Spring Boot Actuator
Spring Boot Actuator adds production-ready monitoring endpoints to your app. With one dependency, you gain visibility into the app's health, metrics, environment, and running conditions — without writing a single line of monitoring code.
Adding Actuator
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
Built-in Endpoints
Endpoint URL What It Shows
────────────────────────── ──────────────────────────────────────────
/actuator/health App status: UP or DOWN
/actuator/info App name, version, custom info
/actuator/metrics All available metrics list
/actuator/metrics/{name} Specific metric values
/actuator/env All environment properties
/actuator/beans All Spring beans in the container
/actuator/mappings All @RequestMapping URLs
/actuator/loggers Current log levels (can change at runtime!)
/actuator/threaddump Current JVM thread dump
/actuator/httptrace Recent HTTP requests
Health Endpoint Response
GET /actuator/health
{
"status": "UP",
"components": {
"db": {
"status": "UP",
"details": {
"database": "MySQL",
"validationQuery": "isValid()"
}
},
"diskSpace": {
"status": "UP",
"details": {
"total": 107374182400,
"free": 55834574848,
"threshold": 10485760
}
}
}
}
Enabling Endpoints
By default, only /actuator/health is exposed over HTTP. Enable others in application.properties:
# Expose specific endpoints management.endpoints.web.exposure.include=health,info,metrics,loggers # Expose all endpoints (use with caution in production) management.endpoints.web.exposure.include=* # Show full health details management.endpoint.health.show-details=always
Securing Actuator Endpoints
Never expose all actuator endpoints publicly in production. Restrict them to admin users:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/actuator/health").permitAll() ← Public
.requestMatchers("/actuator/**").hasRole("ADMIN") ← Admin only
.anyRequest().authenticated()
);
return http.build();
}
Custom Health Indicator
Add your own health check — for example, check if an external service is reachable:
@Component
public class PaymentServiceHealth implements HealthIndicator {
@Override
public Health health() {
boolean paymentServiceUp = checkPaymentService();
if (paymentServiceUp) {
return Health.up()
.withDetail("payment-gateway", "Reachable")
.build();
}
return Health.down()
.withDetail("payment-gateway", "Unreachable")
.build();
}
private boolean checkPaymentService() {
// Ping the payment service
return true; // simplified
}
}
Custom Metrics
Track application-specific metrics using MeterRegistry:
@Service
public class OrderService {
private final Counter ordersCreated;
public OrderService(MeterRegistry registry) {
this.ordersCreated = Counter.builder("orders.created")
.description("Total orders created")
.register(registry);
}
public Order create(Order order) {
Order saved = orderRepo.save(order);
ordersCreated.increment(); ← Increment counter on each order
return saved;
}
}
Access at: GET /actuator/metrics/orders.created
Actuator in a Monitoring Ecosystem
Spring Boot App
/actuator/health ──▶ Load Balancer health check
/actuator/metrics ──▶ Prometheus (scrapes every 15s)
│
▼
Grafana (visualizes dashboards)
/actuator/loggers ──▶ Change log level without restart
Changing Log Level at Runtime
# See current log level for a package
GET /actuator/loggers/com.estudy247
# Change log level without restarting
POST /actuator/loggers/com.estudy247
Content-Type: application/json
{ "configuredLevel": "DEBUG" }
Summary
- Actuator adds health, metrics, and environment endpoints automatically
- Only
/actuator/healthis exposed by default — enable others explicitly - Secure actuator endpoints — never expose sensitive data publicly
- Create custom health indicators for external service checks
- Use
MeterRegistryto track business metrics like order counts