skills/bms-log-prd-query/SKILL.md
2026-06-11 15:00:51 +08:00

3.0 KiB

name description metadata
bms-log-prd-query Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy. Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data. All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible.
author version
local 1.0.0

BMS Production Log Query Skill

Scope: ONLY bms-prod data view → *bms*,*wos* indices.

Connection Details (DO NOT re-verify — confirmed working)

  • Auth: Read from ~/.env (home directory):
    • BMS_LOG_PRD_URL = Kibana proxy URL
    • BMS_LOG_PRD_USERNAME = elastic
    • BMS_LOG_PRD_PASSWORD = (stored in .env)
  • ES Version: 8.6.1
  • ES direct port: NOT accessible. All queries go through Kibana console proxy.

Data View Mapping

Kibana Data View ES Index Pattern
bms-prod *bms*,*wos*

Kibana Console Proxy Format

POST https://kiblog.qx.com/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=GET

Headers: kbn-xsrf: true, Content-Type: application/json

Index Pattern

  • bmslog-bms-prod-YYYY-MM-DD — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend)

Log Fields

Field Description
@timestamp ISO 8601 timestamp
timestamp Original timestamp string
message Log message (Chinese/English)
level Log level: INFO, WARN, ERROR, etc.
app_name Application name (e.g. bms-web)
class Java class name
thread Thread name
traceId Distributed trace ID
host_ip Host IP address
log_origin Log origin identifier
stack_trace Exception stack trace (empty if no error)

Query Patterns

Latest N logs

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "sort": [{"@timestamp": "desc"}],
  "size": 10
}

Search by keyword

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "multi_match": {
      "query": "<keyword>",
      "fields": ["message", "stack_trace"]
    }
  },
  "sort": [{"@timestamp": "desc"}],
  "size": 20
}

Search errors

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "bool": {
      "must": [
        { "match": { "level": "ERROR" } }
      ]
    }
  },
  "size": 20,
  "sort": [{"@timestamp": "desc"}]
}

Search by traceId

POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
  "query": {
    "term": { "traceId": "<traceId>" }
  },
  "sort": [{"@timestamp": "asc"}],
  "size": 100
}

Count docs

GET /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_count&method=GET

Rules

  1. Never re-probe ES connectivity — Kibana proxy is the only working method
  2. Never try ES direct ports — not accessible
  3. Never store credentials in this file
  4. When user says "查 bms-prod" 或 "查生产日志" → query bmslog-bms-prod-* indices