Spring Boot Observability in Practice: Actuator, Micrometer & OpenTelemetry by Patrick Baumgartner
(link)Summary
Patrick Baumgartner explains how to move from basic monitoring to full observability in Spring Boot applications. The talk focuses on Spring Boot Actuator for runtime visibility, Micrometer for application and business metrics, and OpenTelemetry for distributed tracing and trace correlation. It also covers production concerns such as endpoint security, Kubernetes probes, structured logging, SBOM exposure, and avoiding telemetry overload. The emphasis is on practical Spring Boot integration rather than OpenTelemetry agents or standalone SDK usage. Examples include custom health indicators, runtime log-level changes, custom metrics, trace/span propagation, and configuration patterns for development, staging, and production.
Key Takeaways
- Observability in Spring Boot is built on logs, metrics, and traces, but the goal is to answer questions without redeploying the application.
- Spring Boot Actuator provides production-ready endpoints such as health, info, loggers, metrics, and custom endpoints.
- Micrometer is the metrics facade for technical and business measurements, with support for counters, gauges, timers, histograms, and tags.
- OpenTelemetry tracing in Spring Boot helps correlate requests across services and adds trace/span IDs to logs for easier debugging.
- Security matters: expose only the endpoints you need, prefer allow-lists over deny-lists, and protect sensitive endpoints in production.
- Kubernetes liveness and readiness probes can be backed by Spring Boot health endpoints and health groups.
- Structured logging and context propagation make logs and traces more useful in distributed and reactive applications.
- Observability should be designed early, aligned with business KPIs, and kept free of unnecessary telemetry noise.
Sections
Why observability matters
The talk starts with the limitation of logs: they tell you what happened, but not why. Observability gives developers a way to understand slow requests, request flow, SQL execution, retries, and cross-service behavior in distributed systems. The three pillars are logs, metrics, and traces, which together provide a complete view of application health and performance.
Monitoring vs. observability vs. telemetry
Monitoring is about checking endpoints and alerting when something is unhealthy. Observability is the ability to ask new questions about the system without redeploying or changing the code. Telemetry is the raw data—logs, metrics, and traces—that enables observability. The talk frames Spring Boot Actuator and Micrometer as tools for collecting and exposing this telemetry.
Spring Boot Actuator in practice
Actuator is presented as the foundation for runtime visibility in Spring Boot. The talk highlights endpoints such as health, info, loggers, metrics, and custom endpoints, plus configuration options for web exposure, base path changes, separate ports, IP binding, SSL, and cache control. Runtime logger level changes are shown as a practical debugging tool. The speaker also demonstrates custom health indicators and shows how multiple health contributors are aggregated.
Securing actuator endpoints
Security is treated as a first-class concern. Only the health endpoint is exposed by default, and the talk recommends explicit allow-listing of endpoints rather than relying on exclusions. Sensitive endpoints such as heap dump and HTTP exchanges should be used carefully, typically only in development or staging. Spring Security can protect actuator endpoints, and audit events can be stored and queried as part of operational visibility.
Kubernetes health checks and deployment metadata
The talk shows how Spring Boot health endpoints map cleanly to Kubernetes liveness and readiness probes. Health groups can be used to separate checks such as database health. It also covers build and Git metadata exposure, including application version, commit information, and repository state, which helps identify exactly what is deployed.
Micrometer for metrics and business insight
Micrometer is introduced as the metrics facade for collecting and exporting data through a meter registry. The talk covers gauges, counters, timers, distribution summaries, and histogram configuration, along with technical metrics for the JVM, system, caches, thread pools, database, and HTTP. It also shows how to model business metrics like orders in process and how to use tags for filtering and dashboarding.
Metrics export and instrumentation styles
Metrics can be exported to systems such as Prometheus or OpenTelemetry-compatible backends. The talk explains the difference between programmatic meter registration and annotation-based instrumentation with @Timed, @Counted, and @Observed. It notes an important behavior: annotation-based metrics appear only after the annotated method is executed, while builder-based meters may be registered earlier.
Distributed tracing with OpenTelemetry
Tracing is presented as the missing link for understanding request latency across services. Spring Boot with Micrometer Tracing can propagate trace and span context through web calls, messaging, and async execution. The talk explains how trace/span IDs are added to logs for correlation and how custom spans can be created with @Observed when you need to mark internal application boundaries.
Structured logging and correlation
Structured JSON logging is recommended for production because it is easier to parse and preserves multi-line events such as stack traces. The speaker discusses customizing log output, limiting stack trace size, and including trace and span IDs in log patterns. Logs and traces are complementary: traces provide the distributed view, while logs provide detailed diagnostics when something goes wrong.
Best practices for production readiness
The closing section emphasizes designing observability early, documenting business KPIs, using consistent naming, and avoiding telemetry overload. The talk recommends thoughtful tag usage, explicit endpoint exposure, secure defaults, and context propagation for async and reactive code. The overall message is that observability is a team responsibility and should make applications easier to trust and operate.
Keywords: spring boot observability, spring boot actuator, micrometer metrics, opentelemetry tracing, spring boot health endpoint, kubernetes liveness probe, kubernetes readiness probe, spring boot loggers endpoint, custom health indicator, structured logging json, distributed tracing, trace id span id, micrometer tracing, prometheus exporter, business metrics, application metrics, meter registry, timers counters gauges, observability best practices, endpoint security, spring security actuator, audit events, build info git info, sbom endpoint, context propagation reactive async