Elastic N.V. (ESTC) Q1 2022 Earnings Call Transcript
Published at 2021-08-25 22:58:08
Good afternoon and welcome to the Elastic First Quarter Fiscal 2022 Earnings Call. [Operator Instructions] Please note this event is being recorded. I would now like to turn the conference over to Anthony Luscri, Vice President, Investor Relations. Please go ahead.
Thank you. Good afternoon and thank you for joining us on today’s conference call to discuss Elastic’s first quarter fiscal 2022 financial results. On the call, we have Shay Banon, Founder and Chief Executive Officer and Janesh Moorjani, Chief Financial Officer. Following their prepared remarks, we will take questions. Our press release was issued today after the close of market and is posted on our website. Slides which accompany this webcast can be viewed in conjunction with live remarks and can also be downloaded at the conclusion of the webcast on Elastic’s Investor Relations website, ir.elastic.co. Our discussion will include forward-looking statements, which may include predictions, estimates or expectations regarding the demand for our products and solutions and our future revenue and other information. These forward-looking statements are based on factors currently known to us, speak only as of the date of this call and are subject to risks and uncertainties that could cause actual results to differ materially. We disclaim any obligation to update or revise these forward-looking statements unless required by law. Please refer to the risks and uncertainties included in the press release that we issued earlier today, included in the slides accompanying this webcast and those more fully described in our filings with the Securities and Exchange Commission. We will also discuss certain non-GAAP financial measures. Disclosures regarding these non-GAAP measures, including reconciliations with most comparable GAAP measures can be found in the press release and slides. The webcast replay of this call will be available for the next 60 days on our company website under the Investor Relations link. Our second quarter fiscal 2022 quiet period begins at the close of business Friday, October 15, 2021. During the week of September 13, we will be participating in the Piper Sandler Global Technology Conference, the Jefferies Software Conference and Citi’s Global Technology Conference. With that, I will turn it over to Shay.
Thank you, Anthony. Hello and welcome everyone. I am happy to be here with all of you today to share our first quarter results. We are off to a very strong start of the year. We once again delivered strong performance driven by broad adoption of our offering and the continued growth of Elastic Cloud. In Q1, total revenue grew 50% year-over-year. Revenue from Elastic Cloud grew 89% year-over-year, and we once again saw robust customer acquisition and expansion metrics. We ended the quarter with more than 16,000 subscription customers, including over 780 with annual contract value of more than $100,000. The strong performance was fueled by continued adoption and differentiation of our solutions and features, growth across all geographies and increased strategic relevance and expansion across our customer base. Today’s accelerated digital transformation is fueling the creation of an ever-increasing amount of data. This, combined with the rise in advanced cyberattack techniques, means more organizations are falling victims to threats and attacks and the number and size of breaches and attacks isn’t slowing down. We believe that a unified search platform is the answer to these challenges. Every organization needs to be able to search across all of its data to find relevant information, keep systems up and performing and protect against threats. Customers turn to Elastic to connect the dots between diverse data challenges from simple endpoint security to observability to enterprise search. Now I would like to share some of the innovations we have made in our unified search platform, starting with our security and observability solution. Search has the power to converge data silos, to look around data corners. That’s why we believe every data problem can be solved by looking at it through the prism of a search box. Years ago, even as we were building out our logging capabilities to help companies observe their applications and infrastructure we acquired an APM company, Opbeat, with the goal of integrating application traces into our platform. We recognize that keeping systems up and running is a search problem regardless of the type of data used to do so. That was even before the term observability was widely used in the market. And as we continue to bring innovations to our search platform, our customers are seeing the benefits in our observability solution. For example, we recently released correlation capabilities, built using advanced search techniques in Elastic APM. It accelerates root cause analysis by automatically surfacing the attributes that have the most significant impact on service performance. The unifying power of our platform is always top of mind. We also just marked an important milestone for Elastic Security. As with observability, we recognized the convergence of SIEM endpoint security early on. And 2 years ago, we acquired Endgame. And as we did with Opbeat and APM, we’ve integrated Endgame’s endpoint technology into our platform. I am thrilled to see the vision come to life in a major way with the market’s first Limitless XDR, providing end-to-end protection, detection and response for any organization, not just large enterprises. XDR, what’s in the name? A lot like observability, it’s a broad concept, extended detection and response. We believe XDR means modernizing security operations by unifying the powerful capabilities of SIEM for detecting threats and endpoint security for protecting and remediating issues on all endpoints, including in the cloud, all in a single platform. We take this a step further with Limitless XDR. Customers can search years’ worth of data in our frozen data tier. They can investigate across multi-cloud environments with our cross-cluster search capabilities. They can ingest data of any type from any source. They can apply numerous built-in and community-driven detection and analysis techniques. All of that, while paying only for the resources they use, not based on the number of endpoints, agents, seats or gigabytes of data ingested. All of these capabilities make our XDR offering limitless, differentiating it in the market. I couldn’t be more proud of the team in delivering this innovation. To extend our Limitless XDR to further support cloud application and services, we recently announced that we are joining forces with build.security, a policy definition and enforcement platform. I’m excited for our teams to integrate build.security technology into Elastic Security over the coming quarters. This will give our customers the ability to continuously monitor the cloud environment and validate their security posture against well-established standards like CIS Benchmarks. In addition, as we announced today, we will also be joining forces with Cmd to accelerate our efforts in cloud workload runtime security. Cmd is the leader in infrastructure detection and response, or IDR. Using extended Berkeley Packet Filter technology, also called eBPF, Cmd provides deep visibility into cloud workloads and performs expert detection and prevention on cloud-native data. With the technology and expertise we gained by teaming up with Cmd, we will be able to expand our security capabilities even