You can write logs to Cloud Logging from Java applications by using the Logback appender or a java.util.logging handler, or by using the Cloud Logging library for Java directly.
The Cloud Logging agent does not have to be installed to use the Cloud Logging library for Java.
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Logging API.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the Cloud Logging API.
Logback appender for Cloud Logging
Using the Logback appender, you can use Cloud Logging with the SLF4J logging facade.
Installing the dependency
If you are using Maven, add
the following to your pom.xml
file. For more information about
BOMs, see The Google Cloud Platform Libraries BOM.
If you are using Gradle, add the following to your dependencies:
If you are using sbt, add the following to your dependencies:
Logback configuration
Logback can be configured programmatically or using a script expressed in XML or Groovy.
You can customize the minimum severity threshold, log name, or provide additional enhancers. This is a sample Logback configuration in XML format:
Example
Once you have configured Logback to use the Cloud Logging Logback appender, you can now redirect logs using the SLF4J logging API. Provide Google Cloud configuration if you plan to run the example locally or outside of Google Cloud. This snippet shows how to log using SLF4J facade within your application:
The java.util.logging handler
You can also use the Cloud Logging API using a default Java Logging API handler.Installing the dependency
If you are using Maven with
a BOM, add the following to your pom.xml
file:
If you are using Maven without a BOM, add this to your dependencies:
If you are using Gradle, add the following to your dependencies:
If you are using sbt, add the following to your dependencies:
If you're using Visual Studio Code, IntelliJ, or Eclipse, you can add client libraries to your project using the following IDE plugins:
The plugins provide additional functionality, such as key management for service accounts. Refer to each plugin's documentation for details.
java.util.logging configuration
Logging handlers can be added programmatically or by using a configuration file.
The path to the configuration file must be provided to your application as a system property:
-Djava.util.logging.config.file=/path/to/logging.properties
Here is an example of a configuration file:
Example
Provide Google Cloud configuration if you plan to run the example locally or outside of Google Cloud.
This snippet shows you how to log using java.util.logging
:
Common Configuration
The following sections cover configuration that is common to the
java.util.logging
handler and the Logback appender for Cloud Logging.
Defaults
The Logback appender and java.util.logging
handler use the following defaults
to instantiate a Cloud Logging client:
Log name :
java.log
Minimum threshold to log :
INFO
Flush severity :
ERROR
The Cloud Logging library for Java batches messages by size and time since last write. Batches with logging requests at or above the flush severity are immediately written out.
Monitored resource detection
All logs sent via the Cloud Logging libraries require a monitored resource type to identify your application.
The Logback appender and the java.util.logging
handler provide automatic
resource type detection of your App Engine, Compute Engine, and Google Kubernetes Engine
applications.
A global
monitored resource is used as the default in other environments.
You can override the monitored resource type to a valid type in the Logback appender Configuration
or the java.util.logging
Handler Configuration.
Additional fields and labels
Using the Logback appender and the java.util.logging
handler, you can add or
update fields on a LogEntry object using
an instance of LoggingEnhancer.
The enhancers must be configured as shown in the
Logback appender configuration or the
java.util.logging
handler configuration:
Use of custom labels might not be supported for your configuration. For example, Dataflow logs don't include these labels.
For more information on installation, see the documentation for the Cloud Logging library for Java. You can also report issues using the issue tracker.
Write logs with the Cloud Logging client library
For information on using the Cloud Logging client library for Java directly, see Cloud Logging Client Libraries.
Run on Google Cloud
For an application to write logs by using the Cloud Logging library for Java, the
service account for the underlying resource must have the
Logs Writer (roles/logging.logWriter
) IAM role.
Most Google Cloud environments automatically configure the default
service account to have this role.
App Engine
Cloud Logging is automatically enabled for App Engine, and your app's default service account has the IAM permissions by default to write log entries.
App Engine standard environment, by
default, uses the
java.util.logging.Logger
API; this writes to Cloud Logging directly and is easy to configure.
For further details, see App Engine documentation on Reading and Writing Application Logs.
App Engine flexible environment
On App Engine flexible environment,
java.util.logging
uses the ConsoleHandler
by default, and sends logs to stdout
and stderr
.
The Jetty Runtime is bundled with the Cloud Logging library for Java.
The java.util.logging
handler can be used to log directly
to Cloud Logging by providing the logging.properties
in your app.yaml
as shown here:
env_variables:
JETTY_ARGS: -Djava.util.logging.config.file=WEB-INF/logging.properties
Trace ID logging is available on Jetty runtimes if you are using the java.util.logging
handler or the Logback appender.
When running on App Engine flexible environment, a
TraceLoggingEnhancer instance adds a thread-safe trace ID to every log entry using the label trace_id
.
Google Kubernetes Engine (GKE)
GKE automatically grants the default service account
the Logs Writer (roles/logging.logWriter
) IAM role.
If you use
Workload Identity Federation for GKE
with this default service account to let workloads access specific
Google Cloud APIs, then no additional configuration is required.
However, if you use Workload Identity Federation for GKE with a
custom IAM service account, then ensure that the custom service
account has the role of Logs Writer (roles/logging.logWriter
).
If needed, you can also use the following command to add the logging.write
access scope when creating the cluster:
gcloud container clusters create example-cluster-name \
--scopes https://www.googleapis.com/auth/logging.write
Compute Engine
When using Compute Engine VM instances, add the cloud-platform
access scope to each instance. When creating a new instance through the
Google Cloud console, you can do this in the Identity and API access section
of the Create Instance panel. Use the Compute Engine default service
account or another service account of your choice, and select
Allow full access to all Cloud APIs in the Identity and API access
section. Whichever service
account you select, ensure that it has been granted the
Logs Writer role in the IAM & Admin section of the
Google Cloud console.
Run locally and elsewhere
To use the Cloud Logging library for Java outside of Google Cloud, including running the library on your own workstation, on your data center's computers, or on the VM instances of another cloud provider, you must supply your Google Cloud project ID and appropriate service account credentials directly to the Cloud Logging library for Java.
For existing service accounts, do the following:
Grant the service account the IAM the Logs Writer (
roles/logging.logWriter
) IAM role. For more information on IAM roles, see Access control.
If you don't have a service account, then create one. For information about this process, see Create service accounts.
For general information about the methods that you can use to authenticate, see Terminology: service accounts.
View the logs
In the Google Cloud console, go to the Logs Explorer page:
If you use the search bar to find this page, then select the result whose subheading is Logging.
In the Logs Explorer, you must specify one or more resources, but the resource selection might not be obvious. Here are some tips to help you get started:
If you are deploying your application to App Engine or using the App Engine-specific libraries, set your resource to GAE Application.
If you are deploying your application on Compute Engine, set the resource to GCE VM Instance.
If you are deploying your application on Google Kubernetes Engine, your cluster's logging configuration determines the resource type of the log entries. For a detailed discussion on the Legacy Google Cloud Observability and the Google Cloud Observability Kubernetes Monitoring solutions, and how those options affect the resource type, see Migrating to Google Cloud Observability Kubernetes Monitoring.
If your application is using the Cloud Logging API directly, the resource is dependent on the API and your configuration. For example, in your application, you can specify a resource or use a default resource.
If you don't see any logs in the Logs Explorer, to see all log entries, switch to the advanced query mode and use an empty query.
- To switch to the advanced query mode, click menu (▾) at the top of the Logs Explorer and then select Convert to advanced filter.
- Clear the content that appears in the filter box.
- Click Submit Filter.
You can examine the individual entries to identify your resources.
For additional information, see Using the Logs Explorer.