A multi-source big data-based large model intelligent analysis method

By employing time-series sorting and precise field matching techniques in large-scale intelligent analysis to filter out abnormal records, a business anomaly starting point fragment is formed. The dependency path is then expanded using the starting point service object as a node, and a dual-pointer convergence process is executed to generate a root point service object sequence. This solves the problems of unclear starting point identification and unbalanced path expansion in the analysis process of existing technologies, and achieves efficient and accurate fault diagnosis and root cause localization for multi-source big data.

CN122242773APending Publication Date: 2026-06-19JIANGSU DINGFENG CLOUD COMPUTING CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
JIANGSU DINGFENG CLOUD COMPUTING CO LTD
Filing Date
2026-05-19
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing large-scale intelligent analysis methods struggle to progressively process dependent path segments, neighboring change segments, and object convergence relationships before and after an anomaly occurs when dealing with business anomaly localization tasks. This results in unclear identification of the starting object, unbalanced path expansion range, and loose correspondence between changed and abnormal objects during the analysis process, making it easy for the analysis results to deviate from the actual propagation chain.

Method used

By reading monitoring indicator records from the time-series database, abnormal records are filtered using time-series sorting and precise field matching techniques to form the starting point segment of business anomalies; dependent path segments are selected with the starting service object identifier as the starting node, and object matching and time difference sorting are performed to form the nearest neighbor change segment; dual-pointer convergence processing is performed to obtain convergence service objects, and the closure validity identification of the reverse convergence suspicious point kernel is performed to generate the root point service object sequence and single root closed disposal chain. Valid analysis results are obtained through constraint reasoning and closure consistency verification.

Benefits of technology

It enables unified processing of multi-source big data, clarifies the relationship between anomaly starting points, dependency paths, and neighboring changes, narrows the scope of investigation, reduces the number of link re-examinations, and ensures the accuracy and consistency of analysis results, which can directly support root cause localization and impact chain judgment.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122242773A_ABST
    Figure CN122242773A_ABST
Patent Text Reader

Abstract

This invention discloses a large-scale intelligent analysis method based on multi-source big data, belonging to the field of large-scale intelligent inference technology. The method reads monitoring indicator records from a time-series database, sorts abnormal records by occurrence time and service object identifier, determines the starting record, and merges the object identifier and abnormal record to form a business anomaly starting point segment. Then, it expands the dependency path using the starting service object identifier as the starting node, and sorts by change time difference to form nearest neighbor change segments. It determines the convergence service object and performs convergence establishment and closure validity identification on candidate convergence objects, generating a root point service object sequence and a single closed-loop handling chain. It performs field mapping on the single closed-loop handling chain to generate structured analysis input segments, and obtains the analysis results through constraint reasoning and closure consistency verification. This method can be used for root cause localization, propagation path identification, and handling chain generation of business anomalies under multi-source monitoring data conditions.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of large-scale intelligent reasoning technology, specifically a large-scale intelligent analysis method based on multi-source big data. Background Technology

[0002] With the widespread adoption of cloud-native architecture, microservice architecture, container orchestration, and distributed call chains in business systems, the number of objects, interaction levels, and event types during business operations continue to expand. This results in the simultaneous generation of multi-source big data, including metric data, log data, change data, dependency data, and alarm data. Meanwhile, large-scale models possess strong data understanding capabilities in semantic induction, relation extraction, constraint reasoning, and complex link identification, and are increasingly being introduced into scenarios such as operation and maintenance analysis, business diagnosis, and fault assessment. Based on this, combining large-scale models with multi-source big data to form intelligent analysis methods for complex business scenarios has become a research direction for anomaly identification, link localization, and root cause tracing. Its core lies in the unified reading, correlation, and structured input of multiple types of heterogeneous data, enabling large-scale models to conduct analysis around business objects, dependency paths, time sequences, and change relationships.

[0003] Existing large-scale intelligent analysis methods, when facing business anomaly localization tasks, typically focus on independently identifying log text, metric fluctuations, or alarm content. They are not well-suited for progressive processing based on dependency path segments, nearest neighbor change segments, and object convergence relationships before and after the anomaly. This leads to issues such as unclear identification of the starting object, unbalanced path expansion scope, loose correspondence between changed and abnormal objects, and insufficient closure verification during the analysis process. Especially in scenarios involving multi-source data analysis, if reasoning is organized solely based on a single anomaly record or partial text content, the large-scale model output often lacks structural constraints oriented towards business object sequences. The analysis results are prone to deviation from the actual propagation chain, and it is difficult to stably determine the closure relationship between candidate root cause objects and target objects. Summary of the Invention

[0004] To address the shortcomings of existing technologies, this invention provides a large-scale intelligent analysis method based on multi-source big data, which solves the problems mentioned in the background technology.

[0005] To achieve the above objectives, the present invention provides the following technical solution: a large-scale intelligent analysis method based on multi-source big data, comprising: Read the monitoring indicator records in the time series database, use time series sorting technology to determine the starting record, use field exact matching technology to filter service object identifiers and abnormal records and perform merging to form the business abnormality starting point fragment; Read the starting service object identifier in the business exception starting point segment, and select the current dependent path segment with the starting service object identifier as the starting node. Then, perform object matching and time difference sorting on the service objects of the current dependent path segment to form the nearest change segment. Locate the abnormal starting point segment and the neighboring change segment corresponding to the abnormal starting point number and the neighboring change number, perform dual-pointer convergence processing to obtain the convergence service object, and perform convergence establishment identification on the candidate convergence object to obtain the reverse convergence suspicious point kernel; The closure validity identification is performed on the reverse convergence doubt kernel. When the identification is successful, the root point service object sequence is formed and a single closed disposal chain is generated. The structured analysis input fragment is formed through field mapping, and the valid analysis result is obtained through constraint reasoning and closure consistency verification.

[0006] Preferably, the monitoring indicator records of the target business object are read by calling the indicator query interface of the time series database through the fault impact chain analysis node deployed in the cloud service management platform. The fault impact chain analysis node has a built-in large model inference engine, and the monitoring indicator records include anomaly records, change records and dependency relationship records. The time-series sorting technology is used to sort the abnormal records in ascending order according to the time of occurrence. When there are more than two abnormal records with the same time of occurrence, they are sorted in ascending order according to the service object identifier, and the first abnormal record after sorting is selected as the starting record. The sorted abnormal records are filtered using field exact matching technology. The continuous abnormal records with the same service object identifier and the same abnormal type as the starting record are then merged to generate the business abnormal starting point fragment.

