skills/bms-log-test-query/SKILL.md
2026-06-11 15:00:51 +08:00

2.8 KiB

name description metadata
bms-log-test-query Query BMS (bms-sit) application logs from Elasticsearch via Kibana console proxy. Use when the user asks to check BMS logs, search BMS errors, or look up recent log entries. All queries go through Kibana at http://172.17.12.18:8000 — ES direct port is NOT accessible.
author version
local 3.0.0

BMS Log Query Skill

Scope: ONLY bms-sit data view → bms-test* and pms* indices.

Connection Details (DO NOT re-verify — confirmed working)

  • Auth: Read from ~/.env (home directory):
    • BMS_LOG_TEST_URL = Kibana proxy URL
    • BMS_LOG_TEST_USERNAME = elastic
    • BMS_LOG_TEST_PASSWORD = (stored in .env)
  • ES Version: 8.6.1
  • ES direct port: NOT accessible. All queries go through Kibana console proxy.

Data View Mapping

Kibana Data View ES Index Pattern
bms-sit bms-test*, pms*

Kibana Console Proxy Format

POST http://172.17.12.18:8000/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=<HTTP_METHOD>

Headers: kbn-xsrf: true, Content-Type: application/json

Index Pattern

  • bms-test-YYYY-MM-DD — daily rolling indices, ~2,000,000 docs/day
  • pms-test-YYYY-MM-DD — PMS test logs, ~59,000 docs/day

Query Patterns

Latest N logs

POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
  "sort": [{"@timestamp": "desc"}],
  "size": 10
}

Search by keyword

POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
  "query": {
    "multi_match": {
      "query": "<keyword>",
      "fields": ["message", "error.message", "original_message"]
    }
  },
  "sort": [{"@timestamp": "desc"}],
  "size": 20
}

Search errors in time range

POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
  "query": {
    "bool": {
      "must": [
        { "range": { "@timestamp": { "gte": "now-1h", "lte": "now" } } },
        { "match_phrase": { "message": "ERROR" } }
      ]
    }
  },
  "size": 20,
  "sort": [{"@timestamp": "desc"}]
}

Count docs

GET /api/console/proxy?path=/bms-test-<DATE>/_count&method=GET

Get mapping (available fields)

GET /api/console/proxy?path=/bms-test-<DATE>/_mapping&method=GET

Common Fields

  • @timestamp — log timestamp
  • message — main log message (Chinese/English)
  • original_message — original unformatted message
  • log.level — INFO, WARN, ERROR, etc.
  • error.message — error details
  • host.name — host/container name

Rules

  1. Never re-probe ES connectivity — Kibana proxy is the only working method
  2. Never try ports 9200/9201/5601 — not accessible
  3. Never store credentials in this file
  4. When user says "查 bms-sit" → query bms-test-* indices