Update blacklens integration #16893
Open
Update blacklens integration #16893
+162
−111
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewkroh
added
documentation
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
efd6
reviewed
Jan 27, 2026
Contributor
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
Where you say
This change introduces better field mapping in general.
Is this required for agreement with the new schema, or is this an additional change?
Suggest the following for the proposed commit message:
blacklens: update integration for new API schema and promote to GA
This updates the blacklens integration to support the new JSON schema
from the blacklens.io API. The changes include restructured field
mappings where alert IDs are now UUIDs instead of integers, and alert
details are reorganized into an activities structure with nested data.
The integration is promoted from version 0.5.0 to 1.0.0 (GA status)
to reflect the stable API schema support.
[AUTHOR: Add API documentation URL for the new schema, or explain why unavailable]
[AUTHOR: Add test data provenance - how was the new test data created?]
with requested details added.
packages/blacklens/data_stream/alerts/_dev/test/pipeline/test-alerts.log
Outdated
Show resolved
Hide resolved
Co-authored-by: Dan Kortschak <[email protected]>
Contributor
Author
|
Hi @efd6, The changes have been applied and the description has been changed. Regards, Christoph |
efd6
reviewed
Jan 28, 2026
Contributor
efd6
left a comment
efd6
left a comment
There was a problem hiding this comment.
Please address the unresolved concerns and answer the query in the last review.
Contributor
Author
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed commit message
blacklens: update integration for new API schema and promote to GA
This updates the blacklens integration to support the new JSON schema
from the blacklens.io API. The changes include restructured field
mappings where alert IDs are now UUIDs instead of integers, and alert
details are reorganized into an activities structure with nested data.
The integration is promoted from version 0.5.0 to 1.0.0 (GA status)
to reflect the stable API schema support.
The API documentation/schema is non-public because it is paid SaaS software.
The test data and integration are generated by the Blacklens.io developers.
Checklist
changelog.ymlfile.