[0007] Preferably, the service object identifier in the business exception starting point segment is read and recorded as the starting service object identifier. The field exact matching technology is used to extract the dependency relationship record with the same starting service object identifier from the dependency relationship record. The starting service object identifier is used as the starting node, and the extracted dependency relationship record is expanded using graph path traversal technology to generate at least one service object sequence containing the starting service object identifier. When generating multiple service object sequences, select the service object sequence with the largest number of service objects. When the number of service objects is the same, select the last service object identifier and arrange the service object sequence that is first in ascending order; Record the selected service object sequence as the current dependency path segment; Read the service objects of the current dependent path segment, use the field exact matching technology to filter the change records in the change records where the service object identifier appears in the service objects, and use the difference comparison technology to compare the time difference between the change time of each filtered change record and the start time of the business exception starting segment, and sort them in ascending order according to the time difference. When there are multiple change records with the same time difference, select the change record whose change time is earlier than the start time of the business exception segment. If there are still multiple change records, sort them in ascending order according to the sequence number of the corresponding service object in the current dependency path segment, and select the first change record after sorting as the nearest change segment.

[0008] Preferably, the service objects in the current dependent path segment and the sequence number of each service object are read, and the service object identifier in the business exception starting point segment is read. The field exact matching technology is used to find the service object in the service object sequence that is the same as the service object identifier in the business exception starting point segment, and the sequence number of the found service object is recorded as the exception starting point number. Read the service object identifier in the nearest neighbor change fragment, and use the field exact matching technology to find the service object in the service object sequence that has the same service object identifier as the service object in the nearest neighbor change fragment. Record the sequence number corresponding to the found service object as the nearest neighbor change number.

[0009] Preferably, a two-pointer convergence process is performed based on the anomaly origin number and the nearest neighbor change number. The two-pointer convergence process includes: The position corresponding to the abnormal start point number is used as the initial position of the first scan pointer; The position corresponding to the nearest neighbor change number is used as the initial position of the second scan pointer; A two-pointer scanning technique is used to perform a counter-clockwise scan in the sequence of service objects in the current dependent path segment. When the abnormal starting point number is less than the nearest neighbor change number, the first scanning pointer moves in the direction of increasing sequence number, and the second scanning pointer moves in the direction of decreasing sequence number; when the abnormal starting point number is greater than the nearest neighbor change number, the first scanning pointer moves in the direction of decreasing sequence number, and the second scanning pointer moves in the direction of increasing sequence number. The scan will stop if any of the following occurs during the scan: Scenario 1: The first scan pointer and the second scan pointer point to the same sequence number, and the service object corresponding to the current sequence number is recorded as the convergence service object; Scenario 2: The first scan pointer and the second scan pointer point to adjacent sequence numbers, but not to the same sequence number. The service object currently pointed to by the second scan pointer is recorded as the convergence service object.

[0010] Preferably, in the sequence of service objects of the current dependent path segment, the sequence number corresponding to the convergence service object is read and recorded as the convergence service object number; When the sequence number of the converged service object is not equal to the first sequence number and not equal to the last sequence number of the service object sequence, read the preceding and following service objects of the converged service object in the service object sequence respectively. Record the service object identifier of the previous service object as the identifier of the preceding service object; The service object identifier of the next service object is recorded as the identifier of the subsequent service object; The candidate convergence object is generated by combining the convergence service object identifier, convergence service object sequence number, convergence preceding service object identifier, convergence following service object identifier, service object identifier in the business anomaly starting segment, and service object identifier in the nearest neighbor change segment. The convergence establishment identification is performed on the candidate convergence object, including: when the convergence service object sequence number is located between the anomaly starting sequence number and the nearest neighbor change sequence number, the convergence preceding service object identifier and the convergence following service object identifier are adjacent to the convergence service object identifier in the service object sequence of the current dependent path segment, and the convergence service object identifier appears only once in the service object sequence of the current dependent path segment, the candidate convergence object is identified as the reverse convergence suspicious point core.

[0011] Preferably, the service object identifier in the business anomaly starting segment is read, and in the service object sequence of the current dependency path segment, a field exact matching technique is used to find the service object with the same identifier as the service object in the business anomaly starting segment. The sequence number corresponding to the found service object is recorded as the anomaly starting number. Subsequently, the closure validity identification is performed on the reverse convergence suspicious point kernel, including: The convergence service object identifier in the reverse convergence core has a match in the service object sequence of the current dependent path segment; The service object identifier of the abnormal starting point in the reverse convergence of the suspicious points is the same as the service object identifier in the business abnormal starting point segment; The convergence service object sequence number and the anomaly origin sequence number in the reverse convergence suspicious point kernel satisfy any of the following conditions: The sequence number of the service object is less than or equal to the sequence number of the abnormal starting point. The convergence service object number is greater than the anomaly starting point number, and there are no duplicate service object identifiers other than the convergence service object in the reverse convergence suspicious point core within the interval from the anomaly starting point number to the convergence service object number; When the closure validity identification results are both true, the root point service object analysis is triggered; otherwise, the reverse convergence doubt point kernel is regenerated through iterative analysis.

[0012] Preferably, the root point service object analysis is used to read the convergence service object sequence number and the abnormal starting point sequence number in the reverse convergence suspicious point kernel. In the service object sequence of the current dependent path segment, the continuous service objects whose sequence number is located between the convergence service object sequence number and the abnormal starting point sequence number are extracted, and the extracted and sorted continuous service object sequence is recorded as the root point service object sequence. Read each service object in the root service object sequence, assign execution sequence numbers to each service object in turn according to the order of arrangement in the root service object sequence, and form an execution sequence number sequence according to the order of arrangement. The execution sequence number is consecutively numbered starting from the first service object in the root service object sequence; For each pair of adjacent service objects in the root service object sequence, read the connection relationship identifier corresponding to the pair of adjacent service objects in the current dependent path segment, and form a verification bit sequence by sequentially arranging the connection relationship identifiers according to the arrangement order in the root service object sequence; Each item in the verification bit sequence corresponds to a pair of adjacent service objects in the root point service object sequence; The root service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment are combined and denoted as a single root closed processing chain.

[0013] Preferably, structured field encoding technology is used to map the root service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment of a single closed processing chain. The service object identifiers in the root service object sequence are bound sequentially according to the execution sequence number sequence. The verification bit sequence is embedded into the sequential binding result according to the correspondence between adjacent service objects and combined with the target service object identifier to generate a structured analysis input segment.

