Skill

kibana

Queries logs in Kibana/OpenSearch Dashboards via Elasticsearch/OpenSearch API using pcurl. Covers index discovery, nginx access/error logs, and time-range searches.

Elasticsearch

Nginx

Bash

monitoring

npx claudepluginhub vmkteam/claude-plugins --plugin vmkteam-developer

Tool Access

This skill uses the workspace's default tool permissions.

Preview

OpenSearch Dashboards (или Kibana) для поиска по логам (nginx access/error, application). Приложенческие логи Go-сервисов — в Loki (см. /loki).

SKILL.md

Similar Skills

using-superpowers

185.1k

Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.

3 files

superpowers

Stats

Parent Repo Stars5

Parent Repo Forks0

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Kibana / OpenSearch Dashboards — логи

OpenSearch Dashboards (или Kibana) для поиска по логам (nginx access/error, application). Приложенческие логи Go-сервисов — в Loki (см. /loki).

Разные индексы содержат разные данные от разных систем. Имена полей зависят от индекса. Всегда начинай с discovery.

OpenSearch Dashboards использует заголовок osd-xsrf: true вместо kbn-xsrf: true (Kibana).

Подключение

Profile: @{kibana_profile}
Base URL: https://{kibana_host}
Header: osd-xsrf: true (OpenSearch) или kbn-xsrf: true (Kibana)

Шаг 1. Discovery

Index patterns (рекомендуется — самый надёжный способ)

pcurl @{profile} 'https://{host}/api/saved_objects/_find?type=index-pattern&per_page=100' -s -H 'osd-xsrf: true'

Пример документа — быстрый способ понять структуру полей

pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"sort":[{"@timestamp":"desc"}],"size":1}'

Mapping индекса (полная структура полей)

pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_mapping&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' -d '{}'

Типичные index patterns:

nginx-access-* — nginx access логи (ip, path, httpStatus, requestTime, serverName, platform, xRequestId)
nginx-error-* — nginx error логи (level, description, connectionId)
{service}-* — приложенческие логи (если не в Loki)
logstash-* — legacy

Шаг 2. Поиск логов

Использовать реальные имена полей из discovery.

# По query string
pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"query_string":{"query":"{query}"}},"sort":[{"@timestamp":"desc"}],"size":20}'

# За период
pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"bool":{"must":[{"query_string":{"query":"{query}"}},{"range":{"@timestamp":{"gte":"now-1h","lte":"now"}}}]}},"sort":[{"@timestamp":"desc"}],"size":50}'

# Nginx: 5xx ошибки
pcurl @{profile} 'https://{host}/api/console/proxy?path=nginx-access-*/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"bool":{"must":[{"range":{"httpStatus":{"gte":500}}},{"range":{"@timestamp":{"gte":"now-1h"}}}]}},"sort":[{"@timestamp":"desc"}],"size":20}'

# Nginx: медленные запросы
pcurl @{profile} 'https://{host}/api/console/proxy?path=nginx-access-*/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"bool":{"must":[{"range":{"requestTime":{"gte":1}}},{"range":{"@timestamp":{"gte":"now-1h"}}}]}},"sort":[{"requestTime":"desc"}],"size":20}'

# По X-Request-ID (trace)
pcurl @{profile} 'https://{host}/api/console/proxy?path=nginx-access-*/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"term":{"xRequestId":"{request_id}"}},"size":10}'

Агрегации

# Группировка по полю
pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"range":{"@timestamp":{"gte":"now-1h"}}},"size":0,"aggs":{"by_field":{"terms":{"field":"{field}","size":20}}}}'

# Histogram по времени
pcurl @{profile} 'https://{host}/api/console/proxy?path={index}/_search&method=POST' \
  -s -H 'osd-xsrf: true' -H 'Content-Type: application/json' \
  -d '{"query":{"range":{"@timestamp":{"gte":"now-1h"}}},"size":0,"aggs":{"over_time":{"date_histogram":{"field":"@timestamp","fixed_interval":"5m"}}}}'

Обработка ответов

hits.total.value — количество записей
hits.hits[]._source — данные записи
aggregations — результаты агрегаций