所述日志记录。The second conversion submodule is used to perform target format conversion based on the key-value pair structure to obtain the log record.
可选地,所述第一处理模块,包括:Optionally, the first processing module includes:
第一处理子模块,用于若所述日志文件具有索引信息,则确定多个时间分段,并将所述日志文件中的日志数据映射至所述日志文件的时间信息所属的时间分段对应的日志数据块,其中,所述时间分段与所述日志数据块一一对应;The first processing submodule is used to determine multiple time segments if the log file has index information, and map the log data in the log file to the time segment corresponding to the time information of the log file. log data block, wherein the time segment corresponds to the log data block one-to-one;
第二处理子模块,用于若所述日志文件不具有索引信息,则遍历每一所述日志数据,若当前的日志数据块中映射的日志数据的数量未达到数量阈值,则将遍历到的日志数据映射至当前的日志数据块,若当前的日志数据块中映射的日志数据的数量达到数量阈值,则将遍历到的日志数据映射至下一日志数据块。The second processing submodule is used to traverse each of the log data if the log file does not have index information. If the number of mapped log data in the current log data block does not reach the quantity threshold, traverse the Log data is mapped to the current log data block. If the number of mapped log data in the current log data block reaches the quantity threshold, the traversed log data is mapped to the next log data block.
可选地,所述装置还包括:Optionally, the device also includes:
第二确定模块,用于在所述第一处理模块对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块之前,确定所述查询语句中的查询字段;The second determination module is configured to determine the query field in the query statement before the first processing module virtualizes the log data into blocks and obtains the log data blocks corresponding to the log data;
第二处理模块,用于将从所述日志数据源的日志文件中获取到的所述日志数据中、除所述查询字段之外的其他字段删除,将删除后所得的数据作为新的日志数据。The second processing module is configured to delete other fields except the query field from the log data obtained from the log file of the log data source, and use the deleted data as new log data. .
可选地,所述装置还包括:Optionally, the device also includes:
第三处理模块,用于在所述第一处理模块对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块之前,对从所述日志数据源的日志文件中获取到的所述日志数据进行压缩处理,并将压缩处理后所得的数据作为新的日志数据。The third processing module is configured to virtualize the log data into blocks by the first processing module and obtain the log data blocks corresponding to the log data. The log data is compressed, and the data obtained after the compression is used as new log data.
可选地,所述装置还包括:Optionally, the device also includes:
第三确定模块,用于在数据分析引擎中启动谓词下推模式时,确定所述查询语句中进行谓词下推的目标查询条件;The third determination module is used to determine the target query conditions for predicate pushdown in the query statement when the predicate pushdown mode is started in the data analysis engine;
所述第一确定模块进一步用于:The first determination module is further used for:
根据所述目标查询条件查询所述目标数据表,确定所述日志数据以及所述日志数据所属的日志文件。Query the target data table according to the target query condition to determine the log data and the log file to which the log data belongs.
下面参考图4,其示出了适于用来实现本公开实施例的电子设备600的结构示意图。本公开实施例中的终端设备可以包括但不限于诸如移动电话、笔记本电脑、数字广播接收器、PDA(个人数字助理)、PAD(平板电脑)、PMP(便携式多媒体播放器)、车载终端(例如车载导航终端)等等的移动终端以及诸如数字TV、台式计算机等等的固定终端。图4示出的电子设备仅仅是一个示例,不应对本公开实施例的功能和使用范围带来任何限制。Referring now to FIG. 4 , a schematic structural diagram of an electronic device 600 suitable for implementing embodiments of the present disclosure is shown. Terminal devices in embodiments of the present disclosure may include, but are not limited to, mobile phones, laptops, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Tablets), PMPs (Portable Multimedia Players), vehicle-mounted terminals (such as Mobile terminals such as car navigation terminals) and fixed terminals such as digital TVs, desktop computers, etc. The electronic device shown in FIG. 4 is only an example and should not impose any limitations on the functions and scope of use of the embodiments of the present disclosure.
