Setting Up Cloud Logging for Java

You can write logs to Cloud Logging from Java applications by using the Logback appender or a java.util.logging handler, or by using the Cloud Logging library for Java directly.

The Cloud Logging agent does not have to be installed to use the Cloud Logging library for Java.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Cloud Logging API.

    Enable the API

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Cloud Logging API.

    Enable the API

Logback appender for Cloud Logging

Using the Logback appender, you can use Cloud Logging with the SLF4J logging facade.

Installing the dependency

If you are using Maven, add the following to your pom.xml file. For more information about BOMs, see The Google Cloud Platform Libraries BOM.

<dependency>
  <groupId>com.google.cloud</groupId>
  <artifactId>google-cloud-logging-logback</artifactId>
  <version>0.131.11-alpha</version>
</dependency>

If you are using Gradle, add the following to your dependencies:

implementation 'com.google.cloud:google-cloud-logging-logback:0.131.11-alpha'

If you are using sbt, add the following to your dependencies:

libraryDependencies += "com.google.cloud" % "google-cloud-logging-logback" % "0.131.11-alpha"

Logback configuration

Logback can be configured programmatically or using a script expressed in XML or Groovy.

You can customize the minimum severity threshold, log name, or provide additional enhancers. This is a sample Logback configuration in XML format:

<configuration>
  <appender name="CLOUD" class="com.google.cloud.logging.logback.LoggingAppender">
    <!-- Optional : filter logs at or above a level -->
    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
      <level>INFO</level>
    </filter>
    <log>application.log</log> <!-- Optional : default java.log -->
    <resourceType>gae_app</resourceType> <!-- Optional : default: auto-detected, fallback: global -->
    <enhancer>com.example.logging.logback.enhancers.ExampleEnhancer</enhancer> <!-- Optional -->
    <flushLevel>WARN</flushLevel> <!-- Optional : default ERROR -->
  </appender>

  <root level="info">
    <appender-ref ref="CLOUD" />
  </root>
</configuration>

Example

Once you have configured Logback to use the Cloud Logging Logback appender, you can now redirect logs using the SLF4J logging API. Provide Google Cloud configuration if you plan to run the example locally or outside of Google Cloud. This snippet shows how to log using SLF4J facade within your application:


import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class Quickstart {
  private static final Logger logger = LoggerFactory.getLogger(Quickstart.class);

  public static void main(String[] args) {
    logger.info("Logging INFO with Logback");
    logger.error("Logging ERROR with Logback");
  }
}

The java.util.logging handler

You can also use the Cloud Logging API using a default Java Logging API handler.

Installing the dependency

If you are using Maven with a BOM, add the following to your pom.xml file:

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>com.google.cloud</groupId>
      <artifactId>libraries-bom</artifactId>
      <version>26.43.0</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

<dependencies>
  <dependency>
    <groupId>com.google.cloud</groupId>
    <artifactId>google-cloud-logging</artifactId>
  </dependency>

  <!-- ...
</dependencies>

If you are using Maven without a BOM, add this to your dependencies:

<dependency>
  <groupId>com.google.cloud</groupId>
  <artifactId>google-cloud-logging</artifactId>
  <version>3.17.2</version>
</dependency>

If you are using Gradle, add the following to your dependencies:

implementation platform('com.google.cloud:libraries-bom:26.49.0')

implementation 'com.google.cloud:google-cloud-logging'

If you are using sbt, add the following to your dependencies:

libraryDependencies += "com.google.cloud" % "google-cloud-logging" % "3.20.6"

If you're using Visual Studio Code, IntelliJ, or Eclipse, you can add client libraries to your project using the following IDE plugins:

The plugins provide additional functionality, such as key management for service accounts. Refer to each plugin's documentation for details.

java.util.logging configuration

Logging handlers can be added programmatically or by using a configuration file. The path to the configuration file must be provided to your application as a system property: -Djava.util.logging.config.file=/path/to/logging.properties

Here is an example of a configuration file:

# To use this configuration, add to system properties : -Djava.util.logging.config.file="/path/to/file"
#
.level = INFO

# it is recommended that io.grpc and sun.net logging level is kept at INFO level,
# as both these packages are used by Cloud internals and can result in verbose / initialization problems.
io.grpc.netty.level=INFO
sun.net.level=INFO

com.example.logging.jul.Quickstart.handlers=com.google.cloud.logging.LoggingHandler
# default : java.log
com.google.cloud.logging.LoggingHandler.log=custom_log

# default : INFO
com.google.cloud.logging.LoggingHandler.level=FINE

# default : ERROR
com.google.cloud.logging.LoggingHandler.flushLevel=ERROR

# default : auto-detected, fallback "global"
com.google.cloud.logging.LoggingHandler.resourceType=container

# custom formatter
com.google.cloud.logging.LoggingHandler.formatter=java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=%3$s: %5$s%6$s

#optional enhancers (to add additional fields, labels)
com.google.cloud.logging.LoggingHandler.enhancers=com.example.logging.jul.enhancers.ExampleEnhancer

Example

Provide Google Cloud configuration if you plan to run the example locally or outside of Google Cloud. This snippet shows you how to log using java.util.logging:


import java.util.logging.Logger;

public class Quickstart {
  private static final Logger logger = Logger.getLogger(Quickstart.class.getName());

  public static void main(String[] args) {
    logger.info("Logging INFO with java.util.logging");
    logger.severe("Logging ERROR with java.util.logging");
  }
}

Common Configuration

The following sections cover configuration that is common to the java.util.logging handler and the Logback appender for Cloud Logging.

