143 lines
4.1 KiB
Markdown
143 lines
4.1 KiB
Markdown
---
|
||
name: bms-log-prd-query
|
||
description: >
|
||
Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy.
|
||
Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data.
|
||
All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible.
|
||
metadata:
|
||
author: local
|
||
version: 1.0.0
|
||
---
|
||
|
||
# BMS Production Log Query Skill
|
||
|
||
> **Scope: ONLY `bms-prod` data view → `*bms*,*wos*` indices.**
|
||
|
||
## Connection Details (DO NOT re-verify — confirmed working)
|
||
|
||
- **Auth**: Read from `~/.env` (home directory):
|
||
- `BMS_LOG_PRD_URL` = Kibana proxy URL
|
||
- `BMS_LOG_PRD_USERNAME` = elastic
|
||
- `BMS_LOG_PRD_PASSWORD` = (stored in .env)
|
||
- **ES Version**: 8.6.1
|
||
- **ES direct port**: NOT accessible. All queries go through Kibana console proxy.
|
||
|
||
## Data View Mapping
|
||
|
||
| Kibana Data View | ES Index Pattern |
|
||
|-----------------|------------------|
|
||
| `bms-prod` | `*bms*,*wos*` |
|
||
|
||
## Kibana Console Proxy Format
|
||
|
||
```
|
||
POST https://kiblog.qx.com/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=GET
|
||
```
|
||
|
||
Headers: `kbn-xsrf: true`, `Content-Type: application/json`
|
||
|
||
## Index Pattern
|
||
|
||
- `bmslog-bms-prod-YYYY-MM-DD` — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend)
|
||
|
||
## Log Fields
|
||
|
||
| 字段 | 说明 |
|
||
|------|------|
|
||
| `@timestamp` | ES 时间戳 (ISO 8601) |
|
||
| `timestamp` | 原始时间字符串 |
|
||
| `message` | 日志正文 (中文/英文) |
|
||
| `level` | 日志级别 (INFO, WARN, ERROR) |
|
||
| `app_name` | 应用名 (如 bms-web) |
|
||
| `class` | Java 类名 |
|
||
| `thread` | 线程名 (如 `http-nio-8081-exec-59`) |
|
||
| `traceId` | SkyWalking 链路追踪 ID |
|
||
| `parentTraceId` | 父级追踪 ID |
|
||
| `trace_id` | 另一种追踪 ID 标识 |
|
||
| `stack_trace` | 异常堆栈 (无异常时为空) |
|
||
| `host_ip` | 主机 IP |
|
||
| `ip` | 请求 IP 地址 |
|
||
| `node_ip` | 节点 IP |
|
||
| `log_origin` | 日志来源标识 |
|
||
|
||
## Troubleshooting Guide — 排查链路问题
|
||
|
||
排查业务链路问题时,结合以下三个核心维度:
|
||
|
||
1. **message + 时间戳** — 定位具体操作和发生时间,快速缩小范围
|
||
2. **traceId** — SkyWalking 分布式链路追踪 ID,可贯穿整个调用链(前端 → 网关 → 服务A → 服务B → DB)
|
||
- 大部分业务场景下 traceId 可完整贯穿
|
||
- **例外**:xxljob 定时任务、dubbo 服务互相调用可能丢失 traceId
|
||
3. **thread** — 单机线程名,辅助定位具体执行线程
|
||
- 测试环境通常单实例,thread 可直接定位
|
||
- **生产环境注意分布式问题**:同一线程名可能出现在不同机器上,需结合 `host_ip` + `node_ip` 一起使用
|
||
|
||
**推荐排查流程:**
|
||
- 已知现象 → 用 message 关键词 + 时间范围找到第一条相关日志 → 提取 traceId → 用 traceId 查出完整链路 → 结合 thread + host_ip 定位具体节点
|
||
|
||
## Query Patterns
|
||
|
||
### Latest N logs
|
||
```json
|
||
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
||
{
|
||
"sort": [{"@timestamp": "desc"}],
|
||
"size": 10
|
||
}
|
||
```
|
||
|
||
### Search by keyword
|
||
```json
|
||
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
||
{
|
||
"query": {
|
||
"multi_match": {
|
||
"query": "<keyword>",
|
||
"fields": ["message", "stack_trace"]
|
||
}
|
||
},
|
||
"sort": [{"@timestamp": "desc"}],
|
||
"size": 20
|
||
}
|
||
```
|
||
|
||
### Search errors
|
||
```json
|
||
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
||
{
|
||
"query": {
|
||
"bool": {
|
||
"must": [
|
||
{ "match": { "level": "ERROR" } }
|
||
]
|
||
}
|
||
},
|
||
"size": 20,
|
||
"sort": [{"@timestamp": "desc"}]
|
||
}
|
||
```
|
||
|
||
### Search by traceId
|
||
```json
|
||
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
||
{
|
||
"query": {
|
||
"term": { "traceId": "<traceId>" }
|
||
},
|
||
"sort": [{"@timestamp": "asc"}],
|
||
"size": 100
|
||
}
|
||
```
|
||
|
||
### Count docs
|
||
```
|
||
GET /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_count&method=GET
|
||
```
|
||
|
||
## Rules
|
||
|
||
1. **Never re-probe ES connectivity** — Kibana proxy is the only working method
|
||
2. **Never try ES direct ports** — not accessible
|
||
3. **Never store credentials** in this file
|
||
4. **When user says "查 bms-prod" 或 "查生产日志" → query `bmslog-bms-prod-*` indices**
|