124 lines
3.0 KiB
Markdown
124 lines
3.0 KiB
Markdown
---
|
|
name: bms-prd-log-query
|
|
description: >
|
|
Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy.
|
|
Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data.
|
|
All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible.
|
|
metadata:
|
|
author: local
|
|
version: 1.0.0
|
|
---
|
|
|
|
# BMS Production Log Query Skill
|
|
|
|
> **Scope: ONLY `bms-prod` data view → `*bms*,*wos*` indices.**
|
|
|
|
## Connection Details (DO NOT re-verify — confirmed working)
|
|
|
|
- **Auth**: Read from `~/.env` (home directory):
|
|
- `BMS_PRD_LOG_URL` = Kibana proxy URL
|
|
- `BMS_PRD_LOG_USERNAME` = elastic
|
|
- `BMS_PRD_LOG_PASSWORD` = (stored in .env)
|
|
- **ES Version**: 8.6.1
|
|
- **ES direct port**: NOT accessible. All queries go through Kibana console proxy.
|
|
|
|
## Data View Mapping
|
|
|
|
| Kibana Data View | ES Index Pattern |
|
|
|-----------------|------------------|
|
|
| `bms-prod` | `*bms*,*wos*` |
|
|
|
|
## Kibana Console Proxy Format
|
|
|
|
```
|
|
POST https://kiblog.qx.com/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=GET
|
|
```
|
|
|
|
Headers: `kbn-xsrf: true`, `Content-Type: application/json`
|
|
|
|
## Index Pattern
|
|
|
|
- `bmslog-bms-prod-YYYY-MM-DD` — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend)
|
|
|
|
## Log Fields
|
|
|
|
| Field | Description |
|
|
|-------|-------------|
|
|
| `@timestamp` | ISO 8601 timestamp |
|
|
| `timestamp` | Original timestamp string |
|
|
| `message` | Log message (Chinese/English) |
|
|
| `level` | Log level: INFO, WARN, ERROR, etc. |
|
|
| `app_name` | Application name (e.g. `bms-web`) |
|
|
| `class` | Java class name |
|
|
| `thread` | Thread name |
|
|
| `traceId` | Distributed trace ID |
|
|
| `host_ip` | Host IP address |
|
|
| `log_origin` | Log origin identifier |
|
|
| `stack_trace` | Exception stack trace (empty if no error) |
|
|
|
|
## Query Patterns
|
|
|
|
### Latest N logs
|
|
```json
|
|
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
|
{
|
|
"sort": [{"@timestamp": "desc"}],
|
|
"size": 10
|
|
}
|
|
```
|
|
|
|
### Search by keyword
|
|
```json
|
|
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
|
{
|
|
"query": {
|
|
"multi_match": {
|
|
"query": "<keyword>",
|
|
"fields": ["message", "stack_trace"]
|
|
}
|
|
},
|
|
"sort": [{"@timestamp": "desc"}],
|
|
"size": 20
|
|
}
|
|
```
|
|
|
|
### Search errors
|
|
```json
|
|
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
|
{
|
|
"query": {
|
|
"bool": {
|
|
"must": [
|
|
{ "match": { "level": "ERROR" } }
|
|
]
|
|
}
|
|
},
|
|
"size": 20,
|
|
"sort": [{"@timestamp": "desc"}]
|
|
}
|
|
```
|
|
|
|
### Search by traceId
|
|
```json
|
|
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
|
|
{
|
|
"query": {
|
|
"term": { "traceId": "<traceId>" }
|
|
},
|
|
"sort": [{"@timestamp": "asc"}],
|
|
"size": 100
|
|
}
|
|
```
|
|
|
|
### Count docs
|
|
```
|
|
GET /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_count&method=GET
|
|
```
|
|
|
|
## Rules
|
|
|
|
1. **Never re-probe ES connectivity** — Kibana proxy is the only working method
|
|
2. **Never try ES direct ports** — not accessible
|
|
3. **Never store credentials** in this file
|
|
4. **When user says "查 bms-prod" 或 "查生产日志" → query `bmslog-bms-prod-*` indices**
|