如图4所示,电子设备600可以包括处理装置(例如中央处理器、图形处理器等)601,其可以根据存储在只读存储器(ROM)602中的程序或者从存储装置608加载到随机访问存储器(RAM)603中的程序而执行各种适当的动作和处理。在RAM 603中,还存储有电子设备600操作所需的各种程序和数据。处理装置601、ROM 602以及RAM 603通过总线604彼此相连。输入/输出(I/O)接口605也连接至总线604。As shown in FIG. 4 , the electronic device 600 may include a processing device (eg, central processing unit, graphics processor, etc.) 601 , which may be loaded into a random access device according to a program stored in a read-only memory (ROM) 602 or from a storage device 608 . The program in the memory (RAM) 603 executes various appropriate actions and processes. In the RAM 603, various programs and data required for the operation of the electronic device 600 are also stored. The processing device 601, ROM 602 and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
通常,以下装置可以连接至I/O接口605:包括例如触摸屏、触摸板、键盘、鼠标、摄像头、麦克风、加速度计、陀螺仪等的输入装置606;包括例如液晶显示器(LCD)、扬声器、振动器等的输出装置607;包括例如磁带、硬盘等的存储装置608;以及通信装置609。通信装置609可以允许电子设备600与其他设备进行无线或有线通信以交换数据。虽然图4示出了具有各种装置的电子设备600,但是应理解的是,并不要求实施或具备所有示出的装置。可以替代地实施或具备更多或更少的装置。Generally, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; including, for example, a liquid crystal display (LCD), speakers, vibration An output device 607 such as a computer; a storage device 608 including a magnetic tape, a hard disk, etc.; and a communication device 609. Communication device 609 may allow electronic device 600 to communicate wirelessly or wiredly with other devices to exchange data. Although FIG. 4 illustrates electronic device 600 with various means, it should be understood that implementation or availability of all illustrated means is not required. More or fewer means may alternatively be implemented or provided.
特别地,根据本公开的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本公开的实施例包括一种计算机程序产品,其包括承载在非暂态计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的实施例中,该计算机程序可以通过通信装置609从网络上被下载和安装,或者从存储装置608被安装,或者从ROM 602被安装。在该计算机程序被处理装置601执行时,执行本公开实施例的方法中限定的上述功能。In particular, according to embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product including a computer program carried on a non-transitory computer-readable medium, the computer program containing program code for performing the method illustrated in the flowchart. In such embodiments, the computer program may be downloaded and installed from the network via communication device 609, or from storage device 608, or from ROM 602. When the computer program is executed by the processing device 601, the above functions defined in the method of the embodiment of the present disclosure are performed.
需要说明的是,本公开上述的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本公开中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本公开中,计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读信号介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:电线、光缆、RF(射频)等等,或者上述的任意合适的组合。It should be noted that the computer-readable medium mentioned above in the present disclosure may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two. The computer-readable storage medium may be, for example, but is not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or any combination thereof. More specific examples of computer readable storage media may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard drive, random access memory (RAM), read only memory (ROM), removable Programmed read-only memory (EPROM or flash memory), fiber optics, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above. In this disclosure, a computer-readable storage medium may be any tangible medium that contains or stores a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, carrying computer-readable program code therein. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. A computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium that can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device . Program code embodied on a computer-readable medium may be transmitted using any suitable medium, including but not limited to: wire, optical cable, RF (radio frequency), etc., or any suitable combination of the above.
在一些实施方式中,客户端、服务器可以利用诸如HTTP(HyperText TransferProtocol,超文本传输协议)之类的任何当前已知或未来研发的网络协议进行通信,并且可以与任意形式或介质的数字数据通信(例如,通信网络)互连。通信网络的示例包括局域网(“LAN”),广域网(“WAN”),网际网(例如,互联网)以及端对端网络(例如,ad hoc端对端网络),以及任何当前已知或未来研发的网络。In some embodiments, the client and server can communicate using any currently known or future developed network protocol such as HTTP (HyperText Transfer Protocol), and can communicate with digital data in any form or medium. (e.g., communications network) interconnection. Examples of communication networks include local area networks ("LAN"), wide area networks ("WAN"), the Internet (e.g., the Internet), and end-to-end networks (e.g., ad hoc end-to-end networks), as well as any currently known or developed in the future network of.
上述计算机可读介质可以是上述电子设备中所包含的;也可以是单独存在,而未装配入该电子设备中。The above-mentioned computer-readable medium may be included in the above-mentioned electronic device; it may also exist independently without being assembled into the electronic device.
