Shulou(Shulou.com)06/01 Report--

I. brief introduction of UAV early warning function

UAV.Monitor provides the early warning function for all-dimensional monitoring indicators, and all types of monitoring indicators can be configured with early warning strategy. When the early warning strategy is triggered, the alarm can be notified by e-mail, HTTP call and other methods, and the alarm action can be suppressed according to the time and frequency of early warning.

Early warning can be divided into three types: flow early warning, statistical early warning and mixed early warning.

Flow early warning will judge each monitoring index data collected in order to achieve the purpose of real-time early warning; statistical early warning is the early warning of the statistical value of indicators in a fixed period of time, usually at a fixed time; hybrid early warning is the combination of flow early warning and statistical early warning.

The same-ring early warning belongs to a kind of statistical early warning.

Second, what is the early warning of the same month

First of all, this paper introduces the concept of the same-ring ratio, which describes the increase / decrease of statistical data, that is, the comparison of the statistical results of a certain period of time (current period) with another previous period of the same length (base period). The year-on-year comparison shows the comparison between this issue and the previous period, for example, between April this year and April last year, between 8: 00 to 9: 00 today and from 8: 00 to 9: 00 yesterday, and from 8: 00 to 9: 00 yesterday. For example, the comparison between April this year and March this year, 8: 00 to 9: 00 today and 7: 00 to 8: 00 today. The same-ring early warning is an early warning of the increase / decrease of the statistical results of the monitoring indicators over a period of time compared with the previous period (or the previous period), that is, if the calculated results of the indicators exceed the range specified by the strategy, an alarm will be given.

Third, the realization of the same ring ratio early warning 3.1 early warning strategy

The early warning conditions and actions are defined by the early warning strategy, and the structure of the early warning strategy is as follows:

Strategy {"type": "," instances ": []," conditions ": []," relations ": []," actions ": []} condition {" expressions ": []}

An early warning strategy (strategy) contains multiple early warning conditions (condition), condition is the smallest early warning decision element, and each condition can contain multiple expressions (Expression); early warning expression defines a single early warning condition, which is divided into statistical (stat) expression and flow (stream) expression, corresponding to statistical early warning condition and flow early warning condition respectively; each relation in relations corresponds to the logical judgment relationship of policy expression Expression in each condition. Instances represents an example of the impact of the early warning, actions represents the alarm action after the early warning is triggered, and type represents the type of early warning strategy. According to the types of expressions included, type is divided into stat strategy with statistical expressions and stream strategy with only flow expressions.

3.2 definition of early warning expression for the same ring ratio

The calculation of the same ring ratio is as follows: same / ring ratio = current period-base period, same / ring ratio = (current period-base period) / base period × 100%. According to the calculation formula, the input conditions we need are:

1) the name of the indicator that needs to be warned.

All the numerical indicators can be used as early warning indicators, such as cpu, visit volume and so on.

2) the current period and the base period.

Because early warning is a real-time action, we limit the time period to 24 hours, and it is better to make direct statistics in the form of weekly or monthly reports for statistics greater than 24 hours, such as a week or a month. The base period is calculated according to the year-on-year cycle or month-on-month interval.

3) the calculation method of the statistical value of the index in the time period.

The comparison with the ring ratio is the statistical value of the index over a period of time, and the statistical methods are summation, average and so on. Since the monitoring history values of UAV are stored in opentsdb, the statistics can be calculated through the aggregation operation that comes with opentsdb.

4) early warning threshold

The upper limit of increase / decrease can be set to a numerical threshold or a percentage threshold.

Stat early warning belongs to statistical early warning, so the expression of same ring early warning is also of statistical type. To sum up, the structure of the early warning expression of the same ring ratio is as follows.

Expression {"type": "stat" "arg": "/ / early warning indicator" time_from ":"/ / initial time period-from" time_to ":"/ / initial time period-to" interval ":" / / month-on-year interval (this item is empty compared to the same period last year) "unit": "/ / year-on-year period (this item is empty)" aggr ":"/ / Statistical method "upperLimit": "/ / ratio upper limit" lowerLimit ":" / / ratio lower limit} 3.3 early warning strategy determination principle

The early warning module determines the early warning expression by triggering flow conditions or scheduled tasks, and the process is as follows

When the early warning strategy decision is triggered, each condition makes the decision independently, traverses each Expression to make the decision, and then combines the Expression decision result according to the logical relationship defined by relation. If the result is true, the result is summarized to the policy decision result, and then the policy decision result is integrated to alarm.

3.4 the principle of early warning and determination of the same ring ratio

The same-ring early warning is a kind of statistical early-warning, so the early-warning process of the same-ring early warning is the early warning process of statistical early warning. The early warning module starts a Timer for statistical strategy determination, which is polled once every minute (because the time of statistical expression is in minutes, so it can be polled every minute) and triggers the decision of statistical strategy.

When the policy is triggered, it will traverse the expressions under each condition and make a decision one by one. The rules for determining the expressions triggered by timing tasks are as follows.

When there is only a statistical expression in the minimum decision element condition, traversing to determine each statistical expression will first determine whether it is the decision time shown by the statistical table, and the same ring ratio expression is determined according to the attribute value time from,timeto and the ring ratio interval or the year-on-year period. If it is not the decision time, considering the combination of multiple statistical expressions, the decision time of each expression may be inconsistent, we will take out the last unexpired decision result in the cache and return. If it is to determine the time, then calculate the same ring ratio, construct an opentsdb query statement to call API to query the current value and base value, calculate the same / ring ratio (rate), and compare it with the threshold to get the decision result, the result will be cached to redis, where the condition decision will also be set to be valid, because if the expressions in condition do not reach the decision time, this decision is actually invalid.

If there are both statistical expressions and streaming expressions (that is, mixed early warning) in condition, the statistical expressions will perform normal decision operations, but the flow expressions triggered by scheduled tasks will directly return false, so the result of condition decision is also false.

The final decision of mixed early warning is generated when the flow condition triggers the early warning strategy, and the determination of the flow expression in condition will be carried out normally. The decision process of the statistical expression is as follows

If the trigger time of the flow condition is within the decision time of the expression (error of one minute), the unexpired judgment result calculated by the scheduled task trigger policy will be obtained directly from the cache, and the result of the mixed early warning can be obtained together with the result of the flow expression.

After the decision result is returned, the alarm information will be generated according to the early warning expression information and the decision result. As shown in the picture

The above is the complete realization process of the same-ring early warning.

Fourth, the application of the same ring ratio early warning.

The real-time early warning pays attention to the instantaneous state of the system, while the same-ring early warning reflects the changing trend of the index and the fluctuation state compared with the same period in the past. For example, the system service traffic anomaly detection, because the system volume may have a certain regularity according to time, such as a large number of visits from Monday to Friday and a small number of visits on weekends. If you use streaming early warning, you can only define an early warning threshold, and you cannot set different early warning thresholds according to different times. At this time, you can configure weekly year-on-week early warning for system access indicators during business peak hours. You can give a timely and effective alarm to abnormal business visits.

Sometimes a single early warning of the same ring ratio is not enough. for example, in the case just now, if we are not only concerned about the relative fluctuation of the number of visitors, but also need to alarm when the average response time is greater than a certain threshold, it is necessary to combine early warning with flow early warning.

The same-ring early warning enriches the early warning system, and the combination of early warning and flow early warning is more conducive to the timely and accurate detection of system anomalies and business anomalies.

Download the source code of UAVStack (https://github.com/uavorg)

Source: Yixin Institute of Technology

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.