悟冥
2019-06-29
6784浏览量
集群中有N台机器,每台机器中有M个时序指标(CPU、内存、IO、流量等),若单独的针对每条时序曲线做建模,要手写太多重复的SQL,且对平台的计算消耗特别大。该如何更好的应用SQL实现上述的场景需求?
针对系统中的N条时序曲线进行异常检测后,如何快速知道:这其中有哪些时序曲线是有异常的呢?
针对场景一中描述的问题,我们给出如下的数据约束。其中数据在日志服务的LogStore中按照如下结构存储:
timestamp : unix_time_stamp
machine: name1
metricName: cpu0
metricValue: 50
---
timestamp : unix_time_stamp
machine: name1
metricName: cpu1
metricValue: 50
---
timestamp : unix_time_stamp
machine: name1
metricName: mem
metricValue: 50
---
timestamp : unix_time_stamp
machine: name2
metricName: mem
metricValue: 60在上述的LogStore中我们先获取N个指标的时序信息:
* | select timestamp - timestamp % 60 as time, machine, metricName, avg(metricValue) from log group by time, machine, metricName现在我们针对上述结果做批量的时序异常检测算法,并得到N个指标的检测结果:
* |
select machine, metricName, ts_predicate_arma(time, value, 5, 1, 1) as res from (
select
timestamp - timestamp % 60 as time,
machine, metricName,
avg(metricValue) as value
from log group by time, machine, metricName )
group by machine, metricName通过上述SQL,我们得到的结果的结构如下
| machine | metricName | [[time, src, pred, upper, lower, prob]] |
| ------- | ---------- | --------------------------------------- |针对上述结果,我们利用矩阵转置操作,将结果转换成如下格式,具体的SQL如下:
* |
select
machine, metricName,
res[1] as ts, res[2] as ds, res[3] as preds, res[4] as uppers, res[5] as lowers, res[6] as probs
from ( select machine, metricName, array_transpose(ts_predicate_arma(time, value, 5, 1, 1)) as res from (
select
timestamp - timestamp % 60 as time,
machine, metricName,
avg(metricValue) as value
from log group by time, machine, metricName )
group by machine, metricName )经过对二维数组的转换后,我们将每行的内容拆分出来,得到符合预期的结果,具体格式如下:
| machine | metricName | ts | ds | preds | uppers | lowers | probs |
| ------- | ---------- | -- | -- | ----- | ------ | ------ | ----- |针对批量检测的结果,我们该如何快速的将存在特定异常的结果过滤筛选出来呢?日志服务平台提供了针对异常检测结果的过滤操作。
select ts_anomaly_filter(lineName, ts, ds, preds, probs, nWatch, anomalyType)其中,针对anomalyType有如下说明:
其中,针对nWatch有如下说明:
具体使用如下所示:
* |
select
ts_anomaly_filter(lineName, ts, ds, preds, probs, cast(5 as bigint), cast(1 as bigint))
from
( select
concat(machine, '-', metricName) as lineName,
res[1] as ts, res[2] as ds, res[3] as preds, res[4] as uppers, res[5] as lowers, res[6] as probs
from ( select machine, metricName, array_transpose(ts_predicate_arma(time, value, 5, 1, 1)) as res from (
select
timestamp - timestamp % 60 as time,
machine, metricName,
avg(metricValue) as value
from log group by time, machine, metricName )
group by machine, metricName ) )通过上述结果,我们拿到的是一个Row类型的数据,我们可以使用如下方式,将具体的结构提炼出来:
* |
select
res.name, res.ts, res.ds, res.preds, res.probs
from
( select
ts_anomaly_filter(lineName, ts, ds, preds, probs, cast(5 as bigint), cast(1 as bigint)) as res
from
( select
concat(machine, '-', metricName) as lineName,
res[1] as ts, res[2] as ds, res[3] as preds, res[4] as uppers, res[5] as lowers, res[6] as probs
from (
select
machine, metricName, array_transpose(ts_predicate_arma(time, value, 5, 1, 1)) as res
from (
select
timestamp - timestamp % 60 as time,
machine, metricName, avg(metricValue) as value
from log group by time, machine, metricName )
group by machine, metricName ) ) )通过上述操作,就可以实现对批量异常检测的结果进行过滤处理操作,帮助用户更好的批量设置告警。
这里是日志服务的各种功能的演示 日志服务整体介绍,各种Demo
更多日志进阶内容可以参考:日志服务学习路径。
纠错或者帮助文档以及最佳实践贡献,请联系:悟冥
问题咨询请加钉钉群:
版权声明:本文中所有内容均属于阿里云开发者社区所有,任何媒体、网站或个人未经阿里云开发者社区协议授权不得转载、链接、转贴或以其他方式复制发布/发表。申请授权请邮件developerteam@list.alibaba-inc.com,已获得阿里云开发者社区协议授权的媒体、网站,在转载使用时必须注明"稿件来源:阿里云开发者社区,原文作者姓名",违者本社区将依法追究责任。 如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件至:developer2020@service.aliyun.com 进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容。
阿里云存储基于飞天盘古2.0分布式存储系统,产品多种多样,充分满足用户数据存储和迁移上云需求。