further for cloud-native application workloads, all implemented using the frictionless approach made possible with eBPF. With our investments in Cmd and build.security, we anticipate that our customers will be able to secure their cloud workloads at both runtime and deployment time. This will give customers even greater value from their existing security and observability use cases of the Elastic Search platform. Another critical component in both observability and security is a single unified Elastic Agent, which we recently GA-ed. In a world where organizations need to manage an ever-increasing number of data sources, deploying, managing and maintaining agents poses a significant challenge, especially when the resources being monitored can number in the tens of thousands. With Elastic Agent, customers can simplify data onboarding, enable faster telemetry collection, reduce mean time to resolution and detection and even response to threats, all through a unified and centralized agent management that is fully integrated across Elastic Observability and Security, because well, while you observe, why not protect? We have been saying this for years and it is resonating with both our existing and new customers. Security is shifting left, observability is shifting right, and we’re seeing that natural convergence happening now. This is important because today’s increasingly distributed, complex and data-driven organizations require a new standard of operation. Organizations need to invest in technology that enables them to simultaneously monitor their processes and systems to ensure nothing is slow or broken while also protecting against threats and cyberattacks. A great example of this is a deal we closed in Q1 with one of the world’s largest casual dining restaurant chains with over 700 global locations. They needed to be able to quickly identify potential threats across different systems and applications. They also wanted to leverage machine learning and anomaly detection as well as our APM and infrastructure monitoring capability. They chose Elastic because of the significant value they find in using a single platform that can address their needs across their most important observability and security use cases. Moving on to Enterprise Search, with Elastic Enterprise Search, customers have a powerful solution for website, application and workplace search that enables them to search everything anywhere. We continue our efforts to make it simple and easy for customers to adopt and deploy Enterprise Search. In Q1, we expanded business with a large mutual insurance company. Their existing internal agent portal was difficult to use and lack the ability to scale across multiple data sources. They were already using our observability and security solutions, and they chose to implement our Workplace Search product with the streamlined and intuitive interface, out-of-the-box connectors and easily-configured API. This is another example of a customer who started with one solution and adopted another and another as they realize the benefit of the Elastic Search platform. And a Fortune 50 multinational investment bank and financial services company expanded business with us in Q1. They turned to Elastic to power their global financial crimes and compliance units with robust search capabilities. They also wanted to build a front-end search solution for analysts and investigators who are trying to connect to different data sources to identify and stop financial crimes. With Elastic, investigators are able to perform complex searches within milliseconds across years of wire transactions. And of course, we continue to add new features and functionality to our Enterprise Search solution. The beta release of a new slider in app search allows customers to easily make search results as narrow or broad as they want, and it literally goes all the way up to 11, with 11 predefined options for search precision. We also announced that customers can now fully manage app search and workplace search directly from Kibana, making it easier to access search insights and visualization. With Enterprise Search now in the Kibana UI, we are bringing more unified management and navigation to our search platform with access to all three elastic solutions in the same user interface. And we continue to be recognized for our innovation. We were recently named a leader by Forrester Research in the Forrester Wave for Cognitive Search. Now on to Elastic Cloud, we continue to expand our strategic partnership with cloud providers so we can meet our customers where they are and support them with a simple, worry-free and easy-to-use cloud experience. During the quarter, we closed business with one of the world’s leading social trading and brokerage companies, displacing an existing vendor. As the customer’s popularity grew over the last year, they chose Elastic to help them balance cost, scale and performance. The speed of Elastic Observability on Elastic Cloud combined with our searchable snapshot capabilities, means the customer is now able to store years of data in cold and frozen storage tiers without losing the ability to search the data whenever they need to without breaking in the bank. We have been investing heavily in building seamless cloud experiences for our customers, and we’ve seen that investment starting to pay off in recent quarters. It’s gratifying when I talk with customers who never thought they moved to the cloud and they tell me they are now making the move with Elastic. Our recent product enhancements and marketplace integrations are delivering a frictionless onboarding experience, resulting in more customers coming to us from these channels. Our traction with Microsoft Azure continues to grow. Building on our previous launch of our native marketplace integration, we announced the GA of Microsoft Azure Private Link, which provides one-click private connectivity from Azure virtual networks to Elastic Cloud deployment. Customers using Microsoft Azure Private Link with Elastic Cloud are provided an additional layer of security to meet their security policy and compliance requirements. And we were also honored to receive the Microsoft U.S. Partner Award in Business Excellence in the Commercial Marketplace. In addition, in Q1, we were named as the 2020 Google Cloud Technology Partner of the Year in the Data Management category. This is a wonderful recognition of the continued work we’ve been doing with Google Cloud to provide our customers with a seamless cloud experience. I am thrilled with the momentum we are building with all of our partners to enable our customers with a unique cloud experience that is intuitively flexible, feature packed and use case ready. The power of the Elastic Search platform extends beyond our solution, helping customers to achieve their business outcomes with our continuous innovation. We continue to invest in resources to scale our enterprise reach and to grow our teams from engineering to marketing to sales. And I am very excited to share that we have just released the date for our Virtual ElasticON Global Conference, which will take place on October 5 through the 7. This year’s event will feature product announcements plus presentations from customers, partners, Elasticians and other guest speakers, including Scott Guthrie, EVP of Microsoft Cloud and AI group. We have got a great lineup this year. I am incredibly humbled as I think about all the people who make our continued momentum possible from our employees, to our community, customers and partners. Now, over to you, Janesh.
