slack: add agentless deployment

mohitjha-elastic · web-flow · commit bd71b5eb698f · 2026-04-06T13:01:39.000+05:30
diff --git a/packages/slack/_dev/build/docs/README.md b/packages/slack/_dev/build/docs/README.md
@@ -8,6 +8,11 @@ The Elastic agent running this integration interacts with Slack's infrastructure
 
 **Please note the Audit Logs API is only available to Slack workspaces on an Enterprise Grid plan. These API methods will not work for workspaces on a Free, Standard, or Business+ plan.**
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Configuration
 
 ### Enabling the integration in Elastic
diff --git a/packages/slack/changelog.yml b/packages/slack/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.27.0"
+  changes:
+    - description: Enable Agentless deployment.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18216
 - version: "1.26.0"
   changes:
     - description: Prevent updating fleet health status to degraded when the next_cursor is not present.
diff --git a/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/slack/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
@@ -9,6 +9,11 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: slack
diff --git a/packages/slack/docs/README.md b/packages/slack/docs/README.md
@@ -8,6 +8,11 @@ The Elastic agent running this integration interacts with Slack's infrastructure
 
 **Please note the Audit Logs API is only available to Slack workspaces on an Enterprise Grid plan. These API methods will not work for workspaces on a Free, Standard, or Business+ plan.**
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Configuration
 
 ### Enabling the integration in Elastic
diff --git a/packages/slack/manifest.yml b/packages/slack/manifest.yml
@@ -1,7 +1,7 @@
-format_version: "3.0.2"
+format_version: "3.3.2"
 name: slack
 title: "Slack Logs"
-version: "1.26.0"
+version: "1.27.0"
 description: "Slack Logs Integration"
 type: integration
 categories:
@@ -19,6 +19,14 @@ policy_templates:
   - name: slack
     title: Slack logs
     description: Collect logs from Slack
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: httpjson
         title: "Collect Slack logs via API"