[0014] Preferably, constrained reasoning is performed on the structured analysis input fragments to obtain intermediate analysis results, including: Based on the root point service object sequence and execution sequence number, identify the first service object in the root point service object sequence and determine it as the candidate root cause object identifier; Based on the root point service object sequence and execution sequence number, identify the continuous object arrangement from the first service object to the last service object and determine it as the propagation service object sequence; Extract the execution sequence number sequence corresponding to the propagation service object sequence from the structured analysis input fragment and determine it as the propagation order sequence; Based on the positional binding relationship between the verification bit sequence and the adjacent objects in the root point object sequence, the verification correspondence relationship in the candidate propagation object sequence is identified, and a verification correspondence sequence is generated. Read the business object identifier in a single closed processing chain and record the current business object identifier as the target object identifier; Based on the results of the constraint reasoning and the single closed disposition chain, a constraint closure consistency check is performed, including: The root cause service recipient identifier is the same as the convergence service recipient identifier in a single root closed treatment chain; The target object identifier is the same as the target service object identifier in a single closed-loop processing chain; The sequence of service objects in the propagation process is the same in number as the sequence of root service objects in a single closed disposal chain. The propagation sequence is the same as the execution sequence number in a single closed disposal chain in terms of the number of sequence items. The verification sequence is identical in the number of sequence items to the verification bit sequence in a single closed disposal chain. When all constraint closure consistency checks are passed, it indicates that the constraint reasoning is valid, and the intermediate analysis results are determined to be valid analysis results. If any item in the constraint closure consistency check fails, the constraint reasoning is deemed invalid, the current intermediate analysis result is discarded, the single closed disposal chain is retained, and the iterative analysis is performed again.

[0015] This invention provides a large-scale intelligent analysis method based on multi-source big data. It has the following beneficial effects: (1) This method reads monitoring indicator records from a time-series database and processes abnormal records, change records, and dependency records uniformly within the fault impact chain analysis node. Specifically, abnormal records are first sorted by occurrence time and service object identifier to determine the starting record. Then, consecutive abnormal records with the same service object identifier and abnormal type as the starting record are filtered and merged using precise field matching to obtain the business abnormality starting point segment. This process organizes the originally scattered abnormal records into starting point units that can be directly entered into the link analysis, fixing the target business object, abnormal type, and starting time under the same entry point. Unlike existing technologies that require viewing each alarm individually and then manually determining which alarm is suitable as the starting point, this method advances the selection rules for the abnormal starting point to the time-series sorting and field matching stage, reducing link deviations caused by starting point drift, repeated judgments, and repeated comparisons of similar abnormalities.

[0016] (2) After the business anomaly starting point segment is determined, a large-scale intelligent analysis method based on multi-source big data continues to read the starting point service object identifier, extract the corresponding record in the dependency relationship record, and expand the path with the starting point service object identifier as the starting node to select the current dependency path segment; then, filter the change record in the service object set corresponding to the current dependency path segment, sort it according to the difference between the change time and the starting time of the business anomaly starting point segment to obtain the nearest change segment; then locate the anomaly starting point sequence number and the nearest change sequence number, perform a two-pointer opposite scan to obtain the convergence service object, and combine the convergence preceding service object identifier, convergence following service object identifier, sequence number interval relationship, and unique occurrence condition to identify the reverse convergence suspicious point core; then, perform closure validity identification on the reverse convergence suspicious point core to determine whether the convergence service object and the anomaly starting point meet the closure condition. This approach places data from three different sources—anomalies, dependencies, and changes—into the same service object sequence for comparison. This transforms troubleshooting from a loose comparison method of "finding anomalies and then looking for changes" to a progressive process of "first determining the path, then determining the nearest neighbors, then determining the convergence, and finally verifying closure." Compared to the current method of relying on manual reading of topology, manual review of change orders, and manual judgment of propagation direction, this method limits the root cause suspicion to the convergence range with sequence and adjacency relationships, making it easier to narrow down the investigation scope and reduce the number of link re-examinations.

[0017] (3) When the closure condition is met, this method uses a large-scale intelligent analysis method based on multi-source big data to further extract the continuous service objects between the convergence service object sequence number and the anomaly starting point sequence number, generating a root point service object sequence; then, it assigns execution sequence numbers according to the arrangement order, reads the connection relationship identifiers between adjacent service objects, forms a verification bit sequence, and combines it with the service object identifier in the business anomaly starting point segment to form a single closed handling chain; then, through structured field encoding technology, it maps the root point service object sequence, execution sequence number sequence, verification bit sequence, and target service object identifier into structured analysis input segments, and then submits them to constraint reasoning and closure consistency verification processing to obtain the final analysis conclusion. In this way, the scheme completes tasks such as anomaly starting point merging, dependency path filtering, nearest neighbor change locking, convergence object identification, closure condition verification, root point service object extraction, propagation chain sequence binding, and analysis result verification, with the aim of transforming multi-source monitoring data into structured conclusions that can directly support root cause localization and influence chain judgment. Unlike existing technologies where logs, alarms, changes, and dependency information are scattered and rely heavily on manual connection, this method ensures that the order of objects, connection relationships, target object mapping, and verification conditions in the chain all fall within the same closed chain, facilitating subsequent work around fault attribution, propagation process identification, and handling chain organization. Attached Figure Description

[0018] Figure 1This is a schematic diagram illustrating the steps of a large-scale intelligent analysis method based on multi-source big data according to the present invention. Figure 2 This is a flowchart illustrating the judgment logic of a large-scale intelligent analysis method based on multi-source big data according to the present invention. Detailed Implementation

[0019] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0020] Example 1 Please see Figure 1 This invention provides a large-scale intelligent analysis method based on multi-source big data. To achieve the above objectives, this invention utilizes the following technical solutions: including: Read the monitoring indicator records in the time series database, use time series sorting technology to determine the starting record, use field exact matching technology to filter service object identifiers and abnormal records and perform merging to form the business abnormality starting point fragment; Read the starting service object identifier in the business exception starting point segment, and select the current dependent path segment with the starting service object identifier as the starting node. Then, perform object matching and time difference sorting on the service objects of the current dependent path segment to form the nearest change segment. Locate the abnormal starting point segment and the neighboring change segment corresponding to the abnormal starting point number and the neighboring change number, perform dual-pointer convergence processing to obtain the convergence service object, and perform convergence establishment identification on the candidate convergence object to obtain the reverse convergence suspicious point kernel; The closure validity identification is performed on the reverse convergence doubt kernel. When the identification is successful, the root point service object sequence is formed and a single closed disposal chain is generated. The structured analysis input fragment is formed through field mapping, and the valid analysis result is obtained through constraint reasoning and closure consistency verification.