Thanks, Shay. Q1 was a great start to the year, continuing our momentum of crisp execution against the backdrop of a gradually improving global economy. Our cloud momentum was strong with robust usage trends, and we expect that cloud will remain a deal win for the longer term. Our solutions continue to resonate with customers, and we are continuing to invest against the rich market opportunity ahead of us. Let’s get into the numbers. Total revenue in the first quarter was $193.1 million, up 50% year-over-year, reflecting continued successful execution of our strategy across enterprise search, observability and security delivered on a unified search platform with a unified pricing model. We are very pleased with our performance, which was significantly better than expected, primarily driven by significantly stronger-than-expected usage in Elastic Cloud. 47% of our revenue came from outside the United States. We continue to view this geographic distribution as a long-term strength of our business model. Subscription revenue in Q1 totaled $177.2 million, comprising 92% of total revenue. Within subscriptions, revenue from Elastic Cloud was again strong at $61.5 million, growing 89% year-over-year, driven by strong customer growth and usage. We once again saw strength in both our annual cloud business as well as our monthly cloud business. Our feature advantages over competitors, our expanding reach and our partnerships continue to give us confidence that Elastic Cloud will grow faster than our overall business. Professional services revenue in Q1 was $15.9 million, growing 111% year-over-year. Services revenue can fluctuate across quarters depending on the timing of projects and delivery, and we saw an approximately $3 million benefit from that in the quarter. Professional services remains mainly a product enabler and we do not expect professional services to increase significantly in mix over the year. Moving on to calculated billings, calculated billings in Q1 grew 27% year-over-year to $165 million. As I mentioned previously, the growth rate reflects a headwind driven by the $5 million pull forward of a multiyear deal out of the first quarter of fiscal 2022 into the first quarter of fiscal 2021. Overall, we are pleased with our execution, and the quarter’s strength was broad-based across our 3 solutions driven by new and existing customer growth across segments and geographies. At the end of Q1, total deferred revenue was $364 million, up 31% year-over-year. Remaining performance obligations totaled approximately $776 million, up 35% year-over-year. Customers continue to make multiyear commitments to us, reflecting the increasing strategic relevance we bring to their businesses. Contract length was slightly over 1.5 years on average, slightly shorter than the prior quarter as well as Q1 of fiscal 2021. As a reminder, we do not actively manage the business to a target contract length, so this can fluctuate across quarters. Also, our monthly cloud business has no deferred revenue or remaining performance obligations. Turning to customer metrics, we ended Q1 with over 16,000 total subscription customers. We once again saw significant strength in customer additions driven by new customer momentum for Elastic Cloud. We also ended the quarter with more than 780 customers with annual contract values above $100,000 compared to more than 730 such customers at the end of Q4, reflecting continued strong expansion trends. Of note, the sequential growth in customers over $100,000 ACV has accelerated over the past two quarters, reflecting the success of our product and go-to-market strategy. Our net expansion rate was roughly flat compared to Q4, remaining slightly below 130%. We expect the net expansion rate to remain at current levels, give or take a few percentage points in fiscal ‘22. Now turning to profitability, which is non-GAAP. Gross profit in the quarter was $149.8 million, representing a gross margin of 77.6%. We managed our overall gross margin well during the quarter despite the increase in the cloud mix. Looking ahead, Elastic Cloud will remain a modest headwind to gross margin overall as we continue to invest to drive growth. Looking at operating expenses in Q1, we increased our investments in the business as we have laid out in the prior call. These investments were spread across all functions. Our operating profit in the quarter was $7.2 million with an operating margin of 3.7%, which was significantly better than expected primarily due to the strong revenue performance in the quarter. This reflects the operating leverage inherent in our business model. We also continue to benefit as expected from lower travel and event spending given the pandemic. Earnings per share in Q1, was $0.04, using 98.2 million diluted weighted average shares outstanding. Turning to free cash flow, free cash flow was $12.4 million in Q1. As we’ve said before, quarterly cash flow can be lumpy and affected by timing issues and seasonal variation. So we look at cash flow primarily for the full fiscal year. We expect our free cash flow margin to remain slightly positive on an unlevered basis in fiscal ‘22. We ended Q1 with a strong balance sheet. Cash and cash equivalents totaled approximately $991 million. Our cash balance reflects the net proceeds from our senior notes issued in Q1. We expect cash interest expense from the notes to be approximately $24 million per year. Turning to guidance, we remain very excited about the long-term opportunity ahead of us and continue to invest aggressively across all functions. We continue to assume a gradual improvement in the macro environment weighted in the second half of fiscal ‘22. Given this backdrop and in combination with our investments taking greater hold over time, we continue to expect our calculated billings growth in the second half to be greater than the first half. Further, we remain confident that Elastic Cloud will continue to grow faster than the overall business. Finally, we do not expect any meaningful revenue from the acquisitions of build.security and Cmd and the additional operating expense fits into our operational plans and has been incorporated into our guidance. For Q2, we expect revenue in the range of $193 million to $195 million, representing a growth rate of 34% year-over-year at the midpoint. We expect non-GAAP operating margin in the range of negative 4% to negative 3%, and non-GAAP net loss per share in the range of $0.19 to $0.15 using between 92 million and 93 million ordinary shares outstanding. For full fiscal ‘22, we expect revenue in the range of $808 million to $814 million, representing a growth rate of 33% year-over-year at the midpoint. We expect non-GAAP operating margin in the range of negative 4% to negative 3%, and non-GAAP net loss per share in the range of $0.67 to $0.57 using between 92 million and 94 million ordinary shares outstanding. Finally, I’ll point out that the midpoint of our non-GAAP EPS guidance includes added interest expense for the debt we previously discussed of approximately $0.07 per share for Q2 and $0.22 per share for full fiscal year ‘22. In summary, we had an extraordinarily strong start to the year, and our strategy is working nicely. We remain excited about the long-term market opportunity ahead of us, and we are investing towards that. And with that, let’s go ahead and take questions, operator?
