Master Spring Boot Actuator: Real‑Time Monitoring, Metrics, and Dynamic Log Management

Last year our project migrated to a microservice 1.0 architecture, but we lacked proper service monitoring. Since all our services are Spring Boot applications, we turned to Spring Boot Actuator to fill the gap.

This guide summarizes the quick start, key endpoints, configuration, and advanced usage of Spring Boot Actuator.

What is Spring Boot Actuator

Actuator provides production‑ready features such as health checks, audits, metrics collection, HTTP tracing, bean inspection, environment variables, log information, thread dumps, and JVM heap data. These features are exposed via HTTP or JMX and can be integrated with external monitoring systems like Prometheus, Graphite, DataDog, InfluxDB, Wavefront, or New Relic through Micrometer.

Micrometer offers a common API for metric collection on the Java platform, handling the adaptation to various monitoring back‑ends.

Quick Start – Create a Spring Boot Actuator Demo

spring init -d=web,actuator -n=actuator-demo actuator-demo

Or use Spring Initializr (image omitted).

Add the Actuator starter dependency:

<dependencies> ... <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency> ... </dependencies>

dependencies { compile("org.springframework.boot:spring-boot-starter-actuator") }

Endpoints Overview

Actuator exposes several built‑in endpoints. They can be grouped into three categories:

Application configuration endpoints – expose configuration properties, environment variables, and auto‑configuration reports.

Metrics endpoints – expose JVM memory, thread pool, HTTP request statistics, and other runtime metrics.

Operational control endpoints – allow actions such as shutdown.

Each endpoint can be enabled or disabled individually, and in Actuator 2.x most endpoints are disabled by default and are prefixed with /actuator. By default only /actuator/health and /actuator/info are exposed.

Endpoint Exposure Configuration

Configure which endpoints are exposed via HTTP or JMX in application.properties: management.endpoints.web.exposure.include=info,health To expose all endpoints: management.endpoints.web.exposure.include=* Custom base path example: management.endpoints.web.base-path=/monitor After restarting, the actuator URLs become /monitor/*.

Important Endpoints

/health

The /health endpoint aggregates health indicators (e.g., database, Redis, disk space). Its detail level is controlled by management.endpoint.health.show-details with values never, when-authorized, or always. management.endpoint.health.show-details=always When enabled, you can see detailed health information such as DiskSpaceHealthIndicator.

/metrics

/metrics

returns a list of available metric names. To retrieve a specific metric, request /actuator/metrics/{metricName}, e.g., /actuator/metrics/jvm.memory.max. Query parameters can filter by tags.

/loggers

The /loggers endpoint shows all logger configurations. You can change a logger’s level at runtime by sending a POST request to /actuator/loggers/{loggerName} with JSON payload, e.g.: {"configuredLevel": "DEBUG"} This is useful for enabling debug logging in production without a restart.

/info

/info

returns custom application information defined in application.properties:

info.app.name=actuator-demo
info.app.encoding=UTF-8
info.app.java.source=1.8
info.app.java.target=1.8

Access it via /actuator/info.

/beans

Lists all beans in the Spring context with their names, types, scopes, and dependencies.

/heapdump

Generates a JVM heap dump file that can be opened with VisualVM for memory analysis.

/threaddump

Provides a snapshot of all threads, their states, lock information, and stack traces.

/shutdown

Gracefully shuts down the application. Enable it with: management.endpoint.shutdown.enabled=true It only accepts POST requests and should be protected in production.

Custom Health Indicator

Implement HealthIndicator or extend AbstractHealthIndicator to add custom health checks. Example skeleton:

/**
 * @author Richard_yyf
 * @version 1.0 2020/1/16
 */
@Component
public class CustomHealthIndicator extends AbstractHealthIndicator {
    @Override
    protected void doHealthCheck(Health.Builder builder) throws Exception {
        builder.up().withDetail("app", "This project is healthy")
               .withDetail("error", "Nothing, I'm very good");
    }
}

Integrating Spring Security

When Spring Security is on the classpath, Actuator endpoints are secured by default using form‑based authentication. Add the security starter if not present:

<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>

Define a security configuration to protect sensitive endpoints (e.g., /shutdown) while allowing public access to others:

@Configuration
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .requestMatchers(EndpointRequest.to(ShutdownEndpoint.class)).hasRole("ACTUATOR_ADMIN")
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            .and().httpBasic();
    }
}

Define a default user in application.properties:

spring.security.user.name=actuator
spring.security.user.password=actuator
spring.security.user.roles=ACTUATOR_ADMIN

Conclusion

The article covered the basics of using Spring Boot Actuator for monitoring, the most useful endpoints, how to expose and secure them, and how to extend functionality with custom health indicators. The full source code is available on GitHub.

Source code: https://github.com/Richard-yyf/springboot-actuator-prometheus-test

References

https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html

http://www.ityouknow.com/springboot/2018/02/06/spring-boot-actuator.html