skills/bms-log-prd-query/SKILL.md

4.1 KiB
Raw Blame History

name description metadata
bms-log-prd-query Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy. Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data. All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible.
author version
local 1.0.0

BMS Production Log Query Skill

Scope: ONLY bms-prod data view → *bms*,*wos* indices.

Connection Details (DO NOT re-verify — confirmed working)

  • Auth: Read from ~/.env (home directory):
    • BMS_LOG_PRD_URL = Kibana proxy URL
    • BMS_LOG_PRD_USERNAME = elastic
    • BMS_LOG_PRD_PASSWORD = (stored in .env)
  • ES Version: 8.6.1
  • ES direct port: NOT accessible. All queries go through Kibana console proxy.

Data View Mapping

Kibana Data View ES Index Pattern
bms-prod *bms*,*wos*

Kibana Console Proxy Format

POST https://kiblog.qx.com/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=GET

Headers: kbn-xsrf: true, Content-Type: application/json

Index Pattern

  • bmslog-bms-prod-YYYY-MM-DD — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend)

Log Fields

字段 说明
@timestamp ES 时间戳 (ISO 8601)
timestamp 原始时间字符串
message 日志正文 (中文/英文)
level 日志级别 (INFO, WARN, ERROR)
app_name 应用名 (如 bms-web)
class Java 类名
thread 线程名 (如 http-nio-8081-exec-59)
traceId SkyWalking 链路追踪 ID
parentTraceId 父级追踪 ID
trace_id 另一种追踪 ID 标识
stack_trace 异常堆栈 (无异常时为空)
host_ip 主机 IP
ip 请求 IP 地址
node_ip 节点 IP
log_origin 日志来源标识

Troubleshooting Guide — 排查链路问题

排查业务链路问题时,结合以下三个核心维度:

  1. message + 时间戳 — 定位具体操作和发生时间,快速缩小范围
  2. traceId — SkyWalking 分布式链路追踪 ID可贯穿整个调用链前端 → 网关 → 服务A → 服务B → DB
    • 大部分业务场景下 traceId 可完整贯穿
    • 例外xxljob 定时任务、dubbo 服务互相调用可能丢失 traceId
  3. thread — 单机线程名,辅助定位具体执行线程
    • 测试环境通常单实例thread 可直接定位
    • 生产环境注意分布式问题:同一线程名可能出现在不同机器上,需结合 host_ip + node_ip 一起使用

推荐排查流程:

  • 已知现象 → 用 message 关键词 + 时间范围找到第一条相关日志 → 提取 traceId → 用 traceId 查出完整链路 → 结合 thread + host_ip 定位具体节点

Query Patterns

Latest N logs

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "sort": [{"@timestamp": "desc"}],
  "size": 10
}

Search by keyword

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "multi_match": {
      "query": "<keyword>",
      "fields": ["message", "stack_trace"]
    }
  },
  "sort": [{"@timestamp": "desc"}],
  "size": 20
}

Search errors

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "bool": {
      "must": [
        { "match": { "level": "ERROR" } }
      ]
    }
  },
  "size": 20,
  "sort": [{"@timestamp": "desc"}]
}

Search by traceId

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "term": { "traceId": "<traceId>" }
  },
  "sort": [{"@timestamp": "asc"}],
  "size": 100
}

Count docs

GET /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_count&method=GET

Rules

  1. Never re-probe ES connectivity — Kibana proxy is the only working method
  2. Never try ES direct ports — not accessible
  3. Never store credentials in this file
  4. When user says "查 bms-prod" 或 "查生产日志" → query bmslog-bms-prod-* indices