Elastic’s no-code and full-code approaches to custom integrations

Elastic 9.4 introduces two tools for building custom integrations: Automatic Import, which now supports multiple data streams and increased log sampling, and Integration Skills, an open, LLM-agnostic agentic toolkit for developers. The updates aim to serve both no-code users and developers seeking full lifecycle control.

Elastic’s no-code and full-code approaches to custom integrations Making custom Elastic integrations better with both Automatic Import improvements and Integration Skills Elastic 9.4 shipped two tools for building custom integrations: Automatic Import https://www.elastic.co/docs/explore-analyze/ai-features/automatic-import with updates that now support multiple data streams, samples up to 1,000 logs for ECS mapping previously 100 logs , and processes in the background so that you can keep working Integration Skills https://github.com/elastic/integration-skills , an open, large language model LLM -agnostic agentic toolkit for developers who want full lifecycle control. One path requires no code; the other gives you complete control. Both are available today. Automatic Import vs. Integration Skills: 2 paths for custom Elasticsearch integrations What sets Elastic apart isn't just building a better tool. It's recognizing that "better" means something completely different depending on who's asking. A SOC analyst and a senior developer don't need the same experience. So, Elastic built two distinct innovations that serve both and released them at the same time. How does Automatic Import work in Elasticsearch 9.4? Automatic Import https://www.elastic.co/docs/explore-analyze/ai-features/automatic-import is a one-of-a-kind feature for automating the development of custom data integrations, and in 9.4, it just got even better. Elastic made several improvements to both the back end and the user interface, and the result is a noticeably faster, simpler experience from start to finish. Simply name your integration along with a description and begin adding multiple data streams. Background processing means you can keep working without having to wait for your integration to finish. And yes, you heard that right: multiple data streams. You are no longer limited to a single data stream; multiple data streams are fully supported. New in this release is also the ability to create integrations directly from an index. Behind the scenes, the sampling rate of logs that map to ECS has been increased from 100 to 1,000, giving you more complete integrations out of the box. When your data stream s are finished being analyzed, simply review and approve the integration. We will install it by default to make it available in Fleet to be attached to a policy. Even after an integration is installed, you'll have the option to come back at a later time and make changes or add more data streams if you wish. Whenever an integration is modified and the changes are applied, the version number of that integration is automatically increased, keeping your lifecycle clean and auditable without any manual bookkeeping. Security teams in particular will enjoy the ease of use and the ability to get immediate value by searching custom integrations that are already mapped to ECS. What are Integration Skills and how do I use them? For those who want granular control over how integrations are built, Elastic is releasing Integration Skills — a public repository of agentic workflows designed to work with whatever AI-powered coding environment you already use like Cursor, Claude Code, Codex, and more. Integration Skills is LLM-agnostic by design. The toolkit is organized around four top-level skills that mirror the real lifecycle of building and maintaining an Elastic integration: /research-integration: Researches a vendor, product, or feature before building an integration. It launches parallel general-purpose subagents to investigate data collection methods, API documentation, sample data formats, field schemas, and ECS mapping candidates. It writes a structured research brief that feeds directly into /create-integration. Invoke this first when building an integration for a product you haven't worked with before. /create-integration: Scaffolds a new Elastic integration package end-to-end or adds data streams to an existing one. It handles package creation, data stream scaffolding, manifest configuration, CEL program building, ingest pipeline creation, field mappings, and system testing by delegating to general-purpose subagents with embedded domain-specific guidance. Run /research-integration first, then invoke this skill with the research brief as input for the highest-quality output. Together, these skills give experienced teams the kind of structured, repeatable, agent-assisted workflow that turns integration development from a slow, manual craft into a fast, reliable engineering process. How does Elastic compare to other platforms for custom integration development? Elastic 9.4 is the only platform shipping both a no-code in-product integration builder Automatic