112 lines
2.8 KiB
Markdown
112 lines
2.8 KiB
Markdown
---
|
|
name: bms-log-test-query
|
|
description: >
|
|
Query BMS (bms-sit) application logs from Elasticsearch via Kibana console proxy.
|
|
Use when the user asks to check BMS logs, search BMS errors, or look up recent log entries.
|
|
All queries go through Kibana at http://172.17.12.18:8000 — ES direct port is NOT accessible.
|
|
metadata:
|
|
author: local
|
|
version: 3.0.0
|
|
---
|
|
|
|
# BMS Log Query Skill
|
|
|
|
> **Scope: ONLY `bms-sit` data view → `bms-test*` and `pms*` indices.**
|
|
|
|
## Connection Details (DO NOT re-verify — confirmed working)
|
|
|
|
- **Auth**: Read from `~/.env` (home directory):
|
|
- `BMS_LOG_TEST_URL` = Kibana proxy URL
|
|
- `BMS_LOG_TEST_USERNAME` = elastic
|
|
- `BMS_LOG_TEST_PASSWORD` = (stored in .env)
|
|
- **ES Version**: 8.6.1
|
|
- **ES direct port**: NOT accessible. All queries go through Kibana console proxy.
|
|
|
|
## Data View Mapping
|
|
|
|
| Kibana Data View | ES Index Pattern |
|
|
|-----------------|------------------|
|
|
| `bms-sit` | `bms-test*, pms*` |
|
|
|
|
## Kibana Console Proxy Format
|
|
|
|
```
|
|
POST http://172.17.12.18:8000/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=<HTTP_METHOD>
|
|
```
|
|
|
|
Headers: `kbn-xsrf: true`, `Content-Type: application/json`
|
|
|
|
## Index Pattern
|
|
|
|
- `bms-test-YYYY-MM-DD` — daily rolling indices, ~2,000,000 docs/day
|
|
- `pms-test-YYYY-MM-DD` — PMS test logs, ~59,000 docs/day
|
|
|
|
## Query Patterns
|
|
|
|
### Latest N logs
|
|
```json
|
|
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
|
|
{
|
|
"sort": [{"@timestamp": "desc"}],
|
|
"size": 10
|
|
}
|
|
```
|
|
|
|
### Search by keyword
|
|
```json
|
|
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
|
|
{
|
|
"query": {
|
|
"multi_match": {
|
|
"query": "<keyword>",
|
|
"fields": ["message", "error.message", "original_message"]
|
|
}
|
|
},
|
|
"sort": [{"@timestamp": "desc"}],
|
|
"size": 20
|
|
}
|
|
```
|
|
|
|
### Search errors in time range
|
|
```json
|
|
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
|
|
{
|
|
"query": {
|
|
"bool": {
|
|
"must": [
|
|
{ "range": { "@timestamp": { "gte": "now-1h", "lte": "now" } } },
|
|
{ "match_phrase": { "message": "ERROR" } }
|
|
]
|
|
}
|
|
},
|
|
"size": 20,
|
|
"sort": [{"@timestamp": "desc"}]
|
|
}
|
|
```
|
|
|
|
### Count docs
|
|
```
|
|
GET /api/console/proxy?path=/bms-test-<DATE>/_count&method=GET
|
|
```
|
|
|
|
### Get mapping (available fields)
|
|
```
|
|
GET /api/console/proxy?path=/bms-test-<DATE>/_mapping&method=GET
|
|
```
|
|
|
|
## Common Fields
|
|
|
|
- `@timestamp` — log timestamp
|
|
- `message` — main log message (Chinese/English)
|
|
- `original_message` — original unformatted message
|
|
- `log.level` — INFO, WARN, ERROR, etc.
|
|
- `error.message` — error details
|
|
- `host.name` — host/container name
|
|
|
|
## Rules
|
|
|
|
1. **Never re-probe ES connectivity** — Kibana proxy is the only working method
|
|
2. **Never try ports 9200/9201/5601** — not accessible
|
|
3. **Never store credentials** in this file
|
|
4. **When user says "查 bms-sit" → query `bms-test-*` indices**
|