[0021] In this embodiment, it is assumed that an online transaction system experiences order placement failures around 10:00 AM. The time-series database simultaneously stores anomaly records, change records, and dependency relationship records. The first step is to read the monitoring indicator records and use time-series sorting technology to determine the starting record. Then, field exact matching technology is used to filter service object identifiers and anomaly records and merge them to form a business anomaly starting point segment. If the "Order Service" experiences the same type of anomaly consecutively at 10:00:03, 10:00:04, and 10:00:05, and these three records have the same service object identifier and the same anomaly type, then these three records are no longer considered three isolated failures, but are merged into a single business anomaly starting point segment. The starting service object identifier is recorded as "Order Service," and the starting time is recorded as 10:00:03. The second step is to read the starting service object identifier from the business anomaly starting point segment, and select the current dependency path segment using the starting service object identifier as the starting node. Then, object matching and time difference sorting are performed on the service objects of the current dependency path segment to form a nearest neighbor change segment. For example, if the dependency record shows "Order Service → Payment Gateway → Configuration Center", and the change record shows "Configuration Center was published at 09:59:58" and "Payment Gateway underwent parameter adjustment at 09:58:10", then the change record is matched one by one for the service objects in the current dependency path segment, and the time difference between each change time and 10:00:03 is compared. The change closest to the anomaly starting point is recorded as the nearest change segment. After this processing, the three types of information, which were originally scattered in different tables, are pulled into the same analysis thread, and the task boundaries are clear: first determine the anomaly starting point, then determine the dependency path, and then determine the change object closest to the starting point. The third step is to locate the anomaly starting point sequence number and the nearest change sequence number corresponding to the business anomaly starting point segment and the nearest change segment, and perform two-pointer convergence processing to obtain the convergence service object. Then, convergence establishment identification is performed on the candidate convergence object to obtain the reverse convergence suspicious point core. Continuing with the example above, if the current dependency path segment is written in the order of Configuration Center, Payment Gateway, and Order Service, then Order Service corresponds to the anomaly starting point sequence number, and Configuration Center corresponds to the nearest neighbor change sequence number. The two pointers will scan from these two positions inwards. When they scan the same position or adjacent positions, the corresponding service object is taken as the convergence service object. If the scan lands on Payment Gateway, it will further check whether its adjacent objects before and after it are Configuration Center and Order Service respectively, and check whether Payment Gateway appears only once in the current dependency path segment. Only when all these conditions are met is it recorded as a reverse convergence suspicious point core. The fourth step is to perform closure validity identification on the reverse convergence suspicious point core. When the identification is successful, a root point service object sequence is formed and a single closed processing chain is generated. This is then mapped through fields to form a structured analysis input segment, and the analysis results are obtained through constraint reasoning and closure consistency verification.Using this chain as an example, if the closure check passes, a continuous sequence of objects is extracted from the converging service object to the service object at the starting point of the anomaly, resulting in a root point service object sequence, such as "payment gateway, order service". Then, execution sequence numbers are written to these two objects sequentially, and the connection relationship identifiers between adjacent objects are written as a verification bit sequence. This sequence is then combined with the service object identifiers in the business anomaly starting point segment to form a single closed handling chain. Next, field mapping organizes "who the object is, how the order is arranged, what the adjacent relationships are, and who the target business object is" into a structured analysis input fragment. Constraint reasoning checks whether the first object can be a candidate root cause object, whether the propagation service object sequence corresponds to the execution order, and whether the verification bit sequence corresponds one-to-one with adjacent objects. Only when all these checks are satisfied will the current result be retained. Looking at the four steps together, this method undertakes several continuous tasks: First, it merges consecutive anomalies into business anomaly starting point segments; second, it selects the current dependency path segment around the starting point service object identifier and locks the nearest change segment; third, it uses the anomaly starting point sequence number and the nearest change sequence number to find the convergence service object and reverse convergence suspicious core; fourth, it organizes the converged links into root point service object sequences, single closed handling chains, and structured analysis input segments, and uses constraint reasoning and closure consistency verification to screen out credible analysis results. The goal is to place the anomaly starting point, propagation path, nearby changes, candidate root points, and target objects in multi-source monitoring data into the same set of closure rules for judgment. Compared to current common practices, such as manually checking alarm lists, manually comparing dependency topologies, manually verifying release times, and manually inferring root cause locations, this method breaks down the investigation process into sequentially executable segments. Each step processes which type of record, identifies which type of object, and verifies link closure relationships, with fixed entry points and fixed judgment conditions. In this way, the fault chain is no longer just about "guessing the cause after seeing an alarm", but can be unfolded segment by segment around the business anomaly starting point segment, the neighboring change segment, the reverse convergence of suspicious cores and the single closed handling chain, and finally the correspondence between the root cause object, the propagation object sequence and the target business object is displayed.

[0022] Example 2 Please refer to Figure 2 Specifically: The fault impact chain analysis node deployed in the cloud service management platform calls the indicator query interface of the time series database to read the monitoring indicator records of the target business object. The fault impact chain analysis node has a built-in large model inference engine, and the monitoring indicator records include anomaly records, change records and dependency relationship records. The time-series sorting technology is used to sort the abnormal records in ascending order according to the time of occurrence. When there are more than two abnormal records with the same time of occurrence, they are sorted in ascending order according to the service object identifier, and the first abnormal record after sorting is selected as the starting record. The sorted abnormal records are filtered using field exact matching technology. The continuous abnormal records with the same service object identifier and the same abnormal type as the starting record are then merged to generate the business abnormal starting point fragment.

[0023] In this embodiment, a fault impact chain analysis node is deployed within the cloud service management platform. This node calls the indicator query interface of the time-series database to read the monitoring indicator records corresponding to the target business object. The fault impact chain analysis node has a built-in large model inference engine, and the read monitoring indicator records include at least anomaly records, change records, and dependency relationship records. Subsequently, the anomaly records are sorted in ascending order by occurrence time. When there are more than two anomaly records with the same occurrence time, they are further sorted in ascending order by service object identifier, and the first anomaly record after sorting is selected as the starting record. After the starting record is determined, precise field matching technology is used to filter the sorted anomaly records, selecting consecutive anomaly records with the same service object identifier and anomaly type as the starting record. These consecutive anomaly records are then merged to generate a business anomaly starting point segment. The task of this part is to first determine a unified analysis entry point from multi-source monitoring data, and then merge anomaly records within the same service object, the same anomaly type, and the same continuous segment into a business anomaly starting point segment, so that subsequent link analysis is based on a clear starting object, starting anomaly type, and starting time. Its purpose is to organize the originally scattered, continuous and numerous abnormal information into a single and identifiable starting point for analysis. Compared with the processing method of determining the analysis entry point based on a single alarm or manual review of records, this part makes the selection of abnormal starting points have fixed sorting and filtering criteria, making the boundary relationship between repeated abnormalities, continuous abnormalities and initial abnormalities clearer, which facilitates subsequent dependence path identification, nearest object location and link reasoning judgment around the business abnormal starting point segment.

