Elastic N.V. (ESTC) Q1 2020 Earnings Report, Transcript and Summary

Good day and welcome to the Elastic First Quarter 2020 Financial Results Conference Call. All participants will be in a listen-only mode. [Operator Instructions] Please note this event is being recorded. I would now like to turn the conference call over to Mr. Anthony Luscri, Vice President of Investor Relations. Please go ahead.

Thank you. Good afternoon and thank you for joining us on today's conference call to discuss Elastic’s first quarter fiscal 2020 financial results. On the call we have Shay Banon, Founder and Chief Executive Officer; and Janesh Moorjani, Chief Financial Officer. Following their prepared remarks, we will take questions. Our press release was issued after the close of market and is posted on our website where this call is being simultaneously webcast. Slides which accompany this webcast can be viewed in conjunction with live remarks and can also be downloaded at the conclusion of this webcast on the Elastic Investor Relations website at ir.elastic.co. On this call today, our discussion may include predictions, estimates, or other information that might be considered forward-looking statements within the Safe Harbor provisions of the U.S. federal securities laws. While these forward-looking statements represent our current judgment on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. These risks and uncertainties include those set forth in the press release that we issued earlier today as well as those more fully described in our filings with the Securities and Exchange Commission, including our forms 10-K, 10-Q, and 8-K and other filings we make with the SEC from time to time. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this presentation. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events unless required by law. In addition, during today's call, we will discuss certain non-GAAP financial measures. These non-GAAP financial measures which are used as measures of Elastic's performance should be considered in addition to, not as a substitute for, or in isolation from GAAP measures. Our non-GAAP measures exclude the effect on our GAAP results’ stock-based compensation, employer payroll taxes on employee stock transactions, amortization of acquired intangible assets, acquisition-related expenses, and non-GAAP tax rate adjustments. You can find additional disclosures regarding these non-GAAP measures, including reconciliations with comparable GAAP measures in the press release and on our Investor Relations website and the slides accompanying this webcast. The webcast replay of this call and slides will be available for two months on our company website under the Investor Relations link. With that, I’ll turn it over to Shay.

Thank you, Anthony. Welcome everyone to the call. It's great to be here and share the results of our first quarter in our new fiscal year. Overall, we saw a great start to fiscal 2020. With strong momentum and growth. We continued to execute well on our strategy, which is resonating with our users and customers, as they rapidly adopt our broad portfolio of products. In Q1, revenue grew 62% year over year on a constant currency basis. We had more than 8,800 subscription customers at the end of the quarter, which included over 475 with annual contract value of more than $100,000 and our net expansion rate continues to be over 130%. But before Janesh covers our financial performance from the quarter, I'd like to talk about some highlights, and I thought I'd start with our preview of Elastic SIEM from our 7.2 release. This is a new product that gives users accurate security analytics experience for ingesting, analyzing, and visualizing security related data. One thing I find exciting about Elastic SIEM is that you don't have to be a security analyst to get value from it. To say you're a DevOps doing logging with Elastic version 7.2, you can simply click over to the [indiscernible] in Kibana and automatically see an overview of various datasets, including KPIs for number of hosts, sales logins, and more. You didn't have to install or configure anything, it's all just there and just works. You can even go a step further with an interactive drag and drop experience to deconstruct and document a timeline of events that you can then share with teammates from a single UI or as of our 7.3 release, you can use our Platinum level machine learning features to automatically detect and alert on cyber threats originating from events like unusual login activity. For this initial release, we collaborated extensively with a community from working on integrations with enterprise level firewalls data sources like Palo Alto Networks and Cisco ASA to popular open source network monitoring and intrusion detection systems like Zeek and Suricata. It's been humbling to see the level of contributions. We've also seen validation from other companies like [indiscernible] and Endgame, and we are excited that Perched a security analytics operations and threat hunting company will be joining Elastic to further expand our product, consulting, and training capabilities in the space. There's a lot of excitement within the community as well. A few weeks back, I attended Blackhat, a premiere cybersecurity conference in Las Vegas. I had a sense for what to expect, although I'm still processing the handful of actual magicians I saw on the conference floor. But it was fascinating to see how prevalent the commercial and closed product approach is in the security market. I find it refreshing that we are offering a proprietary same product that is both free and open through our basic subscription. Customers with a gold or platinum subscription can get additional value from paid features like machine learning, as well as support, and for users looking to run it as a SaaS offering, Elastic SIEM is only available to our Elastic Cloud. So, while what we demoed at our booth at Blackhat was an initial release, focused on host and network data, the excitement from visitors at our booth was noticeable throughout the event. There was a lot of questions about integrations including those for Endgame’s endpoint security product. I also saw a lot of engagement around the Endgame’s demo of a new integration with our Stack, where users can run our Elastic SIEM experience on top of endpoint data. So this leads me to imagine all the possibilities for new and existing customers to streamline and enhance their security analytics use cases. For example, this could apply to the US Navy or software company smart sheet, or French financial institution group BPCE, all of whom closed business with us for this use-case in Q1, or even ASB Bank in New Zealand, who expanded business with us this quarter, primarily for the use of security logging and analytics, effectively replacing their existing SIEM. In the US public sector, we closed new business with the US Defense Information Systems agency. They replaced their legacy SIEM solution with Elastic to power security analytics for the joint regional security staff program. This is a part of the DoD strategy to modernize and improve network security, reduce attack surface, and improve situational awareness, insuring timely delivery of critical information to war fighters around the globe. Elastic was also selected for use with the US Department of Homeland Security Continuous Diagnostic And Mitigation or CDM dashboard, as part of the solution proposed by our partner ECS. CDM deploys tools to every civilian agency to increase their cyber security posture by ingesting, analyzing, and visualizing data that provides insights into asset management, identity and access management, network security, and data protection management. So there is tremendous opportunity for our users and customers to take what they're already doing with our Stack, quickly get more value out of it, and continue to grow with us over time. While it's still early days for Elastic SIEM, it will only get better over time with more features, like SIEM detection rules, user analysis, threat intelligence integration. Our product development approach for SIEM and other use cases is iterative. The goal is to have this magical experience where you deploy Elastic in the context of logging and suddenly through a single UI, you can do threat hunting, or ATM or infrastructure monitoring with very little effort. And to achieve this, we're continuing to streamline the ability to easily get started with and seamlessly transition between use cases. Another example of this iterative development approach is with Elastic Maps, our geospatial analysis product. We made it generally available in our 7.3 release this quarter. This is exciting because Elastic Search has a long history with Geo Data, going back to version 0.9.1 in 2010. And when we look at today, Elastic Maps delivers a curated experience in Kibana that allows users to answer questions like where are the attacks on my network coming from using a pew map or where do I need to scale up my salesforce with a map of enriched sales territory information custom to their business, or where are shipments delayed using a map that floats single points and their orientation in real time. We're seeing these use cases emerge among our customers and it's exciting. Elastic Maps provides a highly dynamic embeddable, customizable, and layered experience that is powerful and easy to get started with. Like Elastic SIEM, Elastic Maps is a proprietary product that is also free and open. And if a user wants to run it as a hosted offering, it is only available through our Elastic Cloud. On the topic of Elastic Cloud, we rolled out a new Amazon Web Services region in London, and a new Google Cloud Platform region in Tokyo this quarter. This expands our presence across these two major cloud providers. And combined with our partnerships with Tencent and Alibaba, strengthens our commitment to being where our users are. In the logging metrics, APM, and uptime monitoring spaces, also known as the observability space, the market is trending towards that convergence of these use cases. This plays to our advantage. Instead of users gluing UIs from separate tools together to solve a problem, they can instead store, search, and analyze all their data, all in one place from one UI. And we've made this an even more powerful experience by providing our users and customers with a simple unified pricing model that removes the friction for trying and adopting new products and features. I am excited to see early signs of these resonating with our user base. In the quarter, we added even more capabilities to our observability products. This included the highly requested Elastic APM .NET agent, which broadens the applicability of these products to even more users. More tooling for Kubernetes monitoring and tighter integration between our products, such as Elastic Logs and Elastic APM. And we continue to see customers adopt us for observability use cases in the quarter, like Nvidia, who closed new business with us or take Dutch electronics company TomTom, who renewed and expanded their business with us. They replaced their Splunk deployment with Elastic to consolidate the logging and analytics environments for all of their online applications. Mortgage loan company Freddie Mac, who closed new business with us this quarter is another example. They are replacing an incumbent logging solution with Elastic for application and infrastructure logging and metrics collection, analysis, and visualization for the enterprise monitoring platform. So, you can get a sense for the ongoing momentum behind us building simple, fast, easy to use experiences for addressing many use cases. This is also true in the enterprise and application search space this quarter. Similar to Elastic SIEM and Maps, this experience will just get better and easier and more powerful as we continue to iterate. With Elastic Enterprise Search, for example, we previewed more connectors such as Atlassian, Jira, and Confluence products. This broadens the applicability of these products to even more users and audiences. With Elastic App Search, we took our SaaS-based app search experience and made it available to users to run on-prem. This is yet another example of how we're giving our users the ease and flexibility to run our products in a way that makes sense for them. It's developments like these that provide customers already using us for this use case, the opportunity to adopt a more tailored experience in the environment they choose. A few examples from the quarter include General Motors who closed new business with us to power search across the vehicle inventory visibility platform. Atlassian, who renewed their business with us for the search embedded in their Confluence application. And Japanese financial institutions Sumitomo Mitsui DS Asset Management, who uses Elastic to help fund managers, quickly search their internal applications to make the best decisions possible for their clients. One last engineering investment I'd like to touch on is Elastic Cloud on Kubernetes or ECK. This is our newest orchestration product that makes it easy to run and manage Elasticsearch and Kibana on Kubernetes for one use case or many at scale. The latest preview release this quarter broadens the applicability of ECK to more users. This release enables users to consume ECK through more distributions beyond Vanilla Kubernetes. Red Hat OpenShift, Azure Kubernetes Service, Amazon's Elastic Container Service, and Google Kubernetes engine. It also includes support for Elastic APM and custom security features. ECK is another product that is available through our basic offering, with the ability to extend to paid enterprise level capabilities and support. All of the things I've talked about today SIEM, Maps, APM, logs, infrastructure monitoring, app search, enterprise search, and so on are significant engineering investments that have occurred under the proprietary Elastic license. Our strategy as a company is to continue to put significant investments into proprietary products and features. Many of them are available under our free and default basic subscription. This means a user wanting to run our software to a SaaS can only deploy them via our Elastic Cloud. We believe this strategy is working and this quarter is particularly indicative of our strength to deliver on it. Overall, it's been an exciting first quarter, and I am more confident than ever about our strategy and market position. I continue to be humbled by the team's work and how well they've executed. But there is more on the horizon, and I look forward to what's ahead. That's all from me, Janesh over to you.

Thanks Shay. We are pleased with our performance in the first quarter, which reflects continued execution against our large market opportunity. We once again demonstrated strong customer growth metrics and expansion metrics and delivered strong overall revenue and billings growth. Total revenue for the first quarter was $89.7 million, growing 58% year over year as reported, or 62% on a constant currency basis. 45% of our revenue came from outside the United States, reflecting the strength of our bottom up community based adoption model. We view this geographic distribution as a long-term strength of our business model. Subscription revenue totaled $82.4 million and increase of 60% year over year as reported, or 63% on a constant currency basis, and comprise 92% of our total revenue. Within subscriptions, revenue from our SaaS products was also strong at $17.6 million, growing 71% year over year as reported, or 77% on a constant currency basis, once again faster than the growth rate in overall subscriptions. We saw continued strengthen in our Elastic Cloud offerings including from some large enterprise accounts. We remain very excited about the SaaS opportunity ahead of us and continue to invest heavily against that opportunity. Professional services revenue was $7.3 million, an increase of 45% over the same period last year. As a reminder, professional services revenue can fluctuate from quarter to quarter based on projects and delivery timing. We saw some of that this quarter. Overall, we've seen strong adoption of our training and consulting offerings which continue to be enablers of subscription growth. We expect professional services will remain a small proportion of our overall revenue as our business grows. Moving onto calculated billings, calculated buildings in Q1 grew 51% year over year, or 53% on a constant currency basis to $89.4 million. As a reminder, we launched a significant update to our SaaS services in Q2 of last year, offering customers much more flexibility, and we revise our pricing model in conjunction with that. Those changes last year present a headwind to calculated billings growth It's hard to precisely quantify that headwind, but we estimate that it was in the mid-single digits in terms of your over year growth. It's hard to precisely quantify that headwind, but we estimate that it was in the mid-single digits in terms of year over year growth. Excluding the impact of these changes, calculated billings growth would have been correspondingly higher. Q1 was the last quarter of this billings headwind. As we said before, calculated billings can fluctuate from quarter to quarter based on the timing of renewals and billings duration for larger customers. So the trailing 12 months calculated billings growth provides an alternative longer term view of the business. Trailing 12 months calculated billings growth ending Q1 was 61%. At the end of Q1, the mix of short-term deferred revenue was 90% of total deferred revenue. Remaining performance obligations totaled approximately $363 million, up 59% year over year. Of this, we expect to recognize 88% as revenue over the next 24 months. Although we do not actively manage the business with target contract length, contract length continues to be approximately one and a half years on average, Turning to customer metrics. As of the end of Q1, we had over 8,800 subscription customers compared to over 8,100 such customers at the end of Q4 last year. We saw similar strength in new customer additions in Q1 as we have in prior quarters. We also ended the quarter with more than 475 customers with annual contract values above $100,000 compared to more than 440 such customers at the end of Q4 last year. Our existing customers continue to expand their relationships with us, reflecting increasing spend for existing use cases and adoption of new use cases. In Q1, our net expansion rates remained over 130%. Overall, we were pleased with the pace of customer additions and customer expansion as we continue to execute against the enormous market opportunity ahead of us. Now, turning to profitability, which is non-GAAP, gross profit in the first quarter was $65.7 million, representing a gross margin of 73.3%. Total subscriptions gross margin was 80.2%, up slightly sequentially. We are tracking well relative to our expectations. In the near term, we will continue to invest in our SaaS business, which will remain a modest headwind to gross margin overall. Our professional services gross margin was negative 4.7%. I referenced the fluctuations associated with the timing of service delivery earlier. Since the professional services business is small, even relatively insignificant amounts can swing the gross margin in either direction. So we expect that the gross margin and professional services will fluctuate significantly from quarter to quarter. Turning now to operating expenses. We remain focused on investing to drive top-line growth. In Q1, we continue to execute well in relation to hiring and overall scaling of investments in the business. As a reminder, we changed the timing of certain events and hosted our global all-hands meeting in Orlando in May. This was reflected in all the operating expense lines. This shift in timing towards Q1 does not impact the full-year expense total. Sales and marketing expense in Q1 was $47.1 million, up 65% year over year, representing 52% of total revenue. Our overall approach to sales and marketing investments remains unchanged. We will continue to add sales capacity and expand market coverage as we drive growth and expect to realize leverage gradually over the longer term as we scale. R&D expense in Q1 was $29.4 million, up 76% year over year, representing 33% of total revenue. As we said before, we are increasing our investments in R&D this year as we continue to invest heavily in both existing and new products and features. G&A expense was $13.5 million, up 54% year over year, representing 15% of total revenue. This includes costs associated with our global expansion and continuing to build the infrastructure to support our growth. Our operating loss in the quarter was $24.3 million, with an operating margin of negative 27%, which was better than expected, primarily due to the strong revenue performance in the quarter. The FX impact on operating margin was insignificant since we have natural hedges as we incur expenses globally as a distributed company. Net loss per share in Q1 was $0.32 using 74.6 million weighted average shares outstanding. This compares to a net loss per share in Q1 of last year of $0.38. Turning to free cash flow. Free cash flow was negative $3.3 million in Q1 compared to a positive $4.8 million in the same period a year ago. Cash flow was negatively impacted versus historical seasonality given the shift in the timing of expenses I mentioned earlier. We look at free cash flow and free cash flow margin primarily on an annual basis since there are both seasonal and timing effects in any quarter. There can also be some lumpiness to inflows and outflows. We ended the first quarter with approximately $315 million in cash and cash equivalents. We remain comfortable with our cash position from an operating perspective. Lastly, we ended the quarter with 1,600 employees adding 158 people in the quarter across all functions, consistent with our approach of making investments now to address the longer term market opportunity we see. Before I turn to guidance, let me talk about Endgame. We continue to expect the transaction will close in Q3 of this fiscal year. The transaction is subject to regulatory approvals and other closing conditions and if we secure approvals sooner, the transaction may close earlier. Our guidance includes the anticipated financial impact for the second half of the fiscal year. In particular, for the rest of this fiscal year, we continue to forecast insignificant revenue impact given the effects of purchase price accounting and the timing of the transaction close. We also continue to anticipate an approximate two percentage points negative impact of full year operating margin. We're looking forward to welcoming the Endgame team to Elastic and are excited to further accelerate our ability to address the security market opportunity. As a reminder, our primary investment thesis is to integrate the Endgame product into the Elastic Stack and apply our community-based go-to market model to it. Therefore, the revenue opportunity for us is much longer term in nature, and the current levels of Endgame revenue are not discreetly additive to our revenue for future years. Turning to guidance for the first quarter and the full-year fiscal 2020. We expect to continue to invest across the entire business in order to drive future revenue growth as we continue to scale. As mentioned in our last call, we plan to accelerate headcount related investments in R&D and sales capacity and coverage globally to drive growth. Some of these investments will be intended to secure growth this year, while others, particularly in R&D will help drive growth over the long term. Investing in innovation remains a top priority for us. In parallel, we continue to keep an eye on the current global economic and political landscape, particularly given our global revenue mix. For the second quarter of fiscal 2020, we expect revenue in the range of $95 million to $97 million, representing a growth rate of 51% year over year at the midpoint. We expect non-GAAP operating margin in the range of negative 23.5% to negative 21.5% and non-GAAP net loss per share in the range of $0.32 to $0.30, using between 77 million and 78 million weighted average ordinary shares outstanding. For the full-year fiscal 2020, we expect revenue in the range of $406 million to $412 million, representing a growth rate of 51% year over year at the midpoint. We expect non-GAAP operating margin in the range of negative 24.5% to negative 22.5%, which includes approximately 2% operating margin dilution from Endgame, and non-GAAP net loss per share in the range of $1.40 to $1.24 using between 77 million and 81 million weighted average ordinary shares outstanding. In closing, Q1 was a strong start to fiscal 2020. We are executing well and delivering growth while investing to address the rich market opportunity ahead of us in so many different use cases. I look forward to sharing our progress with you as we move forward. With that, let's open it up for questions. Operator?

[Operator Instructions] And our first question comes from Raimo Lenschow of Barclays.

Hey, thanks for taking my question and congrats to a great start. Can you talk -- given that you have like a lot of newer initiatives going on around security [indiscernible], Shay, can you talk a little bit about the evolution of the pipeline that you’re seeing there, including these new areas and where is the sales force and sales support, et cetera, in terms of supporting those efforts, and then I had one follow up?

Yeah. Of course, hi, Raimo. Thanks for asking the question. So I'll start with APM and the security space. I believe that we're moving ahead with the APM space, we acquired a company called [indiscernible] a couple of years ago, trying to add these APM features, product features into a product line. Thinking about the fact that these markets, APM, logs and metrics are going to converge into one, and trying to have the competitive advantage of being able to support it using a single product line, single stack and single pricing and packaging model. In APM, as I mentioned, we made significant progress in supporting dotnet now as an environment. That was probably the last major language that we needed to support from an APM perspective. So we're very excited about that. Our go to market is still going mostly to our existing customers and users, that users for logging and telling them that they can add APM to that data set and see additional value, especially since the pricing model doesn't change. But we're starting to see now, us closing deals where APM leads the way versus being led to logging. When it comes to the security space, we are in early phases in that space, but the market is always -- the market opportunity we think is pretty big. We've just released our last extreme product. We've been working on it for the last year. So we're very excited about that. But as you probably know us, we are very iterative in our releases. And we have a first release, but we have quite a bit of investment left. I'm also very excited about obviously the Endgame acquisition, since we believe endpoint and SIEM markets can converge or should converge into one. And obviously endpoint data is very valuable. When it comes to customers, I think you heard on the call as well, we've seen early adopters, especially the highly specialized security professionals, people like Fed hunters or advanced security analytic -- analyst adopting us in the context of security. I'm very excited about it. They see the value in our stack even before we wrote dedicated products to it with the speed, scale and the ability to search across large volumes of data very quickly. So we are closing deals, but we're still -- have a work cut out for us to mature our last extreme product as well as integrate Endgame into our stack. When it comes to our salesforce and our go to market, we're -- one of the areas that I'm excited about is taking the same go to market model that we have, which you bought them up, community first, free and open and applying it to these markets, whether it's APM that we have, and now, the SIEM markets and the Endpoint market. This allows us to be more efficient when it comes to our sales motions. And so far, we haven't -- we don't really have any type of specialization or dedicated sales people or something along those lines. Our sales people are generalists that go to market and sell any type of our products. We think it's super critical because we see our users moving laterally between use cases very easily and we think we can service them the best by having to talk to the same person.

Yeah, okay. Makes sense. And then maybe like one word, like one of the hyper cloud guys obviously tried to offer like its own open source kind of favor or whatever around that, do you see that in the market? Do you see any impact there? Thank you.

Sure. Great question. So we, there's an effort. One of the most recent one we've seen it for many years since the company started, there was an effort by AWS to create something called an Open Distro, which repackages our open source, our pure open source solution, together with a few additional plugins. We haven't seen that really affect any of our metrics, when it comes to downloads, community adoption, or as you see our sales numbers. Actually, I'm very encouraged about and what I mentioned on the call about our investments in our proprietary tier, especially the free one, we also open the code and folded it to a single distribution, which I'm even more excited about it. And obviously that helps us significantly invest in this area and increase our competitive mode versus certain cloud providers.

Our next question comes from Kash Rangan of Bank of America Merrill Lynch.

Hi, let me add my congratulations on the quarter. I just wanted to get your thoughts on some of the shifts we're seeing in the business, which are certainly positive longer term, but you've had a sequentially larger increase in your self-managed subscriptions business and we've seen at the same point in time last year, license did decelerate and maybe that's by design, and of course, cloud, it’s great to see that re-accelerate. I'm curious how should we be thinking about modeling these different line items going forward? And if this is the beginning of a broader shift, in that the licensed side of the house seems to be giving way a little bit faster to other forms of consumption, just call it self-managed or indirectly the cloud? How do you see the mix of your business changing, given what seems to be a pretty significant turn quarter to quarter sequentially? Thank you so much.

This is Janesh. Maybe I'll take that one. So broadly, we’re actually quite pleased with the way the quarter turned out. As you mentioned, the SaaS business was really strong for us from a revenue perspective and that's something that we're actually quite pleased about. Broadly as I think about the mix shifts in the business, the shift for us has really been gradual in terms of how we see the SaaS business growing and increasing in terms of mix. There are some seasonal effects. So from a Q1 perspective, if you look at the mix of business, license will usually be much smaller. But on the license piece, I'll just point out that that's really just an artifact of accounting. From our perspective, it's not a number we look at or focus on, we really look at the total subscription number for the self-managed side, because primarily our business is a recurring revenue ACB based subscription business. And so we tend to focus less on that license line. One of the oddities around that license number is exactly what you mentioned that as a SaaS business picks up, that license number goes down. And so that's, in some sense, actually a positive thing. But broadly speaking, we continue to emphasize growth on the SaaS side of the house. We continue to see customer demand and customer retention more towards SaaS and then self-managed. That said, the lion's share of our business is self-managed and a lot of customer workloads are on the self-managed side of the house. So we continue to be agnostic with respect to customer preference, but from a customer demand perspective, we are seeing SaaS demand be higher than that for on-prem deployments. And that's what you just see reflected in the mix of our business.

Great. And I suppose, how are you managing the implications to gross margins and do you feel like the mix, the change in the mix of the business has us all modeling the gross margin trajectory accurately or are there other puts and takes.

Yeah, it's a good question. I think as we continue to invest in the SaaS business, you will continue to see a near term headwind to gross margin. And that's just reflective of the costs associated with SaaS. And as we make investments in the SaaS businesses, as fixed costs that we then improve the gross margin on as we scale, there's a couple of other drivers there, of course, as we get more efficient on the professional services side, and that drives us to scale, and then the SaaS business itself, once that starts to become a bit more profitable will be a bit more of a tailwind. So in the near term, I think there is a continuing headwind and we're comfortable with where we are right now. The plan is playing out as we expected it would.

Our next question comes from Matt Hedberg of RBC Capital Markets.

This is actually Matt Swanson on for Matt and I'll echo my congratulations as well. I think everyone's really excited to hear you talk more about the SIEM product. So when we’re talking about the future roadmap, how much of this should we think of as internal development and how much were coming from acquisitions? And maybe on that, if you go a little deeper on what perch brings this plan?

Yeah, of course. Hi, Matt. I can take that. So a few things. We have our roadmap cut out for us when it comes to our SIEM product and that's planned through an internal development and I mentioned it on the on the call as well, things like user behavior, analytics, threat, intelligence, integrations, and so on and so forth. When it comes to our potential acquisitions, we're very excited about going after the endpoint market. And obviously joining forces with Endgame. We think that that's already a pretty significant investment that we made. And as you probably know, when one acquires a company, acquiring the company is just the first step. And we care a lot about the endgame employees and making sure that they find a good home at Elastic and there's cultural, all the way from cultural integration to product integration. So we have quite a bit of work cut out for us when it comes to the next year, just making sure that that's successful. When it comes to Perched, I have known the Perched people personally. They're a small company, less than 10 people. They were one of the first ones to really take our stack and build a really significant investment in threat hunting capabilities. They were at the forefront of it, they build great training materials around being able to go deep with our staff when it comes to threat hunting, have been delivering it mostly in the fight space. So we're excited about joining forces with them. But that's a much smaller aspect, mostly around our services business, consulting and training. I make sure that we have the capacity to go and train all of these threat hunters, if you will. And that's it. Nothing more beyond that. And obviously, by the way, I can't really comment on any future acquisitions.

Yeah. And, Matt, I'll just add from the standpoint of Perched that, we've not modeled any additional revenue from Perched as part of the acquisition, as Shay said, it was -- it's less than 10 people and actually, we used to subcontract a fair amount of our business out to them anyway. So there's really no revenue impact at all for this year from Perched.

And if I could just follow up on Kash’s line of questioning, could you just help remind us about what the mix shift impact can be on billings?

You mean specific to SaaS and…

Yeah. Additional SaaS revenue particularly as opposed to being a self-managed subscription.

Yes. So broadly, even for our SaaS portfolio, we offer both annual subscriptions which are paid up front, very similar to our self-managed business and then there's a component that is a monthly SaaS business as well, which we don't break out discretely. On the portion that's the annual portion, the behavior from a billing standpoint is really the same as self-managed. So you shouldn't see any differences there from the standpoint of billings and deferred revenue.

Our next question comes from Mark Murphy of JP Morgan.

Yes, thank you and I'll add my congrats. Shay, as you integrate Endgame into Elastic, I'm wondering just how meaningfully you think you can increase the overall volume of data that gets fed into Elastic that is coming off of all these endpoints. And then beyond that, what do you think the combined vision is going to look like for a remediation where maybe we have to isolate a host or stop a process something along those lines?

Yeah, it’s a great question. So first of all, when it comes to streaming data, that by the way tends to heavily depend on the reason why someone deploys the system. If they want to create a centralized theme or whether they want to go and provide advanced threat hunting, there's also a time aspect to the data, whether you want to store it for 7 days, a year or two years or more. Especially in the Endpoint Market by the way, one of the things that we're slowly starting to realize is the fact that actually the convergence of Endpoint and SIEM will probably result in obviously more data being stored, because Endpoint data is so critical, and you can combine it with other types of datasets. I also think that we're building significant investments into the ability to store more and more data more cheaply at Elastic. I mentioned our called notes capability. That is part of our basic license. So hopefully, we get to a point where people won't even ever have to throw away data which is relatively new concept as I begin to learn from the Endpoint market, but obviously not in the SIEM market. So that's definitely going to help increase data volumes when it comes to Elastic. Typically also, by the way, we don't see a significant portion of our deployments involving Endpoints. So things like laptops or desktops. We have some customers that have deployed our agents to ship that data, but it's not common. And I'm excited about being able to bring all of the ability to ship data from Endpoints into Elastic.

As a follow up, perhaps for you Janesh, customers that preferred your pricing model versus the competition for a long time, recently, Splunk has described some upcoming changes toward all you can need and I think core based pricing, and I think we'll be learning more, I think Shay might have mentioned something in passing about a simplified or unified pricing model, at least for part of your products. What is your view of the pricing environment currently and into your ability to provide this superior value prop, which you've been doing so well?

Yeah, Mark, if I had to summarize it, in a short sentence or two, I just see our strategy is working nicely. We've had the unified pricing model, which is really a node based or a capacity based pricing model for quite some time now. And it allows us to provide the same pricing model to customers regardless of the use case. It's really compelling from the standpoint of logging as well. And we all know that from a competitive standpoint, the market logging in particular has been ripe for disruption. And there's been some level of dissatisfaction out there among the customer base in terms of the alternatives that they've had in the past. And so that's playing nicely to our advantage. From our perspective, we continue to believe that we deliver enormous value to the customer. So it's not just about being a low cost provider, if you will. In fact, if anything, we believe that in many instances, we can actually win transactions at significantly higher levels of aggregate realization, because that's the level of value that we deliver to the customer. In terms of recent trends that we've seen, I've not seen any particular shifts in terms of our own business, in terms of deal sizes, or discounting trends, or anything else that I've highlighted, just more of the same. Our strategy is working nicely and we're just continuing to execute to it.

Our next question comes from John DiFucci of Jefferies.

The numbers continue to look strong here, but I have a follow up to Raimo’s initial questions on AWS and I guess this is probably for Shay. Conversations with customers, when your team is out there. Are there any considerations, are they talking at all about waiting to see where AWS comes out here on top of the free Elastic offering that they offer, because I talked to Janesh about this too. The investment community is always worried about things and as they should be, and this is one of the things that they worry about is that, perhaps AWS comes out with something, some of their own proprietary technology to sort of displace what you're doing. And I just wonder if you are seeing that or hearing that at all, from your customer base, because we haven't really heard it in the field, but we do hear a lot from the investment community.

Yeah. I can take that. Hi, John. So we're not really seeing that and we haven't seen actual implementation on the Open Distro itself to prove it one way or another. What I do see and proud of is the -- just significant investments that you've seen to the differentiation between the pure open source version versus the proprietary license versions that we have. And I'm talking about pretty significant product lines, feature sets, that I just find it very hard to believe that anybody to be honest, will be able to compete with us on our level, especially when we control the whole stack. So I mentioned it on the call, but Elastic seem a whole new product. Elastic maps, we have a whole team working on it every single day, just on improving our mapping and GIS capabilities, APM, logs, all of these and more are proprietary features that continuously create a level of differentiation between these two product lines that I feel very, very comfortable about and resonates also with our users. Once we release the Elastic theme, every single developer that upgraded to our new version of 7.2 and has access to our default distribution which is most of them, if not almost all of them immediately have Elastic SIEM product now for free. So I'm excited about bringing more and more to our user base, and then through that, realizing the differentiation between anything that any of our competitors can do.

That all makes sense. So thank you on that. And I guess Janesh, just a follow up for you. Like I said, the numbers all look good. The one number that I think I may get questions or we all might get questions on tomorrow is current deferred revenue, which is a bit lower than what we were looking for. So I'm going to -- is there anything unique in that number? I mean, billings were strong. So I mean, I know that's part of it. But is there anything, any comment you can make on that?

No, nothing in particular that I would call out there, John. What I’ll say is, short term deferred revenue was 90% of the total deferred revenue that's consistent with the general range we've seen historically, broadly in line, I would say. The growth rate there was 60% year-over-year. So, obviously pretty pleased with that too. As we said before, from time to time, there might be deals out there or customers out there who might request upfront billing for budgetary reasons. We actually did see that this past quarter. There was one particular customer for one transaction, they wanted us to invoice them upfront for the entire transaction, which we did. And that's what caused a slight bump up in the long term deferred revenue. But that actually doesn't impact the calculated billings growth rate in any significant way. Because that was partially offset by other transactions in the short term side, which had billings timing differences in the opposite direction. So nothing in particular that I’d call out, but still 60% year-over-year growth in the short term deferred revenue, which is something that we were quite pleased with.

Our next question comes from Tyler Radke of Citi.

Maybe if you could talk about the -- you talked about an RPO number. And just as we're doing the math around an implied bookings and thinking about that, and in terms of triangulating around an underlying growth of the business, is there anything you would call out as we're doing that math. I know, you did see a nice uptick in the SaaS business this quarter, but anything that we should call out, whether it's duration or mix shift from self-managed to SaaS that would impact that number.

