skills/bms-log-test-query/SKILL.md
2026-06-11 15:00:51 +08:00

112 lines
2.8 KiB
Markdown

---
name: bms-log-test-query
description: >
Query BMS (bms-sit) application logs from Elasticsearch via Kibana console proxy.
Use when the user asks to check BMS logs, search BMS errors, or look up recent log entries.
All queries go through Kibana at http://172.17.12.18:8000 — ES direct port is NOT accessible.
metadata:
author: local
version: 3.0.0
---
# BMS Log Query Skill
> **Scope: ONLY `bms-sit` data view → `bms-test*` and `pms*` indices.**
## Connection Details (DO NOT re-verify — confirmed working)
- **Auth**: Read from `~/.env` (home directory):
- `BMS_LOG_TEST_URL` = Kibana proxy URL
- `BMS_LOG_TEST_USERNAME` = elastic
- `BMS_LOG_TEST_PASSWORD` = (stored in .env)
- **ES Version**: 8.6.1
- **ES direct port**: NOT accessible. All queries go through Kibana console proxy.
## Data View Mapping
| Kibana Data View | ES Index Pattern |
|-----------------|------------------|
| `bms-sit` | `bms-test*, pms*` |
## Kibana Console Proxy Format
```
POST http://172.17.12.18:8000/api/console/proxy?path=<URL_ENCODED_ES_PATH>&method=<HTTP_METHOD>
```
Headers: `kbn-xsrf: true`, `Content-Type: application/json`
## Index Pattern
- `bms-test-YYYY-MM-DD` — daily rolling indices, ~2,000,000 docs/day
- `pms-test-YYYY-MM-DD` — PMS test logs, ~59,000 docs/day
## Query Patterns
### Latest N logs
```json
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
"sort": [{"@timestamp": "desc"}],
"size": 10
}
```
### Search by keyword
```json
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
"query": {
"multi_match": {
"query": "<keyword>",
"fields": ["message", "error.message", "original_message"]
}
},
"sort": [{"@timestamp": "desc"}],
"size": 20
}
```
### Search errors in time range
```json
POST /api/console/proxy?path=/bms-test-<DATE>/_search&method=GET
{
"query": {
"bool": {
"must": [
{ "range": { "@timestamp": { "gte": "now-1h", "lte": "now" } } },
{ "match_phrase": { "message": "ERROR" } }
]
}
},
"size": 20,
"sort": [{"@timestamp": "desc"}]
}
```
### Count docs
```
GET /api/console/proxy?path=/bms-test-<DATE>/_count&method=GET
```
### Get mapping (available fields)
```
GET /api/console/proxy?path=/bms-test-<DATE>/_mapping&method=GET
```
## Common Fields
- `@timestamp` — log timestamp
- `message` — main log message (Chinese/English)
- `original_message` — original unformatted message
- `log.level` — INFO, WARN, ERROR, etc.
- `error.message` — error details
- `host.name` — host/container name
## Rules
1. **Never re-probe ES connectivity** — Kibana proxy is the only working method
2. **Never try ports 9200/9201/5601** — not accessible
3. **Never store credentials** in this file
4. **When user says "查 bms-sit" → query `bms-test-*` indices**