[0024] Example 3 Please refer to Figure 2 Specifically: Read the service object identifier in the business exception starting point fragment and record it as the starting service object identifier. Use field exact matching technology to extract the dependency relationship record with the same starting service object identifier from the dependency relationship record. Use the starting service object identifier as the starting node and use graph path traversal technology to expand the extracted dependency relationship record to generate at least one service object sequence containing the starting service object identifier. When generating multiple service object sequences, select the service object sequence with the largest number of service objects. When the number of service objects is the same, select the last service object identifier and arrange the service object sequence that is first in ascending order; Record the selected service object sequence as the current dependency path segment; Read the service objects of the current dependent path segment, use the field exact matching technology to filter the change records in the change records where the service object identifier appears in the service objects, and use the difference comparison technology to compare the time difference between the change time of each filtered change record and the start time of the business exception starting segment, and sort them in ascending order according to the time difference. When there are multiple change records with the same time difference, select the change record whose change time is earlier than the start time of the business exception segment. If there are still multiple change records, sort them in ascending order according to the sequence number of the corresponding service object in the current dependency path segment, and select the first change record after sorting as the nearest change segment.

[0025] Read the service objects and their corresponding sequence numbers in the current dependency path segment, and read the service object identifiers in the business exception starting segment. Use field exact matching technology to find the service object in the service object sequence that is the same as the service object identifier in the business exception starting segment, and record the sequence number of the found service object as the exception starting number. Read the service object identifier in the nearest neighbor change fragment, and use the field exact matching technology to find the service object in the service object sequence that has the same service object identifier as the service object in the nearest neighbor change fragment. Record the sequence number corresponding to the found service object as the nearest neighbor change number.

[0026] In this embodiment, the service object identifier in the starting segment of the business anomaly is first read and recorded as the starting service object identifier. Then, using field exact matching technology, dependency records with the same starting service object identifier are extracted from the dependency records. Using the starting service object identifier as the starting node, the extracted dependency records are expanded using graph path traversal technology to generate at least one service object sequence containing the starting service object identifier. When multiple service object sequences are generated, the service object sequence with the most service objects is selected. When the number of service objects is the same, the service object sequence with the last service object identifier arranged in ascending order is selected and recorded as the current dependency path segment. Subsequently, the service objects of the current dependency path segment are read, and field exact matching technology is used to filter change records in the change records in which the service object identifier appears in the service objects. The difference comparison technology is used to compare the change time of each filtered change record with the start time of the business anomaly starting segment. The time difference is calculated and sorted in ascending order. When multiple change records with the same time difference exist, the change record whose change time is earlier than the start time of the business anomaly starting segment is selected. If multiple change records still exist, they are sorted in ascending order according to the sequence number of the corresponding service object in the current dependency path segment, and the first change record after sorting is selected as the nearest neighbor change segment. On this basis, the service objects in the current dependency path segment and the sequence number of each service object are read, and the service object identifier in the business anomaly starting segment is read. The field exact matching technology is used to find the service object in the service object sequence that has the same service object identifier as the service object in the business anomaly starting segment. The sequence number of the found service object is recorded as the anomaly starting number. At the same time, the service object identifier in the nearest neighbor change segment is read, and the service object in the service object sequence that has the same service object identifier as the service object in the nearest neighbor change segment is searched. The sequence number of the found service object is recorded as the nearest neighbor change number. Based on the above implementation method, the processing objectives of dependency path selection, nearest neighbor change location, and anomaly starting point sequence number and nearest neighbor change sequence number identification are achieved, so that a unified sequence correspondence is formed between the business anomaly starting point segment and the dependency relationship record and change record. Compared with the technical means of simply looking at the dependency link and comparing the change time based on manual experience, this processing path has filtering conditions, sorting rules and value rules, so that the dependency path selection, nearest neighbor change segment determination and subsequent sequence number location have a unified basis, which makes it easier to gather the anomaly object and the change object into the same service object sequence for subsequent analysis.

[0027] Example 4 Please refer to Figure 2 Specifically: A two-pointer convergence process is performed based on the anomaly origin number and the nearest neighbor change number. The two-pointer convergence process includes: The position corresponding to the abnormal start point number is used as the initial position of the first scan pointer; The position corresponding to the nearest neighbor change number is used as the initial position of the second scan pointer; A two-pointer scanning technique is used to perform a counter-clockwise scan in the sequence of service objects in the current dependent path segment. When the abnormal starting point number is less than the nearest neighbor change number, the first scanning pointer moves in the direction of increasing sequence number, and the second scanning pointer moves in the direction of decreasing sequence number; when the abnormal starting point number is greater than the nearest neighbor change number, the first scanning pointer moves in the direction of decreasing sequence number, and the second scanning pointer moves in the direction of increasing sequence number. The scan will stop if any of the following occurs during the scan: Scenario 1: The first scan pointer and the second scan pointer point to the same sequence number, and the service object corresponding to the current sequence number is recorded as the convergence service object; Scenario 2: The first scan pointer and the second scan pointer point to adjacent sequence numbers, but not to the same sequence number. The service object currently pointed to by the second scan pointer is recorded as the convergence service object.

[0028] In the current sequence of service objects in the dependent path segment, read the sequence number corresponding to the convergence service object and record it as the convergence service object number; When the sequence number of the converged service object is not equal to the first sequence number and not equal to the last sequence number of the service object sequence, read the preceding and following service objects of the converged service object in the service object sequence respectively. Record the service object identifier of the previous service object as the identifier of the preceding service object; The service object identifier of the next service object is recorded as the identifier of the subsequent service object; The candidate convergence object is generated by combining the convergence service object identifier, convergence service object sequence number, convergence preceding service object identifier, convergence following service object identifier, service object identifier in the business anomaly starting segment, and service object identifier in the nearest neighbor change segment. The convergence establishment identification is performed on the candidate convergence object, including: when the convergence service object sequence number is located between the anomaly starting sequence number and the nearest neighbor change sequence number, the convergence preceding service object identifier and the convergence following service object identifier are adjacent to the convergence service object identifier in the service object sequence of the current dependent path segment, and the convergence service object identifier appears only once in the service object sequence of the current dependent path segment, the candidate convergence object is identified as the reverse convergence suspicious point core.