Import and an open, developer-grade agentic toolkit Integration Skills in the same release. Most vendors pick a lane. They either build a slick UI that hides too much, or they offer raw APIs and leave developers to figure it out. Elastic is refusing to choose. The analyst and the developer both deserve a first-class experience, and Elastic 9.4 delivers exactly that. Get started with Elasticsearch custom integrations in 9.4 Elastic 9.4 https://www.elastic.co/blog/whats-new-elastic-9-4-0 is available today, and there has never been a better time to get your data in and let it work for you. If you've been sitting on custom log sources and waiting for the right moment to build that integration, this is it. Automatic Import https://www.elastic.co/docs/explore-analyze/ai-features/automatic-import in 9.4 makes it faster and easier than ever before. If you're a developer who wants to go deeper and wants full lifecycle control, LLM-agnostic agentic workflows, and a toolkit built to the standards of the Elastic integration ecosystem, then check out Integration Skills. Clone the repo https://github.com/elastic/integration-skills , plug it into your agent of choice, and experience what integration development looks like when it's built for engineers who mean business. Frequently asked questions What is Automatic Import in Elasticsearch and what does it do? Automatic Import is a feature in Elastic that automates the creation of custom data integrations. You provide a name, description, and sample data or an index, and Elastic handles ECS field mapping, data stream configuration, and Fleet installation automatically. In Elastic 9.4, it was extended to support multiple data streams and increased log sampling from 100 to 1,000 for more expanded mappings. Does Automatic Import support multiple data streams? Yes. Elastic 9.4 added support for multiple data streams in a single Automatic Import integration. You can add, review, and modify data streams after the initial integration is installed, and every change automatically increments the integration version number. What is Integration Skills for Elasticsearch? Integration Skills is an open repository of agentic workflows for building and maintaining Elastic integrations. It is LLM-agnostic and works with any AI-powered coding environment, including Cursor, Claude Code, and Codex. It includes skills for researching vendor APIs, scaffolding integration packages, configuring CEL programs, building ingest pipelines, and mapping fields to ECS. Do I need to write code to build a custom Elasticsearch integration? No. Automatic Import in Elastic provides a no-code path: Describe your integration and upload sample logs or point to an index, and the tool produces a complete ECS-mapped integration installed directly to Fleet. Code-free custom integrations are supported as of Elastic 9.0 with significant improvements in 9.4. How do I build a custom Elasticsearch integration as a developer? Developers can use Integration Skills — a public GitHub repository of agentic workflows designed for full lifecycle integration development. Clone the repository, attach it to your preferred AI coding environment, and run /research-integration to gather vendor API documentation and field schemas, and then /create-integration to scaffold the full integration package. What AI tools does Integration Skills support? Integration Skills is LLM-agnostic by design. It works with Cursor, Claude Code, OpenAI Codex, and any other AI-powered coding environment. The workflows are not tied to a specific model or provider, so you can use whichever tool your team already uses. How does Elastic's approach to custom integrations differ from other platforms? Elastic ships both a polished no-code, in-product integration builder Automatic Import and an open, developer-grade agentic toolkit Integration Skills in the same release. Most observability and security platforms offer one or the other. Elastic 9.4 delivers both — targeting security analysts and senior developers simultaneously. The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all. In this blog post, we may have used or referred to third party generative AI tools, which are owned and operated by their respective owners. Elastic does not have any control over the third party tools and we have no responsibility or liability for their content, operation or use, nor for any loss or damage that may arise from your use of such tools. Please exercise caution when using AI tools with personal, sensitive or confidential information. Any data you submit may be used for AI training or other purposes. There is no guarantee that information you provide will be kept secure or confidential. You should familiarize yourself with the privacy practices and terms of use of any generative AI tools prior to use. Elastic, Elasticsearch, and associated marks are trademarks, logos or registered trademarks of elasticsearch B.V. in the United States and other countries. All other company and product names are trademarks, logos or registered trademarks of their respective owners.