Defaults

The Logback appender and java.util.logging handler use the following defaults to instantiate a Cloud Logging client:

  • Log name : java.log

  • Minimum threshold to log : INFO

  • Flush severity : ERROR

The Cloud Logging library for Java batches messages by size and time since last write. Batches with logging requests at or above the flush severity are immediately written out.

Monitored resource detection

All logs sent via the Cloud Logging libraries require a monitored resource type to identify your application.

The Logback appender and the java.util.logging handler provide automatic resource type detection of your App Engine, Compute Engine, and Google Kubernetes Engine applications.

A global monitored resource is used as the default in other environments.

You can override the monitored resource type to a valid type in the Logback appender Configuration or the java.util.logging Handler Configuration.

Additional fields and labels

Using the Logback appender and the java.util.logging handler, you can add or update fields on a LogEntry object using an instance of LoggingEnhancer.

The enhancers must be configured as shown in the Logback appender configuration or the java.util.logging handler configuration:


import com.google.cloud.logging.LogEntry;
import com.google.cloud.logging.LoggingEnhancer;

// Add / update additional fields to the log entry
public class ExampleEnhancer implements LoggingEnhancer {

  @Override
  public void enhanceLogEntry(LogEntry.Builder logEntry) {
    // add additional labels
    logEntry.addLabel("test-label-1", "test-value-1");
  }
}

Use of custom labels might not be supported for your configuration. For example, Dataflow logs don't include these labels.

For more information on installation, see the documentation for the Cloud Logging library for Java. You can also report issues using the issue tracker.

Write logs with the Cloud Logging client library

For information on using the Cloud Logging client library for Java directly, see Cloud Logging Client Libraries.

Run on Google Cloud

For an application to write logs by using the Cloud Logging library for Java, the service account for the underlying resource must have the Logs Writer (roles/logging.logWriter) IAM role. Most Google Cloud environments automatically configure the default service account to have this role.

App Engine

Cloud Logging is automatically enabled for App Engine, and your app's default service account has the IAM permissions by default to write log entries.

App Engine standard environment, by default, uses the java.util.logging.Logger API; this writes to Cloud Logging directly and is easy to configure.

For further details, see App Engine documentation on Reading and Writing Application Logs.

App Engine flexible environment

On App Engine flexible environment, java.util.logging uses the ConsoleHandler by default, and sends logs to stdout and stderr.

The Jetty Runtime is bundled with the Cloud Logging library for Java.

The java.util.logging handler can be used to log directly to Cloud Logging by providing the logging.properties in your app.yaml as shown here:

    env_variables:
      JETTY_ARGS: -Djava.util.logging.config.file=WEB-INF/logging.properties

Trace ID logging is available on Jetty runtimes if you are using the java.util.logging handler or the Logback appender.

When running on App Engine flexible environment, a TraceLoggingEnhancer instance adds a thread-safe trace ID to every log entry using the label trace_id.

Google Kubernetes Engine (GKE)

GKE automatically grants the default service account the Logs Writer (roles/logging.logWriter) IAM role. If you use Workload Identity Federation for GKE with this default service account to let workloads access specific Google Cloud APIs, then no additional configuration is required. However, if you use Workload Identity Federation for GKE with a custom IAM service account, then ensure that the custom service account has the role of Logs Writer (roles/logging.logWriter).

If needed, you can also use the following command to add the logging.write access scope when creating the cluster:

gcloud container clusters create example-cluster-name \
    --scopes https://www.googleapis.com/auth/logging.write

Compute Engine

When using Compute Engine VM instances, add the cloud-platform access scope to each instance. When creating a new instance through the Google Cloud console, you can do this in the Identity and API access section of the Create Instance panel. Use the Compute Engine default service account or another service account of your choice, and select Allow full access to all Cloud APIs in the Identity and API access section. Whichever service account you select, ensure that it has been granted the Logs Writer role in the IAM & Admin section of the Google Cloud console.

Run locally and elsewhere

To use the Cloud Logging library for Java outside of Google Cloud, including running the library on your own workstation, on your data center's computers, or on the VM instances of another cloud provider, you must supply your Google Cloud project ID and appropriate service account credentials directly to the Cloud Logging library for Java.

For existing service accounts, do the following:

  1. Grant the service account the IAM the Logs Writer (roles/logging.logWriter) IAM role. For more information on IAM roles, see Access control.

  2. Set up Application Default Credentials.

If you don't have a service account, then create one. For information about this process, see Create service accounts.

For general information about the methods that you can use to authenticate, see Terminology: service accounts.

View the logs

In the Google Cloud console, go to the Logs Explorer page:

Go to Logs Explorer

If you use the search bar to find this page, then select the result whose subheading is Logging.

In the Logs Explorer, you must specify one or more resources, but the resource selection might not be obvious. Here are some tips to help you get started:

  • If you are deploying your application to App Engine or using the App Engine-specific libraries, set your resource to GAE Application.

  • If you are deploying your application on Compute Engine, set the resource to GCE VM Instance.

  • If you are deploying your application on Google Kubernetes Engine, your cluster's logging configuration determines the resource type of the log entries. For a detailed discussion on the Legacy Google Cloud Observability and the Google Cloud Observability Kubernetes Monitoring solutions, and how those options affect the resource type, see Migrating to Google Cloud Observability Kubernetes Monitoring.

  • If your application is using the Cloud Logging API directly, the resource is dependent on the API and your configuration. For example, in your application, you can specify a resource or use a default resource.

  • If you don't see any logs in the Logs Explorer, to see all log entries, switch to the advanced query mode and use an empty query.

    1. To switch to the advanced query mode, click menu (▾) at the top of the Logs Explorer and then select Convert to advanced filter.
    2. Clear the content that appears in the filter box.
    3. Click Submit Filter.

    You can examine the individual entries to identify your resources.

For additional information, see Using the Logs Explorer.