上述计算机可读介质承载有一个或者多个程序,当上述一个或者多个程序被该电子设备执行时,使得该电子设备:接收数据分析引擎中待分析的日志数据对应的查询语句;根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;从所述日志数据源的日志文件中获取所述日志数据;对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;基于所述日志数据块将所述日志数据加载至所述数据分析引擎。The computer-readable medium carries one or more programs. When the one or more programs are executed by the electronic device, the electronic device: receives a query statement corresponding to the log data to be analyzed in the data analysis engine; according to the The query statement queries the target data table in the data warehouse, and determines the log data in the log data source and the log file to which the log data belongs, where the log data source is an external data source corresponding to the data analysis engine, The target data table contains field information of the log file; the log data is obtained from the log file of the log data source; the log data is virtualized into blocks to obtain the log corresponding to the log data Data block; load the log data to the data analysis engine based on the log data block.
可以以一种或多种程序设计语言或其组合来编写用于执行本公开的操作的计算机程序代码,上述程序设计语言包括但不限于面向对象的程序设计语言—诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言——诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LAN)或广域网(WAN)——连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。Computer program code for performing the operations of the present disclosure may be written in one or more programming languages, including but not limited to object-oriented programming languages—such as Java, Smalltalk, C++, and Includes conventional procedural programming languages - such as "C" or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In situations involving remote computers, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as an Internet service provider). connected via the Internet).
附图中的流程图和框图,图示了按照本公开各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operations of possible implementations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagram may represent a module, segment, or portion of code that contains one or more logic functions that implement the specified executable instructions. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown one after another may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved. It will also be noted that each block of the block diagram and/or flowchart illustration, and combinations of blocks in the block diagram and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or operations. , or can be implemented using a combination of specialized hardware and computer instructions.
描述于本公开实施例中所涉及到的模块可以通过软件的方式实现,也可以通过硬件的方式来实现。其中,模块的名称在某种情况下并不构成对该模块本身的限定,例如,接收模块还可以被描述为“接收数据分析引擎中待分析的日志数据对应的查询语句的模块”。The modules involved in the embodiments of the present disclosure can be implemented in software or hardware. Among them, the name of the module does not constitute a limitation on the module itself under certain circumstances. For example, the receiving module can also be described as "a module that receives query statements corresponding to the log data to be analyzed in the data analysis engine."
本文中以上描述的功能可以至少部分地由一个或多个硬件逻辑部件来执行。例如,非限制性地,可以使用的示范类型的硬件逻辑部件包括:现场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、片上系统(SOC)、复杂可编程逻辑设备(CPLD)等等。The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, and without limitation, exemplary types of hardware logic components that may be used include: Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), Systems on Chips (SOCs), Complex Programmable Logical device (CPLD) and so on.
在本公开的上下文中,机器可读介质可以是有形的介质,其可以包含或存储以供指令执行系统、装置或设备使用或与指令执行系统、装置或设备结合地使用的程序。机器可读介质可以是机器可读信号介质或机器可读储存介质。机器可读介质可以包括但不限于电子的、磁性的、光学的、电磁的、红外的、或半导体系统、装置或设备,或者上述内容的任何合适组合。机器可读存储介质的更具体示例会包括基于一个或多个线的电气连接、便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM或快闪存储器)、光纤、便捷式紧凑盘只读存储器(CD-ROM)、光学储存设备、磁储存设备、或上述内容的任何合适组合。In the context of this disclosure, a machine-readable medium may be a tangible medium that may contain or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. Machine-readable media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, laptop disks, hard drives, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
根据本公开的一个或多个实施例,示例1提供了一种日志数据处理方法,其中,所述方法包括:According to one or more embodiments of the present disclosure, Example 1 provides a log data processing method, wherein the method includes:
接收数据分析引擎中待分析的日志数据对应的查询语句;Receive query statements corresponding to the log data to be analyzed in the data analysis engine;
根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;Query the target data table in the data warehouse according to the query statement to determine the log data in the log data source and the log file to which the log data belongs, where the log data source is an external database corresponding to the data analysis engine. Data source, the target data table contains field information of the log file;
从所述日志数据源的日志文件中获取所述日志数据;Obtain the log data from the log file of the log data source;
对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;Virtualize the log data into blocks to obtain log data blocks corresponding to the log data;
基于所述日志数据块将所述日志数据加载至所述数据分析引擎。Loading the log data to the data analysis engine based on the log data chunks.