[Operator Instructions] Our first question today comes from Matt Hedberg with RBC Capital Markets.
Great. Thanks for taking my questions. Congrats on really strong results again here. Shay, for you, I mean, lots of positives to drill into. But the surge in customers off of what was a really strong 4Q is impressive. I’m wondering, at a high level, do you think the licensing change that you guys previously made is having a positive impact on customer adds? And maybe secondarily, when you look at growth in Elastic Cloud customers, how much of that is – or I should say Elastic Cloud revenue, how much of that is being driven by new customers versus expansion from your base?
Yes, of course, hi, Matt, happy to answer. I think the first part is around the license change. I’ll remind that we did the license change a few months ago, with the main goal of trying to make sure that we address the confusion and the misdirection that was happening with the competitive service from Amazon. And first of all, I’ll say that we’re very happy with the change. Over the last couple of quarters, we’ve innovated quite significantly. We released a few minor versions. And at Elastic, we say every minor release is a major release, and you can see it with the recent one when we announced our Limitless XDR capability. So we’re running ahead fast and innovating for our customer base, and that’s really resonating also with our community. We have – Based on all the metrics that we’re looking at, downloads, engagement on forums and GitHub and others, our users are just running ahead with us and are very excited about all the innovations that we do across all of our three solutions and our foundational search platform. When it comes to how much it applies to our growth in new customers, our analysis and expectations is that this will play out over the long-term. Obviously, a license change applies only to new releases that we have. So it’s only a few quarters in. And we think that over the long-term, that will start to have an impact on new customers or customer adoption as they start to migrate, as they upgrade to new versions and start to see the differentiation and come along for the ride with us. Beyond that, you’ve mentioned the new customer growth and, obviously, Elastic Cloud. I would say that I think a big part of our new customer growth is coming from our monthly SaaS and in our self-service SaaS, and a big part of that is just the amount of investments and innovations that we put into our products and Elastic Cloud specifically. We mentioned this quarter and over the last few quarters, for example, the significant innovation and investments that we make in the various cloud marketplaces and native integrations that we do with all of them but specifically focusing and integrating natively into Microsoft Azure and Google Cloud. And I think our customers are seeing that. It’s much easier for them now to go and consume us on various cloud providers; Microsoft, as easy as going to the Microsoft Azure console and deploying Elastic Cloud within the console itself without leaving it even. So I think that, for example, is a great example of something that drives new customer adoption.
That’s super helpful. And then, Janesh, just a quick one for you, sort of on the Elastic Cloud comment. You noted that the monthly usage doesn’t impact deferred revenue and, thus, billings. I was wondering if there is a way to kind of think about what that headwind represents to billings growth. And maybe a different way of asking it would be, of your Elastic Cloud revenue, how much of it today is monthly versus annual or something beyond annual?
Yes, Matt, I’ll touch on that. So stepping back, first off, when I just think about the cloud business overall, at 89% year-over-year growth, we thought that was just extraordinary performance. And we are very pleased with that. Monthly cloud business has increased a couple of points in mix versus Q4. It was close to 15% of total revenue in the quarter, and it continues to grow quite nicely. I think we’ve been calling out for some time now that it’s been increasing slightly in mix, and it’s continued to inch up. And as Shay said, the web-based self-service option is just a great way for us to acquire new customers. So the vast majority of our new customers do come in via monthly cloud. They are usually small customers that then gradually increase their spend with us over time. And the pace of customer additions, as you noted, was quite strong, and we are pleased with that. But it wasn’t a massive step function change to indicate any kind of shift in workloads to the monthly format. The billings growth rate headwind that you’ve mentioned, that comes mainly from just the billings timing point that I mentioned earlier in the prepared remarks, where there was that $5 million that had gotten pulled out of Q1 this year into Q1 of last year. I would not correlate that to the monthly cloud business. I think the strength in monthly cloud comes from just the fact that we’ve made heavy investments in cloud and marketing with our partners, as Shay was talking about, and strength in cloud was really a result of all of these factors. And it’s great to see those investments paying off.
Great. Thanks a lot. Congrats again.
Our next question comes from Raimo Lenschow with Barclays.
Hi. This is Pree Gadey for Raimo Lenschow. I wanted to ask, a lot of news around the security space with security build and the acquisition you guys announced today. Can you talk about the go-to-market strategy with security? And any update you can provide on the partnership with Palo Alto that you announced last year?
