Spring Boot Actuator gives you a backstage pass to what your app is doing, minus the velvet rope and overpriced drinks. It exposes useful endpoints for metrics, health checks, and management tasks so you can stop guessing and start observing. This guide shows how to enable Actuator, secure the endpoints, collect custom metrics, and plug into backends like Prometheus and Grafana.
Start by adding the officially blessed starter to your build. This unlocks a set of ready made endpoints for metrics and health that save time and reduce the need for handcrafted status pages.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
Control what is visible through application properties. Expose only the things you actually need so you do not accidentally leak internals to the internet.
management.endpoints.web.exposure.include=health,metrics,info
management.endpoint.health.show.details=when-authorized
These keys let you pick endpoints and control how much detail the health endpoint returns. Keep the noisy ones closed in production and open only on demand.
Leaving /actuator wide open is handy for demos and terrible for production. Protect the endpoints with Spring Security or network rules. Map actuator endpoints under /actuator and require authentication for sensitive ones such as shutdown and env.
Micrometer is the recommended bridge between your app and monitoring systems. It provides a MeterRegistry where you can register custom meters, timers, and gauges. Implement HealthIndicator to add bespoke health checks that actually mean something to your ops team.
public class MyHealth implements HealthIndicator {
@Override
public Health health() {
// run a quick check and return up or down
return Health.up().build();
}
}
Custom checks help surface business relevant problems, not just CPU or memory usage. Add meters for request latency, error rates, and other signals you care about.
Micrometer offers registries for Prometheus and many other systems. For Prometheus you typically add the registry dependency and let Prometheus scrape the /actuator/prometheus endpoint. In cloud or batch jobs you might use a push gateway instead.
Expose only needed endpoints in production and use role based rules for management paths. If observability budget is tight focus on request metrics, error rates, and a single meaningful custom health check. Keep sensitive endpoints behind authentication and log who did what and when.
Follow these steps and you will gain real operational visibility, fewer surprise outages, and slightly less chaos for the team. You may even sleep better, but do not get cocky, production still has jokes to tell.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.