[0029] In this embodiment, the position corresponding to the abnormal starting point sequence number is used as the initial position of the first scanning pointer, and the position corresponding to the nearest neighbor change sequence number is used as the initial position of the second scanning pointer. A counter-scan is performed in the service object sequence of the current dependent path segment. When the abnormal starting point sequence number is less than the nearest neighbor change sequence number, the first scanning pointer moves in the direction of increasing sequence number, and the second scanning pointer moves in the direction of decreasing sequence number. When the abnormal starting point sequence number is greater than the nearest neighbor change sequence number, the first scanning pointer moves in the direction of decreasing sequence number, and the second scanning pointer moves in the direction of increasing sequence number. When both pointers point to the same sequence number, the service object corresponding to that sequence number is recorded as the converged service object. When both pointers point to adjacent sequence numbers but not the same sequence number, the service object currently pointed to by the second scanning pointer is recorded as the converged service object. Subsequently, the sequence number corresponding to the convergence service object is read from the service object sequence of the current dependent path segment and recorded as the convergence service object number. When the convergence service object number is neither the first nor the last sequence number, the preceding and following service objects of the convergence service object are read respectively and recorded as the preceding and following service object identifiers. The convergence service object identifier, convergence service object number, preceding and following service object identifiers, the service object identifier corresponding to the abnormal starting point, and the service object identifier corresponding to the nearest neighbor change are combined to generate candidate convergence objects. Then, convergence establishment recognition is performed on the candidate convergence objects. The convergence service object number is required to be between the abnormal starting point number and the nearest neighbor change number. The preceding and following service object identifiers are adjacent to the convergence service object identifier in the service object sequence of the current dependent path segment, and the convergence service object identifier appears only once in the service object sequence of the current dependent path segment. When these conditions are met simultaneously, the candidate convergence object is identified as the reverse convergence suspicious point core. Based on the above processing, this part undertakes tasks such as determining the convergence position, verifying adjacency relationships, checking unique occurrences, and screening suspicious points. Its purpose is to consolidate the originally scattered link relationships between abnormal starting points and nearest-neighbor changes into a clearly defined convergence service object, and to include this convergence service object in verifiable sequence and adjacency relationships. Compared to current practices that rely solely on temporal proximity, single-point object matching, or manual inspection of dependency chain positions, the above method places the results of dual-pointer scanning, the convergence position, preceding and following adjacent objects, and unique occurrence conditions into a single determination process.

[0030] Example 5 Please refer to Figure 2Specifically: The service object identifier in the business anomaly starting point segment is read, and in the service object sequence of the current dependency path segment, a field-specific matching technique is used to find service objects with the same identifier as those in the business anomaly starting point segment. The sequence number corresponding to the found service object is recorded as the anomaly starting point number. Subsequently, the closure validity is checked on the reverse convergence suspicious point core, including: The convergence service object identifier in the reverse convergence core has a match in the service object sequence of the current dependent path segment; The service object identifier of the abnormal starting point in the reverse convergence of the suspicious points is the same as the service object identifier in the business abnormal starting point segment; The convergence service object sequence number and the anomaly origin sequence number in the reverse convergence suspicious point kernel satisfy any of the following conditions: The sequence number of the service object is less than or equal to the sequence number of the abnormal starting point. The convergence service object number is greater than the anomaly starting point number, and there are no duplicate service object identifiers other than the convergence service object in the reverse convergence suspicious point core within the interval from the anomaly starting point number to the convergence service object number; When the closure validity identification results are both true, the root point service object analysis is triggered; otherwise, the reverse convergence doubt point kernel is regenerated through iterative analysis.

[0031] The root point service object analysis is used to read the convergence service object sequence number and the abnormal start point sequence number in the reverse convergence suspicious point kernel. In the service object sequence of the current dependent path segment, the continuous service objects whose sequence number is between the convergence service object sequence number and the abnormal start point sequence number are extracted, and the extracted and sorted continuous service object sequence is recorded as the root point service object sequence. Read each service object in the root service object sequence, assign execution sequence numbers to each service object in turn according to the order of arrangement in the root service object sequence, and form an execution sequence number sequence according to the order of arrangement. The execution sequence number is consecutively numbered starting from the first service object in the root service object sequence; For each pair of adjacent service objects in the root service object sequence, read the connection relationship identifier corresponding to the pair of adjacent service objects in the current dependent path segment, and form a verification bit sequence by sequentially arranging the connection relationship identifiers according to the arrangement order in the root service object sequence; Each item in the verification bit sequence corresponds to a pair of adjacent service objects in the root point service object sequence; The root service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment are combined and denoted as a single root closed processing chain.

[0032] Structured field encoding technology is used to map the service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment of a single closed processing chain. The service object identifiers in the root service object sequence are bound sequentially according to the execution sequence number sequence. The verification bit sequence is embedded into the sequential binding result according to the correspondence between adjacent service objects and combined with the target service object identifier to generate a structured analysis input segment.

[0033] Constrained reasoning is performed on the structured analysis input fragments to obtain intermediate analysis results, including: Based on the root point service object sequence and execution sequence number, identify the first service object in the root point service object sequence and determine it as the candidate root cause object identifier; Based on the root point service object sequence and execution sequence number, identify the continuous object arrangement from the first service object to the last service object and determine it as the propagation service object sequence; Extract the execution sequence number sequence corresponding to the propagation service object sequence from the structured analysis input fragment and determine it as the propagation order sequence; Based on the positional binding relationship between the verification bit sequence and the adjacent objects in the root point object sequence, the verification correspondence relationship in the candidate propagation object sequence is identified, and a verification correspondence sequence is generated. Read the business object identifier in a single closed processing chain and record the current business object identifier as the target object identifier; Based on the results of the constraint reasoning and the single closed disposition chain, a constraint closure consistency check is performed, including: The root cause service recipient identifier is the same as the convergence service recipient identifier in a single root closed treatment chain; The target object identifier is the same as the target service object identifier in a single closed-loop processing chain; The sequence of service objects in the propagation process is the same in number as the sequence of root service objects in a single closed disposal chain. The propagation sequence is the same as the execution sequence number in a single closed disposal chain in terms of the number of sequence items. The verification sequence is identical in the number of sequence items to the verification bit sequence in a single closed disposal chain. When all constraint closure consistency checks are passed, it indicates that the constraint reasoning is valid, and the intermediate analysis results are determined to be valid analysis results. If any item in the constraint closure consistency check fails, the constraint reasoning is deemed invalid, the current intermediate analysis result is discarded, the single closed disposal chain is retained, and the iterative analysis is performed again.