根据本公开的一个或多个实施例,示例2提供了示例1的方法,其中,每一所述日志数据块包含多个日志数据分段;According to one or more embodiments of the present disclosure, Example 2 provides the method of Example 1, wherein each log data block includes multiple log data segments;
所述基于所述日志数据块将所述日志数据加载至所述数据分析引擎,包括:Loading the log data to the data analysis engine based on the log data block includes:
针对每一所述日志数据块,依次将所述日志数据块中的每一日志数据分段读取至所述数据分析引擎的运行内存,并对所述日志数据分段进行解析获得目标格式下的日志记录,其中,所述目标格式为所述数据分析引擎进行操作的数据格式。For each log data block, each log data segment in the log data block is sequentially read into the running memory of the data analysis engine, and the log data segments are parsed to obtain the target format. Log records, wherein the target format is a data format operated by the data analysis engine.
根据本公开的一个或多个实施例,示例3提供了示例2的方法,其中,每一所述日志数据分段中包含多条记录;According to one or more embodiments of the present disclosure, Example 3 provides the method of Example 2, wherein each log data segment contains multiple records;
所述对所述日志数据分段进行解析获得目标格式下的日志记录,包括:The step of parsing the log data segments to obtain log records in a target format includes:
针对所述日志数据分段中的每一记录,解析所述记录对应的各个字段和所述字段的字段值;For each record in the log data segment, parse each field corresponding to the record and the field value of the field;
将所述记录中的字段作为key值、所述字段的字段值作为value值转换为键值对结构;Convert the fields in the record as key values and the field values of the fields as value values into a key-value pair structure;
基于所述键值对结构进行目标格式转换,获得所述日志记录。Target format conversion is performed based on the key-value pair structure to obtain the log record.
根据本公开的一个或多个实施例,示例4提供了示例1的方法,其中,所述对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块,包括:According to one or more embodiments of the present disclosure, Example 4 provides the method of Example 1, wherein the step of virtualizing the log data into blocks and obtaining the log data blocks corresponding to the log data includes:
若所述日志文件具有索引信息,则确定多个时间分段,并将所述日志文件中的日志数据映射至所述日志文件的时间信息所属的时间分段对应的日志数据块,其中,所述时间分段与所述日志数据块一一对应;If the log file has index information, multiple time segments are determined, and the log data in the log file is mapped to the log data block corresponding to the time segment to which the time information of the log file belongs, where: The time segments correspond to the log data blocks one-to-one;
若所述日志文件不具有索引信息,则遍历每一所述日志数据,若当前的日志数据块中映射的日志数据的数量未达到数量阈值,则将遍历到的日志数据映射至当前的日志数据块,若当前的日志数据块中映射的日志数据的数量达到数量阈值,则将遍历到的日志数据映射至下一日志数据块。If the log file does not have index information, each log data is traversed. If the number of mapped log data in the current log data block does not reach the quantity threshold, the traversed log data is mapped to the current log data. block, if the number of mapped log data in the current log data block reaches the quantity threshold, the traversed log data will be mapped to the next log data block.
根据本公开的一个或多个实施例,示例5提供了示例1的方法,其中,在所述对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块的步骤之前,所述方法还包括:According to one or more embodiments of the present disclosure, Example 5 provides the method of Example 1, wherein before the step of virtualizing the log data into blocks and obtaining log data blocks corresponding to the log data, The method also includes:
确定所述查询语句中的查询字段;Determine the query fields in the query statement;
将从所述日志数据源的日志文件中获取到的所述日志数据中、除所述查询字段之外的其他字段删除,将删除后所得的数据作为新的日志数据。Fields other than the query field are deleted from the log data obtained from the log file of the log data source, and the deleted data is used as new log data.
根据本公开的一个或多个实施例,示例6提供了示例1的方法,其中,在所述对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块的步骤之前,所述方法还包括:According to one or more embodiments of the present disclosure, Example 6 provides the method of Example 1, wherein before the step of virtualizing the log data into blocks and obtaining log data blocks corresponding to the log data, The method also includes:
对从所述日志数据源的日志文件中获取到的所述日志数据进行压缩处理,并将压缩处理后所得的数据作为新的日志数据。Compress the log data obtained from the log file of the log data source, and use the compressed data as new log data.
根据本公开的一个或多个实施例,示例7提供了示例1的方法,其中,所述方法还包括:According to one or more embodiments of the present disclosure, Example 7 provides the method of Example 1, wherein the method further includes:
在数据分析引擎中启动谓词下推模式时,确定所述查询语句中进行谓词下推的目标查询条件;When starting the predicate pushdown mode in the data analysis engine, determine the target query conditions for predicate pushdown in the query statement;
所述根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,包括:Querying the target data table in the data warehouse according to the query statement and determining the log data in the log data source and the log file to which the log data belongs includes:
根据所述目标查询条件查询所述目标数据表,确定所述日志数据以及所述日志数据所属的日志文件。Query the target data table according to the target query condition to determine the log data and the log file to which the log data belongs.