Sure. This is Shay here. I’ll take it. So first of all, as you mentioned, we’re making significant investments in the security solutions that we have. Over the years, we started with Enterprise Search. And we mentioned that we became obviously, a leader over the years as was denoted by Forrester, which we’re very proud about. We’ve been leading the charge in observability, starting from logging and then extending to APM and now the observability market. And we’ve been used in the security space for a few years now, but people have to go and roll up their sleeves and build their own makeshift SIEM, if you will, on top of this very, very powerful search platform. In about 2.5 years ago, we started to build a SIEM solution, we joined forces with Endgame around endpoint security and the 7.14 release, the last release that we had. We announced our Limitless XDR, and the fact that we’ve folded the Endgame technology, almost all of it into our unified search platform, into the Elastic Stack and provide it to our customer base. We’re also very excited about, as you mentioned, build.security and Cmd, another two great companies with very impressive technology that we’re looking forward to embedding to our security solutions. And we think that, that would end up providing a much broader applicability of security to a much broader user base, helps support the foundations to the merging, if you will, of endpoint security, cloud security and SIEM. And also over the years, the merging of big parts of observability and security, which we deeply believe in. When it comes to GTM itself, first of all, our stand that we’re also very focused on trying to build bottom up, free and open community-driven approach to the security market. We deeply believe that that’s one of the differentiating factors that we bring to market. But more than that, we deeply believe there is a much better way to try to go and address the existing security threats and future security threats that companies are facing. In a very similar manner that ops and developers join together to become DevOps and understanding that in order to keep an infrastructure up and running and performing in today’s digital environment, we just need to have this collaborative nature between developers and operations people. We think the same thing is going to happen with security, and we’re investing heavily in the same way that we have in the context of observability. And that goes and starts with building great products, building great communities, doing things in the open, all the things that we know and love doing. And we know that it makes a big difference, and we’re seeing it making a big difference in the security market today. When it comes to partnerships, we’re obviously always happy to partner with various companies. Our approach is a free and open approach, and we start with data. We will start with them. And as a result of it, we’re just happy to collaborate with any company that ends up shipping data to our SIEM solution to a place that can store vast volumes of data and then making them searchable. We’ve done one with Palo Alto Networks about a year ago, we’re doing several with many other companies, and we’re excited to bring all of them under this tent of security, if you will, while we’re also addressing specific customers’ needs like endpoint security and container security and others.
Thanks, Shay. And just, I guess, one more question. You guys have introduced quite a bit of cloud native solutions this year. I want to understand how the code base is shared between the on-premise product and the cloud product. Basically, I’m trying to understand how simple it is for customers to deploy in a hybrid environment.
Yes. So as you’ve seen in the context of the security market, big portions of what we do can run on-prem. So I’ll give you an example. Cloud-native workloads, certainly a big part of them are containerized workloads or Kubernetes level workloads that customers can definitely, and they do, go and run on-prem. And the Cloud-native Foundation has many projects that can go and run on-prem or in a hybrid environment. The build.security, for example, are focused around something called Open Policy Agent, again, something that helped manage and enforce policies, specifically, in cloud-native workloads. But those also can run on-prem or more specifically, as you said, in hybrid environment. I’ll probably say that the vast majority of our technology can run in hybrid environments. We always prefer for customers to run on our cloud because we believe that it’s just a significantly better user experience, but we know that not all can move quickly to the cloud. And we’re happy to engage with customers through our security solutions. And by the way, observability and Enterprise Search and allow them to run it in a hybrid environment as they transition to the cloud. And a big part of it, for example, is to move their workloads to become containerized on Linux, obviously, under Linux, and then running on Kubernetes and then make the jump to the cloud. And while they do that, we want to provide them with the right level of observability and then detection and protection that they deserve.
Our next question comes from Brent Thill with Jefferies.
Shay, I like the reference to spinal tap and going to 11. I guess talking about going to 11, the last two quarters you’ve seen an acceleration in the business. I’m just curious if you could set the stage of what you think is causing that. Is this effectively a larger commitment to the broader platform you’re seeing in bigger initial purchase orders? Are you seeing divisions that have opened up that you’ve never seen before? Just give us a sense of what you’re really seeing through your lines and what’s happening with the inflection in the numbers that we’re seeing.
Yes, of course. So first of all, as Janesh mentioned, it’s broad-based. Like, the company that we are, we’re a bigger company now. We address multiple personas, multiple solutions, multiple opportunities. I do think that we have a wonderful leverage point with our unified search platform from both the product and a go-to-market perspective. But we’re addressing customer needs across multiple fronts. And when we take all of these – and all of them, by the way, are growing fast, right? It’s like enterprise search and companies moving to become more and more digital. They are moving more and more assets to become digital, workplaces are communicating mostly in an online fashion. And all of that data needs to be searched. And that’s a great sweet spot for our Enterprise Search product and specifically, for example, our Workplace Search product. More companies go online, they are running applications that need to serve their customers and those need to be observed and they generate more data. And the same thing with security, as companies go online, their surface areas become bigger and they generate more data that needs to be used to detect very slow-moving threats that are faster changing and its best at. And all of that, if you take, can go even a step back, as data volumes grow, the best and most natural way to explore data is by searching it. And we see aside from these three use cases, we see usage of Elastic just as a general search platform that is very useful to do many, many different things. So we’re excited about that. And obviously, if you take that and put it together with cloud and our significant investments in cloud and our partnership with Microsoft and Google, for example, within the cloud providers, that helped accelerate and increase our growth. So I’m excited and happy to see all of that innovation within the product, all the innovation that we’re doing on the more go-to-market, all the investments that we’re making and we mentioned going up into the enterprise while maintaining our base of developers and practitioners, doing both high-velocity sales but also value-based selling to our enterprise customers, cloud focus, solution focus, all of these things that we’re doing as a company realizing itself over the last few quarters.
And for Janesh, I know growth has been the number one focus. But when you think about the bottom line over time and sustainable profitability, can you just talk to how you’re thinking about balancing both?