[0034] In this embodiment, the service object identifier in the business anomaly starting point segment is read, and the corresponding service object is searched in the service object sequence of the current dependency path segment to determine the anomaly starting point sequence number. Then, a closure validity identification is performed around the reverse convergence suspicious point core, sequentially checking whether the convergence service object identifier has a matching item in the current dependency path segment, whether the anomaly starting point service object identifier is consistent with the service object identifier in the business anomaly starting point segment, and whether the convergence service object sequence number and the anomaly starting point sequence number meet the predetermined interval conditions. If the identification is successful, root point service object analysis is triggered; if the identification is unsuccessful, the analysis link is retained and a reverse convergence suspicious point core is regenerated. In the root point service object analysis stage, based on the convergence service object sequence number and the anomaly starting point sequence number, consecutive service objects located between the two are extracted in the current dependency path segment to form a root point service object sequence, and execution sequence numbers are assigned according to the arrangement order to form an execution sequence number sequence. Then, the connection relationship identifiers of each adjacent service object are extracted to form a verification bit sequence, and finally, the root point service object is... The service object sequence, execution sequence number sequence, verification sequence, and service object identifier in the business exception starting point segment are combined into a single closed-loop handling chain. Then, structured field encoding technology is used to map the fields of each item in the single closed-loop handling chain. The service object identifiers in the root service object sequence are bound sequentially according to the execution sequence number, and the verification sequence is embedded in the correspondence between adjacent service objects. This is then combined with the target service object identifier to generate a structured analysis input segment. Finally, constraint-based reasoning is performed on the structured analysis input segment to identify candidate root cause object identifiers, propagation service object sequences, propagation order sequences, and verification correspondence sequences. These are then compared with the convergence service object identifier, target service object identifier, root service object sequence, execution sequence number sequence, and verification sequence in the single closed-loop handling chain for closure consistency verification. If the verification is successful, the intermediate analysis result is determined as the analysis result; if the verification fails, the current intermediate analysis result is discarded, and the single closed-loop handling chain is retained for iterative analysis. Based on the above processing, the purpose of this section is to incorporate into the same processing path whether the reverse convergence of doubtful points meets the closure condition, how to extract the root point chain segment, how to express the order of objects within the chain, how to verify the relationship between adjacent objects, and whether the reasoning result is consistent with the closed chain. This ensures that root cause object identification, propagation chain organization, target object correspondence, and result verification have a continuous connection. Compared to the current technical means that rely on manual segment-by-segment verification of the chain, item-by-item comparison of object relationships, and separate judgment of root causes and propagation order, the above content links closure identification, chain segment extraction, field mapping, reasoning judgment, and consistency verification into a unified step, ensuring consistent analysis standards, clearer chain expression, and more centralized basis for result judgment.

[0035] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended technical solutions and their equivalents.

Claims

1. A large-scale intelligent analysis method based on multi-source big data, characterized in that, include: Read the monitoring indicator records in the time series database, use time series sorting technology to determine the starting record, use field exact matching technology to filter service object identifiers and abnormal records and perform merging to form the business abnormality starting point fragment; Read the starting service object identifier in the business exception starting point segment, and select the current dependent path segment with the starting service object identifier as the starting node. Then, perform object matching and time difference sorting on the service objects of the current dependent path segment to form the nearest change segment. Locate the abnormal starting point segment and the neighboring change segment corresponding to the abnormal starting point number and the neighboring change number, perform dual-pointer convergence processing to obtain the convergence service object, and perform convergence establishment identification on the candidate convergence object to obtain the reverse convergence suspicious point kernel; The closure validity identification is performed on the reverse convergence doubt kernel. When the identification is successful, the root point service object sequence is formed and a single closed disposal chain is generated. The structured analysis input fragment is formed through field mapping, and the valid analysis result is obtained through constraint reasoning and closure consistency verification.

2. The intelligent analysis method for large models based on multi-source big data according to claim 1, characterized in that, The fault impact chain analysis node deployed in the cloud service management platform calls the indicator query interface of the time series database to read the monitoring indicator records of the target business object. The fault impact chain analysis node has a built-in large model inference engine, and the monitoring indicator records include anomaly records, change records and dependency relationship records. The time-series sorting technology is used to sort the abnormal records in ascending order according to the time of occurrence. When there are more than two abnormal records with the same time of occurrence, they are sorted in ascending order according to the service object identifier, and the first abnormal record after sorting is selected as the starting record. The sorted abnormal records are filtered using field exact matching technology. The continuous abnormal records with the same service object identifier and the same abnormal type as the starting record are then merged to generate the business abnormal starting point fragment.

3. The intelligent analysis method for large models based on multi-source big data according to claim 2, characterized in that, Read the service object identifier in the business exception starting point fragment and record it as the starting service object identifier. Use the field exact matching technology to extract the dependency relationship record with the same starting service object identifier from the dependency relationship record. Then, using the starting service object identifier as the starting node, use the graph path traversal technology to expand the path of the extracted dependency relationship record to generate at least one service object sequence containing the starting service object identifier. When generating multiple service object sequences, select the service object sequence with the largest number of service objects. When the number of service objects is the same, select the last service object identifier and arrange the service object sequence that is first in ascending order; Record the selected service object sequence as the current dependency path segment; Read the service objects of the current dependent path segment, use the field exact matching technology to filter the change records in the change records where the service object identifier appears in the service objects, and use the difference comparison technology to compare the time difference between the change time of each filtered change record and the start time of the business exception starting segment, and sort them in ascending order according to the time difference. When there are multiple change records with the same time difference, select the change record whose change time is earlier than the start time of the business exception segment. If there are still multiple change records, sort them in ascending order according to the sequence number of the corresponding service object in the current dependency path segment, and select the first change record after sorting as the nearest change segment.

4. The intelligent analysis method for large models based on multi-source big data according to claim 3, characterized in that, Read the service objects and their corresponding sequence numbers in the current dependency path segment, and read the service object identifiers in the business exception starting segment. Use field exact matching technology to find the service object in the service object sequence that is the same as the service object identifier in the business exception starting segment, and record the sequence number of the found service object as the exception starting number. Read the service object identifier in the nearest neighbor change fragment, and use the field exact matching technology to find the service object in the service object sequence that has the same service object identifier as the service object in the nearest neighbor change fragment. Record the sequence number corresponding to the found service object as the nearest neighbor change number.