根据本公开的一个或多个实施例,示例8提供了一种日志数据处理装置,其中,所述装置包括:According to one or more embodiments of the present disclosure, Example 8 provides a log data processing device, wherein the device includes:
接收模块,用于接收数据分析引擎中待分析的日志数据对应的查询语句;The receiving module is used to receive query statements corresponding to the log data to be analyzed in the data analysis engine;
第一确定模块,用于根据所述查询语句查询数据仓库中的目标数据表,确定日志数据源中的所述日志数据以及所述日志数据所属的日志文件,其中,所述日志数据源为所述数据分析引擎对应的外部数据源,所述目标数据表中包含所述日志文件的字段信息;The first determination module is used to query the target data table in the data warehouse according to the query statement, and determine the log data in the log data source and the log file to which the log data belongs, wherein the log data source is the The external data source corresponding to the data analysis engine is specified, and the target data table contains field information of the log file;
获取模块,用于从所述日志数据源的日志文件中获取所述日志数据;An acquisition module, configured to acquire the log data from the log file of the log data source;
第一处理模块,用于对所述日志数据进行虚拟化分块,获得所述日志数据对应的日志数据块;The first processing module is used to virtualize the log data into blocks and obtain the log data blocks corresponding to the log data;
加载模块,用于基于所述日志数据块将所述日志数据加载至所述数据分析引擎。A loading module, configured to load the log data to the data analysis engine based on the log data block.
根据本公开的一个或多个实施例,示例9提供了一种计算机可读介质,其上存储有计算机程序,该程序被处理装置执行时实现示例1-7中任一项所述方法的步骤。According to one or more embodiments of the present disclosure, Example 9 provides a computer-readable medium having a computer program stored thereon, which implements the steps of the method in any one of Examples 1-7 when executed by a processing device. .
根据本公开的一个或多个实施例,示例10提供了一种电子设备,包括:According to one or more embodiments of the present disclosure, Example 10 provides an electronic device, including:
存储装置,其上存储有计算机程序;a storage device having a computer program stored thereon;
处理装置,用于执行所述存储装置中的所述计算机程序,以实现示例1-7中任一项所述方法的步骤。A processing device, configured to execute the computer program in the storage device to implement the steps of the method in any one of Examples 1-7.
以上描述仅为本公开的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本公开中所涉及的公开范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述公开构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本公开中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a description of the preferred embodiments of the present disclosure and the technical principles applied. Those skilled in the art should understand that the disclosure scope involved in the present disclosure is not limited to technical solutions composed of specific combinations of the above technical features, but should also cover solutions composed of the above technical features or without departing from the above disclosed concept. Other technical solutions formed by any combination of equivalent features. For example, a technical solution is formed by replacing the above features with technical features with similar functions disclosed in this disclosure (but not limited to).
此外,虽然采用特定次序描绘了各操作,但是这不应当理解为要求这些操作以所示出的特定次序或以顺序次序执行来执行。在一定环境下,多任务和并行处理可能是有利的。同样地,虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本公开的范围的限制。在单独的实施例的上下文中描述的某些特征还可以组合地实现在单个实施例中。相反地,在单个实施例的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实施例中。Furthermore, although operations are depicted in a specific order, this should not be understood as requiring that these operations be performed in the specific order shown or performed in a sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, although several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the present disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
尽管已经采用特定于结构特征和/或方法逻辑动作的语言描述了本主题,但是应当理解所附权利要求书中所限定的主题未必局限于上面描述的特定特征或动作。相反,上面所描述的特定特征和动作仅仅是实现权利要求书的示例形式。关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are merely example forms of implementing the claims. Regarding the devices in the above embodiments, the specific manner in which each module performs operations has been described in detail in the embodiments related to the method, and will not be described in detail here.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310645429.5ACN116991818A (en) | 2023-06-01 | 2023-06-01 | Log data processing methods, devices, media and electronic equipment |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310645429.5ACN116991818A (en) | 2023-06-01 | 2023-06-01 | Log data processing methods, devices, media and electronic equipment |
| Publication Number | Publication Date |
|---|---|
