skills/bms-log-prd-query/SKILL.md
2026-06-11 15:00:51 +08:00

124 lines
3.0 KiB
Markdown

---
name: bms-log-prd-query
description: >
Query BMS production (bms-prod) logs from Elasticsearch via Kibana console proxy.
Use when the user asks to check BMS production logs, search prod errors, or look up bms-prod data.
All queries go through Kibana at https://kiblog.qx.com — ES direct port is NOT accessible.
metadata:
author: local
version: 1.0.0
---
# BMS Production Log Query Skill
> **Scope: ONLY `bms-prod` data view → `*bms*,*wos*` indices.**
## Connection Details (DO NOT re-verify — confirmed working)
- **Auth**: Read from `~/.env` (home directory):
- `BMS_LOG_PRD_URL` = Kibana proxy URL
- `BMS_LOG_PRD_USERNAME` = elastic
- `BMS_LOG_PRD_PASSWORD` = (stored in .env)
- **ES Version**: 8.6.1
- **ES direct port**: NOT accessible. All queries go through Kibana console proxy.
## Data View Mapping
| Kibana Data View | ES Index Pattern |
|-----------------|------------------|
| `bms-prod` | `*bms*,*wos*` |
## Kibana Console Proxy Format
```
POST https://kiblog.qx.com/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=GET
```
Headers: `kbn-xsrf: true`, `Content-Type: application/json`
## Index Pattern
- `bmslog-bms-prod-YYYY-MM-DD` — daily rolling indices, ~10,000,000 docs/day (weekday), ~7,000,000 (weekend)
## Log Fields
| Field | Description |
|-------|-------------|
| `@timestamp` | ISO 8601 timestamp |
| `timestamp` | Original timestamp string |
| `message` | Log message (Chinese/English) |
| `level` | Log level: INFO, WARN, ERROR, etc. |
| `app_name` | Application name (e.g. `bms-web`) |
| `class` | Java class name |
| `thread` | Thread name |
| `traceId` | Distributed trace ID |
| `host_ip` | Host IP address |
| `log_origin` | Log origin identifier |
| `stack_trace` | Exception stack trace (empty if no error) |
## Query Patterns
### Latest N logs
```json
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
"sort": [{"@timestamp": "desc"}],
"size": 10
}
```
### Search by keyword
```json
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
"query": {
"multi_match": {
"query": "<keyword>",
"fields": ["message", "stack_trace"]
}
},
"sort": [{"@timestamp": "desc"}],
"size": 20
}
```
### Search errors
```json
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
"query": {
"bool": {
"must": [
{ "match": { "level": "ERROR" } }
]
}
},
"size": 20,
"sort": [{"@timestamp": "desc"}]
}
```
### Search by traceId
```json
POST /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_search&method=GET
{
"query": {
"term": { "traceId": "<traceId>" }
},
"sort": [{"@timestamp": "asc"}],
"size": 100
}
```
### Count docs
```
GET /api/console/proxy?path=/bmslog-bms-prod-<DATE>/_count&method=GET
```
## Rules
1. **Never re-probe ES connectivity** — Kibana proxy is the only working method
2. **Never try ES direct ports** — not accessible
3. **Never store credentials** in this file
4. **When user says "查 bms-prod" 或 "查生产日志" → query `bmslog-bms-prod-*` indices**