--- name: bms-log-prd-query description: > Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy. Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data. All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible. metadata: author: local version: 1.0.0 --- # BMS Production Log Query Skill > **Scope: ONLY `bms-prod` data view → `*bms*,*wos*` indices.** ## Connection Details (DO NOT re-verify — confirmed working) - **Auth**: Read from `~/.env` (home directory): - `BMS_LOG_PRD_URL` = Kibana proxy URL - `BMS_LOG_PRD_USERNAME` = elastic - `BMS_LOG_PRD_PASSWORD` = (stored in .env) - **ES Version**: 8.6.1 - **ES direct port**: NOT accessible. All queries go through Kibana console proxy. ## Data View Mapping | Kibana Data View | ES Index Pattern | |-----------------|------------------| | `bms-prod` | `*bms*,*wos*` | ## Kibana Console Proxy Format ``` POST https://kiblog.qx.com/api/console/proxy?path=&method=GET ``` Headers: `kbn-xsrf: true`, `Content-Type: application/json` ## Index Pattern - `bmslog-bms-prod-YYYY-MM-DD` — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend) ## Log Fields | 字段 | 说明 | |------|------| | `@timestamp` | ES 时间戳 (ISO 8601) | | `timestamp` | 原始时间字符串 | | `message` | 日志正文 (中文/英文) | | `level` | 日志级别 (INFO, WARN, ERROR) | | `app_name` | 应用名 (如 bms-web) | | `class` | Java 类名 | | `thread` | 线程名 (如 `http-nio-8081-exec-59`) | | `traceId` | SkyWalking 链路追踪 ID | | `parentTraceId` | 父级追踪 ID | | `trace_id` | 另一种追踪 ID 标识 | | `stack_trace` | 异常堆栈 (无异常时为空) | | `host_ip` | 主机 IP | | `ip` | 请求 IP 地址 | | `node_ip` | 节点 IP | | `log_origin` | 日志来源标识 | ## Troubleshooting Guide — 排查链路问题 排查业务链路问题时,结合以下三个核心维度: 1. **message + 时间戳** — 定位具体操作和发生时间,快速缩小范围 2. **traceId** — SkyWalking 分布式链路追踪 ID,可贯穿整个调用链(前端 → 网关 → 服务A → 服务B → DB) - 大部分业务场景下 traceId 可完整贯穿 - **例外**:xxljob 定时任务、dubbo 服务互相调用可能丢失 traceId 3. **thread** — 单机线程名,辅助定位具体执行线程 - 测试环境通常单实例,thread 可直接定位 - **生产环境注意分布式问题**:同一线程名可能出现在不同机器上,需结合 `host_ip` + `node_ip` 一起使用 **推荐排查流程:** - 已知现象 → 用 message 关键词 + 时间范围找到第一条相关日志 → 提取 traceId → 用 traceId 查出完整链路 → 结合 thread + host_ip 定位具体节点 ## Query Patterns ### Latest N logs ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "sort": [{"@timestamp": "desc"}], "size": 10 } ``` ### Search by keyword ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "multi_match": { "query": "", "fields": ["message", "stack_trace"] } }, "sort": [{"@timestamp": "desc"}], "size": 20 } ``` ### Search errors ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "bool": { "must": [ { "match": { "level": "ERROR" } } ] } }, "size": 20, "sort": [{"@timestamp": "desc"}] } ``` ### Search by traceId ```json POST /api/console/proxy?path=/bmslog-bms-prod-/_search&method=GET { "query": { "term": { "traceId": "" } }, "sort": [{"@timestamp": "asc"}], "size": 100 } ``` ### Count docs ``` GET /api/console/proxy?path=/bmslog-bms-prod-/_count&method=GET ``` ## Rules 1. **Never re-probe ES connectivity** — Kibana proxy is the only working method 2. **Never try ES direct ports** — not accessible 3. **Never store credentials** in this file 4. **When user says "查 bms-prod" 或 "查生产日志" → query `bmslog-bms-prod-*` indices**