Yes. Happy to talk about that, Brent. So as I think about our performance here in Q1, we were obviously very pleased with the results. You saw that the operating leverage that we have in the model becomes really visible as the revenue performance largely made its way to the bottom line. As I step back and think about it, and as Shay painted the picture of the broader environment where we don’t feel constrained really by demand or the size of the markets in which we play, these are very large opportunity sets. And the unit economics in the business are very strong. And so we feel the right thing for us to do is to continue to make investments in the business to drive growth. That’s the plan that we laid out in the last call. We are continuing to make those investments. You’ll see that reflected in the outlook for the year as well. And when you look at the implied spending in the business in fiscal ‘22, when you look at the year-over-year increase in the spending in the business in fiscal ‘22 compared to fiscal ‘21 that’s implied in the guide, you’ll see it’s a significant step-up because we’re making the investments now to capture the opportunity ahead of us. And I think that’s the best thing we can do in the business at this stage to drive growth.
Our next question comes from Jonathan Ruykhaver with Baird.
Yes. Hi, good afternoon. So the question I have is really on the XDR solution. It seems obvious to move in that direction just given your SIEM focus and your EDR product. But I’m wondering, Shay, if you can talk about product positioning, just how is Elastic different from the numerous other vendors we see emerging in that category? And I know it’s very early days there, but any early customer feedback you can provide that might validate your differentiation would be helpful?
Yes, of course, happy to. So first of all, I think XDR is an interesting term because it starts to with extended which makes it, by definition, very broad, extended detection and response. And we believe that any level of security solution needs to start with data. You need to be able to observe threats, in order to be able to detect them and then in order to be able to then go ahead and protect them. And we spent the last 10, 11 years building what I believe is to be one of the, if not the most, advanced search engine today to be able to go and find, amongst other things, threats. And data is not an easy problem to solve to make it searchable, being able to search across trillion threats, hundreds of machines, petabytes of data and return results in millisecond or second, that’s not an easy task to do. And over the last few quarters, we’ve innovated significantly in the search platform. The ability to go and store data natively on cloud object stores and then you can pick and choose between the cost of storing 10 years’ worth of data versus a month’s worth of data and the speed of how fast you want to get the results, that some people will provide our customers with exactly the same interface, same API, same UI, our skim on read and skim online integrations, all of these things make a big difference for threat hunters. And even like 6 years, 7 years ago, advanced security researchers and threat hunters out there were taking Elastic Search and Kibana core products and were using it to build their own SIEM. And when I asked them why they were doing it because it was not easy, they have to go and figure things out, they had to roll up their sleeve and build things around it to make it a SIEM. And the answer was, “Well, we can’t get the level of data handling and data support that we need from other SIEM vendors.” And obviously, we are excited about it, and we are doubling down on these core capabilities. And now we are adding SIEM capabilities on top of it. So, we think and deeply believe that everything starts with data. And then I think like we did with Observability, thanks to the fact that we are almost – we are coming from a data perspective to the security market, I think that we have the benefits of looking around corners as we mentioned and, for example, joining forces with Endgame and getting into the endpoint security markets 2 years ago, believing that this XDR market will end up emerging and the need to have a more unified solution that is built into a unified technology stack. And now with Cmd and build.security and, obviously, internal innovations that we are doing within the company all the time, I think that we are well positioned from a product perspective to really support what the XDR market is really trying to solve, which is trying to create a place where you can store all data possible and threat hunt extremely fast, either manually or through AI and machine learning algorithms, and then extend to the peripherals so you can prevent and – detect and prevent things there like endpoints and container and cloud-native workloads. So, that’s one big aspect where I think our XDR solution is strong. I will mention one other thing that I think is more macro and more long-term. If we believe that security is shifting left and, at the same time, by the way, which we see it internally as well, Observability is shifting right. We have talked to operations people out there. They care about security more and more, obviously. And then I think that our significant footprint within the Observability market, we are one of the most popular free and open Observability solution in the world today, allows us to go to all of our Observability customers and tell them why you observe, why not protect. And that’s, I think, a big differentiator for us and our ability to go and bring security capabilities to existing Observability workloads is a significant advantage that we have as a company. And I would say that it’s significantly easier to do so compared to get security companies to convince operations people to add security work capabilities to them. So, I think the foundational element that we have over the long-term when it comes to the merging of Observability and security is a very strong one. And the last one is that we are bringing a whole new go-to-market to security. We are doing this bottom-up, focusing on threat hunters, developers. We are joining forces with companies that also believe in doing that. Cmd and build.security are great examples of it. And I personally deeply believe that this market needs innovation not only from a product perspective, but also from an engagement perspective. And as a community-oriented, we are all in it together to try to go and create better security across the world, and we want to go and enable it and create places for these communities to engage, develop and collaborate around security threats.
That’s helpful. And just the monetization path, I understand you have a free version. When would you expect that to take place?
Sure. First of all, the monetization in security for us is exactly the same that we have across the board. So, if someone goes to deploy on our cloud, obviously, everything is paid for. And we are making significant investments in our cloud product, free and open and people can take our products and run it themselves, that’s very empowering. But obviously as we see, we see more and more users choosing our cloud, which we are very proud of. If someone does decide to run on-prem or in a hybrid environment, then we have additional commercial capabilities that they would go and then can use and provide them with more value and then they become customers of ours. So for example, within security, malware protections are free, but ransomware is a paid for feature if you are running us on-prem. So, we have found that balance. It’s free and open over the years, and we are finding that balance also in the context of security. And so far, I think it’s been resonating really well with our customer base.
That’s great. Thank you very much.
Our next question comes from Brad Reback with Stifel.
Great. Thanks very much. Janesh, maybe a couple of quick tactical ones, on the free cash flow commentary around unlevered, just on a reported basis, should we expect it to be about negative 20 because of the interest expense?
