BestHub
Sign in
Cloud Native 8 min read

Deploying Graylog with Docker‑Compose and Integrating It into a Spring Boot Application

This tutorial explains how to deploy Graylog using Docker‑Compose for centralized log aggregation in a microservices environment and shows step‑by‑step integration of Graylog with a Spring Boot application via Logback‑GELF, including configuration, code examples, and basic log search queries.

Code Ape Tech Column
Code Ape Tech Column
Code Ape Tech Column
Deploying Graylog with Docker‑Compose and Integrating It into a Spring Boot Application

In a microservice architecture, each service instance generates logs that are scattered across different machines or containers, making log retrieval difficult; a log aggregation tool like Graylog can centralize these logs.

Deploy Graylog

The deployment uses a Docker‑Compose file copied from the official Graylog documentation.

version: '3'
services:
    mongo:
      image: mongo:4.2
      networks:
        - graylog
    elasticsearch:
      image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
      environment:
        - http.host=0.0.0.0
        - transport.host=localhost
        - network.host=0.0.0.0
        - "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
      ulimits:
        memlock:
          soft: -1
          hard: -1
      deploy:
        resources:
          limits:
            memory: 1g
      networks:
        - graylog
    graylog:
      image: graylog/graylog:4.2
      environment:
        - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
        - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
        - GRAYLOG_HTTP_EXTERNAL_URI=http://ip:9009/ # change ip
      entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
      networks:
        - graylog
      restart: always
      depends_on:
        - mongo
        - elasticsearch
      ports:
        - 9009:9000
        - 1514:1514
        - 1514:1514/udp
        - 12201:12201
        - 12201:12201/udp
networks:
    graylog:
      driver: bridg

The only required change in the file is to replace the placeholder ip with the actual host IP and adjust the port if 9000 is already in use.

After saving the docker-compose.yml , run docker-compose up -d to start the services.

Once the containers are running, access the Graylog web interface at http:// ip :9009/ using the default credentials admin/admin .

Configure an input by selecting GELF UDP, clicking “Launch new input”, and providing a title; no further changes are needed.

Spring Boot Integration Graylog

Create a Spring Boot project; Spring Boot uses Logback by default. Add the Logback‑GELF dependency to the project.

<dependency>
  <groupId>de.siegmar</groupId>
  <artifactId>logback-gelf</artifactId>
  <version>3.0.0</version>
</dependency>

In src/main/resources , create a logback.xml file with the following configuration (replace ip with your Graylog host address):

<appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender">
  <!-- Graylog server address -->
  <graylogHost>ip</graylogHost>
  <!-- UDP input port -->
  <graylogPort>12201</graylogPort>
  <!-- Max GELF chunk size (bytes) -->
  <maxChunkSize>508</maxChunkSize>
  <!-- Enable compression -->
  <useCompression>true</useCompression>
  <encoder class="de.siegmar.logbackgelf.GelfEncoder">
    <includeRawMessage>false</includeRawMessage>
    <includeMarker>true</includeMarker>
    <includeMdcData>true</includeMdcData>
    <includeCallerData>false</includeCallerData>
    <includeRootCauseData>false</includeRootCauseData>
    <includeLevelName>true</includeLevelName>
    <shortPatternLayout class="ch.qos.logback.classic.PatternLayout">
      <pattern>%m%nopex</pattern>
    </shortPatternLayout>
    <fullPatternLayout class="ch.qos.logback.classic.PatternLayout">
      <pattern>%d - [%thread] %-5level %logger{35} - %msg%n</pattern>
    </fullPatternLayout>
    <!-- Application name field -->
    <staticField>app_name:austin</staticField>
  </encoder>
</appender>

After updating the IP address, start the Spring Boot application; logs will appear in Graylog’s Search view.

Clicking a log entry shows detailed fields.

For more advanced configurations, refer to the component’s GitHub documentation.

Graylog also provides simple search syntax; examples include fuzzy search (e.g., orderid ), exact match with quotes, field‑specific queries (e.g., message:http ), multi‑field queries, and combined conditions using AND/OR.

Fuzzy query: type the term directly, e.g., orderid

Exact query: enclose the term in quotes, e.g., "orderid: 11"

Field query: message:http or message:"http"

Multi‑field query: message:(base-service base-web)

Combined conditions: message:http AND level_name:ERROR OR source:192.168.0.4

Join the backend‑focused technical community for high‑quality knowledge exchange, recruitment, and mutual assistance.

Backend Exclusive Technical Group

DockerSpring BootLogbackDocker ComposeGrayloglog aggregationGELF
Code Ape Tech Column
Written by

Code Ape Tech Column

Former Ant Group P8 engineer, pure technologist, sharing full‑stack Java, job interview and career advice through a column. Site: java-family.cn

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment