Master Spring Boot Actuator: Real‑Time Monitoring, Metrics, and Dynamic Log Levels

Introduction

After migrating a project to a microservice architecture, the author needed a way to monitor all Spring Boot services and turned to Spring Boot Actuator.

Quick Start

Create a demo application using the Spring Boot CLI:

spring init -d=web,actuator -n=actuator-demo actuator-demo

Add the Actuator starter to your build:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-actuator</artifactId>
    </dependency>
</dependencies>

Or with Gradle:

dependencies {
    compile "org.springframework.boot:spring-boot-starter-actuator"
}

Actuator Overview

Actuator provides production‑ready features such as health checks, metrics, environment info, and thread dumps. It integrates with Micrometer to expose data to external monitoring systems like Prometheus, Graphite, or New Relic.

Important Endpoints

/health

Shows the application’s health status. You can configure the detail level with management.endpoint.health.show-details (values: never, when-authorized, always).

/metrics

Returns a list of available metrics (e.g., JVM memory, thread counts, HTTP request stats). To get a specific metric, request /actuator/metrics/{metricName} or add query parameters for tags.

/loggers

Lists all configured loggers and their levels. You can change a logger’s level at runtime by sending a POST request to /actuator/loggers/{loggerName} with JSON like {"configuredLevel":"DEBUG"}.

/info

Displays custom application information defined in application.properties (e.g., app name, encoding, Java version).

/beans

Shows all beans in the Spring context, including their type, scope, and dependencies.

/heapdump

Generates a JVM heap dump that can be opened with VisualVM.

/threaddump

Provides a snapshot of all threads, their states, and stack traces.

/shutdown

Gracefully shuts down the application (must be enabled with management.endpoint.shutdown.enabled=true and is usually protected).

Custom Health Indicator Example

@Component
public class CustomHealthIndicator extends AbstractHealthIndicator {
    @Override
    protected void doHealthCheck(Health.Builder builder) throws Exception {
        builder.up().withDetail("app", "这个项目很健康")
               .withDetail("error", "Nothing, I'm very good");
    }
}

Changing Log Levels at Runtime

Send a POST request to /actuator/loggers/root with the body:

{
    "configuredLevel": "DEBUG"
}

Setting the value to null resets the logger to its default level.

Securing Actuator Endpoints

Add the Spring Security starter:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Define a security configuration that protects actuator endpoints while allowing static resources and the home page:

@Configuration
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR_ADMIN")
            .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            .and()
            .httpBasic();
    }
}

Configure a default user in application.properties:

spring.security.user.name=actuator
spring.security.user.password=actuator
spring.security.user.roles=ACTUATOR_ADMIN

Conclusion

The article demonstrated how to enable and use Spring Boot Actuator for comprehensive monitoring, how to customize health checks, adjust log levels on the fly, and secure the endpoints. The full source code is available on GitHub.