Brad, I have not put a specific number out there in terms of what the unlevered amount will be. I will say it’s consistent with what we laid out at the start of this year, which is slightly positive. Cash flow can be incredibly lumpy, as you know, and there is seasonal and timing effects that play into it. So, we will monitor that as we go and track that for the next couple of quarters as well, and then we can provide a more thoughtful outlook for the rest of the year. But at this point, I would be thinking about it just in terms of slightly positive on an unlevered basis.
Got it. Okay. And then on RPO going forward, I know you mentioned earlier that a lot of the month-to-month cloud customers are fairly small. And as they get larger, they contract with you. That being said, how should we think about the potential impact from the cloud business getting much bigger to RPO growth rates going forward, if at all?
Yes. I would say it’s similar to what I have mentioned earlier in that, as customers sign up with us on monthly cloud and they increase their business gradually with us over time, eventually, they sign annual contracts and that’s when they potentially add to deferred revenue and RPO. So, in terms of the RPO connecting to monthly cloud, again, I would not make any connection there at this point. When I just look at the overall reported RPO number at 35% year-over-year, we were actually quite pleased with that growth. I think that sets us up nicely for the rest of this year looking ahead. If anything, that’s connected to the slightly shorter contract length that I mentioned. But overall, we are actually quite pleased with the way that played out in conjunction with the overall business performance.
Our next question comes from Rob Owens with Piper Sandler.
Hi guys. Ben Schmidt on for Rob. Thanks for taking my questions. So, looking at the guidance, given the beat in the quarter, it looks like a relatively modest increase to the rest of the year for revenue, about $6 million or so. Given how much of revenue now is ratable or usage-based, just wondering, I guess we were kind of thinking that we would see more flow-through into the coming quarters given the beat in this quarter. And wondering if you can just add some color there and if maybe there is more conservatism in the usage-based amounts and potentially given some potential seasonality in the usage-based revenue?
Yes, I am happy to talk to that. So, in Q1, we had very strong growth not just on the cloud side, but also in the self-managed business, so across the board, we were actually quite pleased with the results here in Q1. In terms of the revenue performance in the quarter, as I mentioned, it was driven in part by significantly stronger than expected usage on Elastic Cloud, which I think is just a great indication of the success of the investments that we have been making in that part of the business. Now as I think about the full year, we had already factored strong growth into the model over the course of fiscal ‘22. And in Q1, we just saw that strength come into the model earlier than expected. So, it provided a little bit of a benefit in the quarter earlier than we expected it would. But as I think about the full year, we have already factored the second portion of that into the year. The other piece that I will point out is the roughly $3 million benefit that we had from the timing of professional services revenue. And both of those helped us achieve revenue growth even well ahead of our expectations here in Q1. So, as I think about the guidance then for Q2 and the rest of the year, the way I would characterize it is the same as I did previously. If I think about the full fiscal year ‘22, we have got a lot better visibility this year than we had in fiscal ‘21, for example. And that’s mainly because the broader economic and business environment is a lot more clear and customers know how to adapt their businesses in the face of a pandemic and so forth. And that’s what we factored into the guidance. So, I am not holding back or being unduly conservative with respect to usage or any other factor of the business. We already considered all of those things as we laid out the plan at the start of the year. So, we feel pretty good about how Q1 played out. We feel optimistic about the rest of the year and looking forward to updating you again next quarter.
Okay, got it. And so on customer adds, really impressive acceleration there. And wondering if you can add some color to what products customers are landing in, whether security, Observability or search and if that varies at all from the broader trend you guys see in your customer base.
Yes, I am happy to take that. So, in terms of the customer adds, to your point, we are quite pleased with the additions that we had in the quarter. This is the second quarter in a row where we have seen a very high rate of customer additions. And we continue to add customers both on cloud as well as self-managed. A lot of our new customer additions tend to be on the monthly cloud side where, again, we saw very strong trends. If I think about the products or the use case solutions for which they initially adopt us, it really can be across the board. The way we think about it is we provide those curated search experiences across enterprise search, Observability and security. And when customers sign up for a subscription tier, a subscription level, it could be for any one of those solution areas. And over time, I think you will start to see some of those lines start to blur. We have talked quite a bit about convergence between Observability and security on the call over here. And it’s sometimes tricky to see where a certain use case might end and another one might begin, particularly in monthly cloud where, because it’s all self-service and customers are signing up without necessarily advanced human engagement from us, we may not have visibility into what a customer’s end use case might be. But broadly speaking, the way we have seen it play out is that we see strength across the three solution areas as was reflected in all the numbers. And we see that convergence happening even more over time.
That’s helpful. Thanks a lot guys.
Our next question comes from Steve Koenig with SMBC Nikko.
Hi Elastic. Thanks for taking my questions. Congrats, first of all, on a great quarter. It looks like you are crushing the Stonehenge monument onstage. I wanted to ask you about your hiring. There is lots of hiring. Your job postings are like 3x the level they were even pre-pandemic. And so I am kind of wondering – and sales hiring looks like it’s increased a lot too – kind of maybe some color on what’s behind those trends and on how you are seeing productivity of new hires trend and systemic productivity as well. And then I have just got one other question for you.