5. The intelligent analysis method for large models based on multi-source big data according to claim 4, characterized in that, A two-pointer convergence process is performed based on the anomaly origin index and the nearest neighbor change index. The two-pointer convergence process includes: The position corresponding to the abnormal start point number is used as the initial position of the first scan pointer; The position corresponding to the nearest neighbor change number is used as the initial position of the second scan pointer; A two-pointer scanning technique is used to perform a counter-clockwise scan in the sequence of service objects in the current dependent path segment. When the abnormal starting point number is less than the nearest neighbor change number, the first scanning pointer moves in the direction of increasing sequence number, and the second scanning pointer moves in the direction of decreasing sequence number; when the abnormal starting point number is greater than the nearest neighbor change number, the first scanning pointer moves in the direction of decreasing sequence number, and the second scanning pointer moves in the direction of increasing sequence number. The scan will stop if any of the following occurs during the scan: Scenario 1: The first scan pointer and the second scan pointer point to the same sequence number, and the service object corresponding to the current sequence number is recorded as the convergence service object; Scenario 2: The first scan pointer and the second scan pointer point to adjacent sequence numbers, but not to the same sequence number. The service object currently pointed to by the second scan pointer is recorded as the convergence service object.

6. The intelligent analysis method for large models based on multi-source big data according to claim 5, characterized in that, In the current sequence of service objects in the dependent path segment, read the sequence number corresponding to the convergence service object and record it as the convergence service object number; When the sequence number of the converged service object is not equal to the first sequence number and not equal to the last sequence number of the service object sequence, read the preceding and following service objects of the converged service object in the service object sequence respectively. Record the service object identifier of the previous service object as the identifier of the preceding service object; The service object identifier of the next service object is recorded as the identifier of the subsequent service object; The candidate convergence object is generated by combining the convergence service object identifier, convergence service object sequence number, convergence preceding service object identifier, convergence following service object identifier, service object identifier in the business anomaly starting segment, and service object identifier in the nearest neighbor change segment. The convergence establishment identification is performed on the candidate convergence object, including: when the convergence service object sequence number is located between the anomaly starting sequence number and the nearest neighbor change sequence number, the convergence preceding service object identifier and the convergence following service object identifier are adjacent to the convergence service object identifier in the service object sequence of the current dependent path segment, and the convergence service object identifier appears only once in the service object sequence of the current dependent path segment, the candidate convergence object is identified as the reverse convergence suspicious point core.

7. The intelligent analysis method for large models based on multi-source big data according to claim 6, characterized in that, Read the service object identifier from the business anomaly initiation segment, and in the service object sequence of the current dependency path segment, use exact field matching technology to find the service object with the same identifier as the service object in the business anomaly initiation segment. Record the sequence number corresponding to the found service object as the anomaly initiation number. Then, perform closure validity identification on the reverse convergence suspicious point kernel, including: The convergence service object identifier in the reverse convergence core has a match in the service object sequence of the current dependent path segment; The service object identifier of the abnormal starting point in the reverse convergence of the suspicious points is the same as the service object identifier in the business abnormal starting point segment; The convergence service object sequence number and the anomaly origin sequence number in the reverse convergence suspicious point kernel satisfy any of the following conditions: The sequence number of the service object is less than or equal to the sequence number of the abnormal starting point. The convergence service object number is greater than the anomaly starting point number, and there are no duplicate service object identifiers other than the convergence service object in the reverse convergence suspicious point core within the interval from the anomaly starting point number to the convergence service object number; When the closure validity identification results are both true, the root point service object analysis is triggered; otherwise, the reverse convergence doubt point kernel is regenerated through iterative analysis.

8. The intelligent analysis method for large models based on multi-source big data according to claim 7, characterized in that, The root point service object analysis is used to read the convergence service object sequence number and the abnormal start point sequence number in the reverse convergence suspicious point kernel. In the service object sequence of the current dependent path segment, the continuous service objects whose sequence number is between the convergence service object sequence number and the abnormal start point sequence number are extracted, and the extracted and sorted continuous service object sequence is recorded as the root point service object sequence. Read each service object in the root service object sequence, assign execution sequence numbers to each service object in turn according to the order of arrangement in the root service object sequence, and form an execution sequence number sequence according to the order of arrangement. The execution sequence number is consecutively numbered starting from the first service object in the root service object sequence; For each pair of adjacent service objects in the root service object sequence, read the connection relationship identifier corresponding to the pair of adjacent service objects in the current dependent path segment, and form a verification bit sequence by sequentially arranging the connection relationship identifiers according to the arrangement order in the root service object sequence; Each item in the verification bit sequence corresponds to a pair of adjacent service objects in the root point service object sequence; The root service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment are combined and denoted as a single root closed processing chain.

9. The intelligent analysis method for large models based on multi-source big data according to claim 8, characterized in that, Structured field encoding technology is used to map the service object sequence, execution sequence number sequence, verification bit sequence, and service object identifier in the business exception starting point segment of a single closed processing chain. The service object identifiers in the root service object sequence are bound sequentially according to the execution sequence number sequence. The verification bit sequence is embedded into the sequential binding result according to the correspondence between adjacent service objects and combined with the target service object identifier to generate a structured analysis input segment.

10. The intelligent analysis method for large models based on multi-source big data according to claim 9, characterized in that, Constrained reasoning is performed on the structured analysis input fragments to obtain intermediate analysis results, including: Based on the root point service object sequence and execution sequence number, identify the first service object in the root point service object sequence and determine it as the candidate root cause object identifier; Based on the root point service object sequence and execution sequence number, identify the continuous object arrangement from the first service object to the last service object and determine it as the propagation service object sequence; Extract the execution sequence number sequence corresponding to the propagation service object sequence from the structured analysis input fragment and determine it as the propagation order sequence; Based on the positional binding relationship between the verification bit sequence and the adjacent objects in the root point object sequence, the verification correspondence relationship in the candidate propagation object sequence is identified, and a verification correspondence sequence is generated. Read the business object identifier in a single closed processing chain and record the current business object identifier as the target object identifier; Based on the results of the constraint reasoning and the single closed disposition chain, a constraint closure consistency check is performed, including: The root cause service recipient identifier is the same as the convergence service recipient identifier in a single root closed treatment chain; The target object identifier is the same as the target service object identifier in a single closed-loop processing chain; The sequence of service objects in the propagation process is the same in number as the sequence of root service objects in a single closed disposal chain. The propagation sequence is the same as the execution sequence number in a single closed disposal chain in terms of the number of sequence items. The verification sequence is identical in the number of sequence items to the verification bit sequence in a single closed disposal chain. When all constraint closure consistency checks are passed, it indicates that the constraint reasoning is valid, and the intermediate analysis results are determined to be valid analysis results. If any item in the constraint closure consistency check fails, the constraint reasoning is deemed invalid, the current intermediate analysis result is discarded, the single closed disposal chain is retained, and the iterative analysis is performed again.