| CN116991818Atrue CN116991818A (en) | 2023-11-03 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310645429.5APendingCN116991818A (en) | 2023-06-01 | 2023-06-01 | Log data processing methods, devices, media and electronic equipment |
| Country | Link |
|---|---|
| CN (1) | CN116991818A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105138661A (en)* | 2015-09-02 | 2015-12-09 | 西北大学 | Hadoop-based k-means clustering analysis system and method of network security log |
| WO2018183797A1 (en)* | 2017-03-31 | 2018-10-04 | Amazon Technologies, Inc. | Executing queries for structured data and not-structured data |
| CN112182043A (en)* | 2020-10-27 | 2021-01-05 | 网易(杭州)网络有限公司 | Log data query method, device, equipment and storage medium |
| CN114253925A (en)* | 2021-12-01 | 2022-03-29 | 北京人大金仓信息技术股份有限公司 | Method, server, terminal and electronic device for accessing database logs |
| CN114547104A (en)* | 2022-02-14 | 2022-05-27 | 中国平安人寿保险股份有限公司 | Log data query method and device, computer equipment and storage medium |
| WO2023029854A1 (en)* | 2021-09-03 | 2023-03-09 | 北京火山引擎科技有限公司 | Data query method and apparatus, storage medium, and electronic device |
| CN115905154A (en)* | 2022-12-29 | 2023-04-04 | 北斗星通智联科技有限责任公司 | A log data display method, device and electronic equipment |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105138661A (en)* | 2015-09-02 | 2015-12-09 | 西北大学 | Hadoop-based k-means clustering analysis system and method of network security log |
| WO2018183797A1 (en)* | 2017-03-31 | 2018-10-04 | Amazon Technologies, Inc. | Executing queries for structured data and not-structured data |
| CN112182043A (en)* | 2020-10-27 | 2021-01-05 | 网易(杭州)网络有限公司 | Log data query method, device, equipment and storage medium |
| WO2023029854A1 (en)* | 2021-09-03 | 2023-03-09 | 北京火山引擎科技有限公司 | Data query method and apparatus, storage medium, and electronic device |
| CN114253925A (en)* | 2021-12-01 | 2022-03-29 | 北京人大金仓信息技术股份有限公司 | Method, server, terminal and electronic device for accessing database logs |
| CN114547104A (en)* | 2022-02-14 | 2022-05-27 | 中国平安人寿保险股份有限公司 | Log data query method and device, computer equipment and storage medium |
| CN115905154A (en)* | 2022-12-29 | 2023-04-04 | 北斗星通智联科技有限责任公司 | A log data display method, device and electronic equipment |
| Publication | Publication Date | Title |
|---|---|---|
| CN109086409B (en) | Microservice data processing method and device, electronic equipment and computer readable medium | |
| WO2023029854A1 (en) | Data query method and apparatus, storage medium, and electronic device | |
| CN111966692A (en) | Data processing method, medium, device and computing equipment for data warehouse | |
| CN111291103B (en) | Interface data analysis method, device, electronic equipment and storage medium | |
| WO2023273544A1 (en) | Log file storage method and apparatus, device, and storage medium | |
| US20140229628A1 (en) | Cloud-based streaming data receiver and persister | |
| US10866960B2 (en) | Dynamic execution of ETL jobs without metadata repository | |
| CN112883009B (en) | Method and device for processing data | |
| CN113760638B (en) | A log service method and device based on kubernetes cluster | |
| CN112307061B (en) | Method and device for querying data | |
| WO2023202451A1 (en) | Task processing method and apparatus, device, and medium | |
| WO2023231615A1 (en) | Materialized-column creation method and data query method based on data lake | |
| CN117118698A (en) | Access flow limiting method, device and equipment of metadata server | |
| CN116719872A (en) | Database deployment method and database management platform | |
| CN110781159B (en) | Ceph directory file information reading method and device, server and storage medium | |
| CN112948334A (en) | Log processing method and device | |
| US20250156469A1 (en) | Lakehouse metadata change determination method, device, and medium | |
| CN112100211B (en) | Data storage method, apparatus, electronic device, and computer readable medium | |
| US10248702B2 (en) | Integration management for structured and unstructured data | |
| Eugster et al. | Big data analytics beyond the single datacenter | |
| CN117271573A (en) | Data processing method and device and electronic equipment | |
| CN116991818A (en) | Log data processing methods, devices, media and electronic equipment | |
| CN114036107B (en) | Medical data query method and device based on hudi snapshot | |
| CN115587090A (en) | Data storage method, device, equipment and medium based on Doris | |
| US11727022B2 (en) | Generating a global delta in distributed databases |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |