Slack (v2) connector
The Slack (v2) connector enables workflow-driven Slack automation: search Slack messages, list conversations the token can access, resolve channel IDs from names, send messages, create channels, and invite users to Slack channels using the Slack Web API. It authenticates using OAuth Authorization Code (Slack OAuth v2).
You can create connectors in Stack Management > Connectors.
Slack (v2) connectors use OAuth Authorization Code authentication. When creating the connector, you will be prompted to authorize access to your Slack workspace. No additional configuration properties are required beyond the OAuth credentials.
You can test connectors when you create or edit the connector in Kibana. The test verifies connectivity by calling Slack auth.test.
The Slack (v2) connector has the following actions:
- Search messages
-
Search for messages in Slack.
query(required): Slack search query string.inChannel(optional): Addsin:<channel_name>to the query.fromUser(optional): Addsfrom:<@UserID>orfrom:usernameto the query.after(optional): Addsafter:<date>to the query (for example,2026-02-10).before(optional): Addsbefore:<date>to the query (for example,2026-02-10).sort(optional): Sort order,scoreortimestamp.sortDir(optional): Sort direction,ascordesc.count(optional): Results to return (1 to 20). Slack returns up to 20 results per page.cursor(optional): Pagination cursor (useresponse_metadata.next_cursorfrom a previous call).includeContextMessages(optional): Include contextual messages. Defaults totrue.includeBots(optional): Include bot messages. Defaults tofalse.includeMessageBlocks(optional): Include Block Kit blocks. Defaults totrue.raw(optional): Iftrue, returns the full raw Slack response (verbose).
- List channels
-
List Slack conversations the token can see (one page per call), using Slack
conversations.list. Use this to browse channel IDs or answer which channels exist. When the response includeshasMore: true, call List channels again withnextCursorfrom the previous response.types(optional): Conversation types to include:public_channel,private_channel,im,mpim. Defaults topublic_channelonly. If you pass an empty array, it defaults topublic_channel.excludeArchived(optional): Exclude archived conversations. Defaults totrue.cursor(optional): Pagination cursor from a previous List channels response (nextCursor). Omit for the first page.limit(optional): Conversations per page (1 to 1000). Defaults to1000.raw(optional): Iftrue, returns the full raw Slack API response instead of a compact result. Defaults tofalse.
- Resolve channel ID
-
Resolve a Slack conversation ID (
C...for public channels,G...for private channels) from a human channel name (for example,#general).name(required): Channel name (with or without#).types(optional): Conversation types to search. Defaults topublic_channel.match(optional):exact(default) orcontains.excludeArchived(optional): Exclude archived channels. Defaults totrue.cursor(optional): Pagination cursor to resume a previous scan.limit(optional): Channels per page (1 to 1000). Defaults to1000.maxPages(optional): Maximum pages to scan before giving up. Defaults to10.
- Get conversation history
-
Fetch a page of recent messages from a Slack channel or DM using Slack
conversations.history. Returns messages newest-first. When the response includeshasMore: true, call Get conversation history again withnextCursorfrom the previous response.channel(required): Conversation ID (for example,C123...for channels,G...for private channels,D...for DMs).oldest(optional): Only messages after this Unix timestamp (string form, for example1234567890.123456).latest(optional): Only messages before this Unix timestamp (string form).inclusive(optional): Include messages with theoldestorlatesttimestamps in results.limit(optional): Messages per page (1 to 1000). Defaults to100.cursor(optional): Pagination cursor from a previous response (nextCursor). Omit for the first page.raw(optional): Iftrue, returns the full raw Slack response. Defaults tofalse.
- Get conversation info
-
Look up metadata for a single Slack channel or DM by ID using Slack
conversations.info. Returns the channel object (name, privacy, membership, topic, purpose).channel(required): Conversation ID.includeNumMembers(optional): Set totrueto include the member count in the channel object.includeLocale(optional): Set totrueto include the channel locale.raw(optional): Iftrue, returns the full raw Slack response instead of just the channel object. Defaults tofalse.
- Look up user by email
-
Find a Slack user by email address using Slack
users.lookupByEmail. Throws if no user has that email.email(required): Email address of the user to look up.raw(optional): Iftrue, returns the full raw Slack response instead of just the user object. Defaults tofalse.
- List users
-
List Slack workspace users (one page per call) using Slack
users.list. When the response includeshasMore: true, call List users again withnextCursorfrom the previous response.limit(optional): Users per page (1 to 1000). Defaults to200.cursor(optional): Pagination cursor from a previous response.includeLocale(optional): Set totrueto include the user locale.raw(optional): Iftrue, returns the full raw Slack response.
- Who am I
-
Return the identity the connector is currently authenticated as, using Slack
auth.test. Useful before a write action to confirm the workspace/user, or to resolve "me" to a concreteuser_id.raw(optional): Iftrue, returns the full raw Slack response. Defaults tofalse.
- Get file info
-
Look up a single Slack file by ID using Slack
files.info. Returns the file metadata (name, mimetype, size, URLs, sharing channels).file(required): Slack file ID (for example,F0123ABCDE).raw(optional): Iftrue, returns the full raw Slack response instead of the file object. Defaults tofalse.
- List files
-
List Slack files (one page per call) using Slack
files.list. Filter by channel, user, time range, or types. Slackfiles.listis classic-paginated, so this action usespage/pagesrather than cursors.channel(optional): Restrict results to a single channel/DM ID.user(optional): Restrict results to files uploaded by a single user ID.tsFrom(optional): Only include files created after this Unix timestamp (string form).tsTo(optional): Only include files created before this Unix timestamp (string form).types(optional): Comma-separated Slack file type filter (for example,images,pdfs).count(optional): Files per page (1 to 200). Defaults to100.page(optional): 1-indexed page number. Defaults to1. UsenextPagefrom the previous response to walk pages.raw(optional): Iftrue, returns the full raw Slack response.
- List user conversations
-
List the channels a Slack user is a member of (one page per call) using Slack
users.conversations. Omituserto list for the authenticated user.user(optional): User ID (for example,U...) whose conversations to list.types(optional): Conversation types to list (public_channel,private_channel,im,mpim). Defaults to all four — DMs and private channels are usually the more interesting answer for a per-user query.excludeArchived(optional): Exclude archived channels. Defaults totrue.limit(optional): Channels per page (1 to 1000). Defaults to1000.cursor(optional): Pagination cursor from a previous response.raw(optional): Iftrue, returns the full raw Slack response.
- Create conversation
-
Create a new Slack channel (public or private).
name(required): Channel name. Must contain only lowercase letters, numbers, hyphens, and underscores (80 characters or fewer).isPrivate(optional): Whether to create a private channel. Defaults tofalse.
- Invite to conversation
-
Invite users to a Slack channel.
channel(required): The channel ID to invite users to (for example,C123...orG456...).users(required): Comma-separated list of user IDs to invite (for example,U01PWE77HD2,U02ABC1234).
- Send message
-
Send a message to a Slack conversation ID.
channel(required): Conversation ID (for example,C123...). Use List channels to browse IDs, or Resolve channel ID if you know the channel name.text(required): Message text.threadTs(optional): Reply in a thread (timestamp of the parent message).unfurlLinks(optional): Turn on unfurling of primarily text-based content.unfurlMedia(optional): Turn on unfurling of media content.
Use the Action configuration settings to customize connector networking, such as proxies, certificates, or TLS settings. If you use xpack.actions.allowedHosts, include slack.com in the list.
To use the Slack (v2) connector, you need a Slack app configured for OAuth.
- Go to Slack API: Your Apps and select Create New App.
- Choose From scratch, give it a name (for example, "Kibana Slack Connector"), and select your workspace.
- Under OAuth & Permissions, add the following User Token Scopes:
channels:read— list and resolve public channel IDschannels:history— read public channel history (for Get conversation history)chat:write— send messagesfiles:read— access shared files (for Get file info, List files)groups:read— list private channels (including for List channels whentypesincludesprivate_channel)groups:history— read private channel history (for Get conversation history on private channels)im:read— list direct messages (whentypesincludesim)im:history— read DM history (for Get conversation history on DMs)mpim:read— list group direct messages (whentypesincludesmpim)mpim:history— read group DM history (for Get conversation history on group DMs)search:read.files— search filessearch:read.im— search direct messagessearch:read.mpim— search group direct messagessearch:read.private— search private channelssearch:read.public— search public channelsusers:read— look up user information (for List users, List user conversations)users:read.email— look up users by email (for Look up user by email)
- Set the Redirect URL to your Kibana OAuth redirect URI.
- Under Basic Information, copy the Client ID and Client Secret.
- In Kibana, enter the Client ID and Client Secret when creating the Slack (v2) connector. You will be redirected to Slack to authorize access to your workspace.
Additional scopes may be required for certain actions. For example, groups:write is needed to create private channels or invite users. Add scopes as needed under User Token Scopes in your Slack app configuration.