Yes, happy to. Maybe I will start us off. So, in terms of the level of hiring and the level of investments, as we said last quarter, as we mentioned earlier on this call as well, we just see a very significant opportunity ahead of us. And we think that the right answer for us here is to invest now to capture that growth. Some of the investments we are making will drive growth in the current year, some of them are more forward-looking in nature. As we think about investments that we make, particularly on the sales side, people that we hire now will start to gradually ramp into productivity and will hopefully contribute a little bit towards the growth in the back half of the year which is why, in the prior call, we had mentioned that we see and expect stronger billings growth in the second half of the year compared to the first half. And I think that just sets us up nicely with momentum going into fiscal ‘23. In terms of where those investments are going, it’s across the board in all functions, clearly in the sales side, but also in the engineering and product organizations as well as in the G&A teams to support that scale and to support that growth as we go. We have seen, I think, broadly speaking, sustained levels of productivity across the board in the entire organization. I think there is a lot that people are getting done. It’s quite visible obviously and easiest to measure in the field organization. And I think there, all of our internal metrics have been holding up quite nicely. On the field side, Paul has just been a great addition to Elastic and it’s been great partnering with him over the course of the last year as we first built the plan for this year, and we are now executing against that. So, I think that’s all been working out quite nicely. And as I think ahead, as I mentioned just a short while ago, the unit economics in the business are strong. So, as we make these investments and continue to drive them, that sets us up very nicely to capture the growth opportunity ahead of us.
Great. Thanks Janesh. And if I could do one follow-up per se. Shay, you have already talked about your differentiation in XDR, very helpful. I am wondering, could you just maybe educate us a little bit? Are you seeing your XDR solution as a replacement for what you have had? And is it an alternative to what you have had in SIEM or traditional SIEM out there or is it complementary? Kind of how do you view that? How are customers viewing that as well? Thanks very much.
Yes. Happy to. I think that it’s like our single unified search platform, the wonderful thing about it is that every upgrade, every time you deploy on cloud and happen to log in again, you suddenly get all the features deeply integrated into a single solution. So, it’s not like we have a SIEM product line and then a separated XDR product line and a separated Observability line or something on those lines, it’s all built on the same unified search platform. If you go and deploy our solution on the cloud, you can go and crawl a website, monitor the web server that serves that website and protect the host that runs that website all at the same time with the same product. So, the wonderful news for all of our SIEM users out there is that once they go and upgrade to a new version, they just got an XDR. And one of the aspects of Limitless XDR that I love the most is that it’s limitless when it comes to its usage. So, all of our SIEM users that are used to us having resource-based or the base pricing, we charge based on the resources that are needed to store and run your data, then they just got XDR, this is part of the same package. If they are an enterprise customer of ours, they now have and can go and deploy as many endpoint security – endpoints as they want and they get malware and ransomware protection as part of their agent that collects data as well. So, I think that, that’s very exciting. And we love to pleasantly surprise our customers with over-the-air updates, if you will, and we are delivering another one where they wake up in the morning and suddenly got more, and they can go and deliver more on actually building value for their customers.
Sounds perfect. Thank you very much. I appreciate it.
[Operator Instructions] Our next question comes from George Iwanyc with Oppenheimer.
Thank you for taking my question. Shay, maybe just following up again on the security side, you mentioned the go-to-market and approaching the threat hunters from a bottom-up approach. Can you give us the top-down and the success you are having with the traditional security buyer as the platform matures?
Of course. First of all, we like to say at Elastic that bottom-up has up in it. So, I think the best companies in the world that start with bottom-up adoption are ones that obviously focused on the practitioners and building tools that practitioners love. But at the same time, you go up to their managers and directors and VPs and CIOs and CSOs, more than anything, by the way, because you want to have the practitioners’ back, if they go and trust your product and make a bet on it, you want to go and have their back and present yourself well and support them while they go, and that product spreads and being used. We make significant investments in going up. I don’t know, you probably saw our investments in analyst relationship which is just one of it, one example, and we have done it – we started to invest heavily only over the last year, and we are already presented well in three Magic Quadrant and Forrester waves, and we are making additional engagements as we speak. Those are all things that we are doing in order to be able to go up. I will say that one of the things that I care a lot about is to make sure that while we go up and support our practitioners, we are also still being focused and build towards that practitioners’ love because the best companies in the world, I think, are ones that can do both, and that’s something that we are definitely aiming to be.
Yes. With XDR now on the table, maybe sharing a longer term security vision over the next, say, 3 years to 5 years, how do you feel that can evolve over time?
Of course, 3 years to 5 years is a long period of time. But I will mention briefly how we are looking at the market. The first part is just to make sure that we are the best data platform out there for any type of threat or security data. And that’s a lot of work, making our software faster, more relevant, more scalable, running on multiple cloud providers, everything around that. Endpoint security is a big part of it, as I mentioned, so bringing all the capabilities of an EDR or the best-of-class endpoint security across Windows, Mac OS and Linux. Obviously, that’s a critical part of it. build.security and Cmd help us invest towards cloud workload native securities, whether it’s container security and Kubernetes connecting to cloud data sources and helping protect the cloud, policy management and enforcement around the same type of workloads. We also want to bring this level of protection and support not only from runtime but to deployment time. So, as you deploy, we want to help you protect at the time of deployment, not only when something is running. And then going even further and help you protect a build time. And then take all of that, by the way, and connect to all of the existing tools that you have there because all of them are generating data, whether it’s a CICD pipeline that is controlled, huge applications are ending up being shipped to the cloud and deployed, that generates data, that’s data that can be stored and e-stored in Elastic, it can be observed and can be used for threat hunting. So, we believe that every piece of data is important when it comes to securing an organization, and we are investing heavily in being able to store all of it and being able to do both manual threat hunting, but also automated, machine learning-driven threat hunting that we provide out of the box and our community provides that rest of all community can benefit for.
This concludes our question-and-answer session. I would like to turn the call back over to Shay Banon for any closing remarks.
Yes. Thank you. And thank you, everyone, for joining us today. Q1 was a great start of the year. We look forward to sharing updates with you as we execute through the year. Take care, and ciao.
The conference has now concluded. Thank you for attending today’s presentation. You may now disconnect.