Yes. Tyler, the punch line there is actually we don't manage the business based on contract duration or TCV, we manage it based on annual contract values and annual subscriptions. And so we really don't focus on RPO billings much, but that said, let me sort of elaborate a little bit further. As I think about the business more broadly, we're acquiring customers at a sustained high rate as you've seen, deal sizes broadly remain the same. Our expansion economics remain largely unchanged, we're continuing to migrate customers to be more than 100 TCV. And the net expansion rate remains strong. Broadly speaking, our customer relations continue to get deeper, customers are using us in more mission critical environments. Contract links continue to average around one and a half years. They can vary from quarter to quarter, as I said, because we don't manage the business by contract duration. And as I mentioned earlier, contract durations here in Q1 were again one and a half years, roughly speaking. And that was similar to last quarter, but a little bit shorter than the year ago period. And the RPO billings calculation that you're referring to can actually be quite volatile based on just very small changes in duration. So that's yet another reason that we actually don't pay attention to that. If I look overall at the composite of metrics that we do provide between the calculated billings growth and even if you just look at the aggregate RPO balance, that RPO growth for 59% year-over-year, and all the other customer metrics that we've mentioned are all pretty strong as well. So broadly the way we look at it and the way we run the business, we were pleased with our metrics across the board.

And then maybe a question for Shay. So you opened up the call talking a lot about security use cases with your new SIEM product. I'm wondering if there's anything that you could share in terms of win rates that are improving or the percentage of new business that's tied to that market. If that's moving in a positive direction, or anything you could share?

Sure. So I’ll start with just the fact that I'm proud and we're all very excited about releasing a new product, so it naturally just takes the space. It is something that we’ve been talking about for a year now and it's just good to see it out and executing on our vision towards building one of the best SIEM products out there. When it comes to usage or customers or win rates or something along those lines, we apply, it's almost like one of those cases where it's very similar to, if you will, the logging space or the APM space where we see early adoption, but mostly by thought leaders and advanced use cases that take our product. And even though we don't have the end to end user experience in the security space, believe in it, because of the core fundamental features that it has that nobody else has, in the security space, those are the advanced threat hunters and so on. And then we see great wins in that space, simply because you can't achieve the same capabilities with any other products today in the market, just the ability to go and search across one year worth of data and get results in milliseconds, just something that users are not used to. Now, I think that we, our opportunity there to grow is as we mature our product lines and start to get to not only the advanced threat hunters but also the security analysts that expect to see out of the box alerts and investigations and remediations and all of these things and combining and put into our products, I'm excited about seeing our advancements there. It seems like it resonates, walking the halls of black hat was fascinating for me. It's like walking a 10 year old conference in other spaces, tons of booths, closed source commercial, trying to compete with the -- for the attention of the attendee by bringing gifts and things like that where we used to something different. Now, users come to us and can't wait to talk to us. So I’m excited about bringing that go to market to the security space, but that obviously also takes time.

Our next question comes from Heather Bellini of Goldman Sachs.

This is Dan Church on for Heather Bellini. Thanks for taking my question, just a quick one on APMs, any incremental color on additional traction or any changes and the percentage of overall use cases that you're seeing? And then how are you able to really differentiate yourself in a relatively crowded field?

Yeah, I’m happy to take that. So, a few things. As I mentioned before, I feel like our product line is maturing to a level where we're just a fully complete APM product. There's some minor features that are missing, but there will always be one feature or another being missed or something that is on the roadmap. That's why we have roadmaps. Our go to market, in terms of sales motion has not changed in terms of going to our existing customers. The widespread adoption that we have in the logging space specifically just lends itself to go and having a very simple discussion with our customers to add APM to it. We really also believe in the fact that these markets converge, and differently maybe compared to other companies, we take that and not only apply to our product where we have a single stack supporting all various use cases, APM, logging, metrics, infrastructure and uptime, but also a single pricing model that is super simple. There's no host based pricing, there's no one type of pricing for logs and another type of pricing for APM or something along those lines. Users don't like that and it hurts adoption. In our case, if you bought our software and you bought it for logging, you can just go and add APM to it and we charge based on the dataset that you store and it's the same way. So that really starts to resonate with our user base and obviously helps the adoption of APM next to logs or next to other investments that you've already made with us. I did mention that I start to see early customers leading with APM. So they come to us and say, we heard you have an APM plot, we would love to engage with you in APM. And then through that, we start to talk to them about logs and monitoring. So we do start to see that that field is still early stages. We need to get to a point where we can also lead with APM the same way that we do with logs. But I can see early signs of it now. Yes.

And as a quick follow up, it looks like operating expenses, particularly sales and marketing were a little higher than we were anticipating in the quarter, anything to call out there. And any impact or anticipated impact from Perched, although it seems a little bit small.

Yeah, so nothing in particular from Perched. That is relatively small. The increase in expenses, I think, is reflective really of the broader comment I made earlier about the shift in the timing of expenses as we moved our global all-hands meeting into our fiscal Q1, so that's why you saw increases really in all the lines that were a little bit different than the typical seasonality pattern that you've seen from us in the past, but nothing else to call out there. We continue to invest quite heavily in sales and marketing, as we said, we would and based on the plan that we laid out at the start of the year, and we will continue to do that, as long as we see the opportunity to grow the business.

Our next question comes from Richard Davis of Canaccord.

So one of the good things about you guys, if you're a salesman at Elastic is that you have a lot of places to kind of enter an organization or go after, but that also means as good things and bad things with everything, it also means your sales management, I guess whether that's Aaron or Justin or whether has to keep your sales people focused, right, because otherwise they could run off in 50 different directions. So what is your philosophy on kind of keeping your sales people with the eye on the price, is there a way that you kind of guide them or do you just say, hey, go get them. So and then I have a quick follow up.

Yeah. It’s a great question and something that we think about a lot. I think one of the differences that we potentially have from other companies that have tried to go and open up multiple vectors of use cases is that we have our bottom up adoption model. So to a degree, we don't really rely on our sales people to go and introduce our users to new use cases or new opportunities. Our goal is to have our user’s self-discover that. So, if they're already using us for logs or metrics, or APM for example, then they can go and add the respective other side of the equation, or even getting to SIEM. As I mentioned before in the call, I'm just very excited about the fact that we just made every single DevOps person out there a threat hunter with Elastic SIEM. Every single log message that is stored in Elastic is also a security event and now they open up, once they upgrade, they open up our products and suddenly they have a SIEM product next to it. That's not something that they're used to, to be honest, with any other vendors almost out there. You would see people fighting over the subject line in the mail inbox overseas, so to try to get a chance to have us in that area. So that's our go to market and that's our go to motion. And we definitely aim and work towards the fact that the default mode would be our users coming to our sales people and telling them, hey, like I'm using you now for one use case or another use case. Help me figure out if I made the right decision. I want to double down on it. I want to go and explain it upward to the management chain. I want to help making sure that I'm being successful and that's our goal when it comes to our salespeople, our account managers.

And then quick last question is, look, , the secret sauce I think of your new Elastic SIEM is that, it’s not just rules, because that's whatever that simple and you can get around it. But it's the AI component, so can you reuse, one of the things you can sometimes do is can you reuse some of that technology, the AI technology and other modules like, I don't know, asset discovery for APM or better search outcomes, for example, or maybe you can't use the workflows, maybe this you understand the language that you're using or whatever foundational system you're using. But is there a reuse capability there that helps you guys kind of report AI over to other parts of the business? Thanks. That's it.

If I can take that, I think it's a wonderful question and I think a great one. So I’ll start with just saying that we at Elastic don't think that AI solves everything. At the end of the day, you might not have thought of everything that you can and one of the reasons why the advanced threat hunters actually adopt us in the context of security is the fact that you can come up with all the various permutations and all the various attacks that you might have, but then you to have the opportunity to ask the question quickly if you haven't, and react quickly. So first of all, just having the data at your fingerprints, for the last, average to all time is about 90 days, at the very least for 90 days to be able to go and search on it fast, that's critical to any business. At the same time, we did acquire a few years ago, a company called [indiscernible] and they build a great anomaly detection engine. And actually, they were specializing more and more in the security space. So a degree about three or two and a half years ago, we went to the team and told them, hey, let's make sure that we build a generic anomaly detection engine. So we can use it across any type of data in Elastic. And that's what the team has done. So if you open up our APM app today, you know not only have APM data visible to you and the ability to drill down to various transactions, but we can also use our Nova detection engine to find anomalous traces or transactions and so on. And we've just integrated that into our security space as well where within the Elastic CMAP, you can integrate our anomaly detection engine to find anomalous login events, or D&S data points or things along those lines. Our goal is to take everything that we develop in the context of AI and machine learning and build it in a way that can move laterally between use cases because it's all the same data in Elastic and I'm excited about being able to take that and apply to all the various use cases that we have.

Our final question will come from Brent Bracelin of KeyBanc.

I'll start with you here. You talked about in video, Freddie Mac, TomTom in the opening script, what's resonating most with those customer wins? Is it the pricing model, costs to consolidation, new insights enabled by a single repository for APM log? Wondering what's resonating the most with some of these new customer wins. And then one quick follow-up for Janesh?

Sure. So, by far and the place where we're most established that in the innovative space is logs. We are the most popular, best product out there today, when it comes to storing logs, in any environment. We are the de facto open source solution now there and our products get better and better and better all the time. And we see that reflected either on a competitive basis or even in a non-competitive basis because we're the only one playing there. So I'm excited about that. Then all of these customers adopted us initially for logs and still a big part of their decision making is the logs aspect when it comes to adopting our products. It does resonate with them, the fact that they can then go and also use us for infrastructure monitoring and APM, especially since most of these customers already have APM vendors that they're using. And they're excited about the ability to consolidate all of their spend with a single vendor. But also all of the data in a single vendor and being able to go and gain even a more significant insights into it. And that's another area that I -- when I talk to the customers and the users that they're excited about. There's a level of efficiency that is super critical when you're in an operational mode. And the need to jump between products, whether it's by a single vendor or not, is just exhausting. And this goes beyond just the need to go and command switch between application. It’s also just the need to go and have to go and have the mental overhead of remembering where you were to be able to go back to it. And that's something that truly resonates with the actual practitioners that do the work day to day and I'm excited about the ability to go and enable them and making them successful.

And then Janesh as a follow up, lot of concern on the macro and giving you up 40% plus the business international, can you just talk about linearity you saw internationally or any color on the demand activity outside of the US over the last 30 to 60 days.

It's a great question, Brent. We haven't seen anything fundamentally different in terms of shifts in the last 30 or 60 days. Obviously, we continue to keep a pretty close eye on those developments and things are moving quite quickly. And to your point, just given the amount of business that we have coming from outside the US, that's something that we’re keeping a close eye on, but we haven't seen any fundamental shifts in buying behaviors or demand in the last 30 or 60 days.

This concludes our question-and-answer session. I would like to turn the conference back over to Mr. Shay Banon, Chief Executive Officer, for any closing remarks.

Thank you and thank you all for joining the call. Q1 was a strong start to the year. We look forward to continuing the momentum and sharing our progress with you as we move forward. Thank you very much and goodbye.

The conference has now concluded. Thank you for attending today's presentation. You may now disconnect.