Ken Tinsley - Corporate Treasurer and VP, Investor Relations Doug Merritt - President and Chief Executive Officer David Conte - SVP and Chief Financial Officer

Raimo Lenschow - Barclays Capital Melissa Franchi - Morgan Stanley Michael Turits - Raymond James Abhey Lamba - Mizuho Securities Jesse Hulsing - Goldman Sachs John DiFucci - Jefferies Joanna Kamien - Wells Fargo Securities Matthew Swanson - RBC Capital Markets Brian White - Drexel Hamilton Fatima Boolani - UBS Keith Bachman - Bank of Montreal Nate Cunningham - Guggenheim Anne Meisner - Susquehanna Financial Group, LLP Sarah Hindlian - Macquarie Capital Kirk Materne - Evercore Partners Albert Chi - JPMorgan

Good day, ladies and gentlemen, and welcome to the Splunk Incorporated Second Quarter 2018 Financial Results Conference Call. At this time, all participants are in a listen-only-mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. [Operator Instructions] As a reminder, this conference call is being recorded. I would now like to introduce your host for today’s conference, Mr. Ken Tinsley, Corporate Treasurer and Vice President of Investor Relations. Sir, you may begin.

Great. Thank you, Jonathan, I appreciate that and good afternoon. With me on the call today are Splunk CEO Doug Merritt; and CFO, Dave Conte. A press release was issued after close of market today and is posted on our website. This conference call is being broadcast live via webcast, and following the call an audio replay will be available on our website. On today’s call, we will be making forward-looking statements, including financial guidance and expectations for our third quarter and fiscal year 2018; market opportunity in our competitive position; and plan investments including product services market groups and sales. These statements reflect our best judgment based on factors currently known to us and the actual results and events may differ materially. Please refer to documents we file with the SEC including the Form 8-K filed with today’s press release. Those documents contain risks and other factors that may cause our actual results to differ from those contained in our forward-looking statements. These forward-looking statements are being made as of today and we disclaim any obligation to update or revise these statements. If this call is reviewed after today, the information presented during this call may not contain current or accurate information. We will also discuss non-GAAP financial measures, which are not prepared in accordance with Generally Accepted Accounting Principles. A reconciliation of GAAP and non-GAAP results is provided in the press release and on our website. With that, let me turn it over to Doug.

Thank you, Ken. Hello, everyone, and welcome to the call. We had a solid Q2, delivering revenue of $280 million, up 32% over last year. Our success continues to come from a combination of our existing customers, expanding their deployments both on-prem and in the cloud and from adding more than 500 new customers to the Splunk family. On last quarter’s call, we talked about the change we made in EMEA and called out the strength of the leaders covering the EMEA theatres. I want to congratulate them for delivering a solid performance in Q2, as our Chief Revenue Officer, Susan St. Ledger, continues to work through the robust pipeline of external and internal accountants for the EMEA wide leader. Our macro environment continues to be strong. And as we’ve said, we’re still early on the Splunk adoption journey even within our largest accounts, and we continue to vigorously pursue those opportunities. I look forward to a great second-half of this year. Stepping back with the move to digital, e-commerce, mobile and social, organizations are now increasingly using machine data to provide critical context to transactions they store in their databases and data warehouses. Splunk’s platform is the best solution to enable customers to harness this largely unstructured data to make it to use real-time decisions. There is no other solution on the market today that does all that we do. And Splunk enables our customers to extract more insights from their ever-increasing amounts of data. Our goal remains the same, which is to become the standard for machine data in every account, a ubiquitous machine data platform solving our customers’ big data challenges and IT operations and application delivery and security compliance and fraud, as well as business analytics and the Internet of Things. These markets are going through a shift to an analytics and machine learning-based approach, where Splunk is uniquely positioned to lead this change and deliver for our customers. During the quarter, we saw continued momentum in both our Splunk platform and in our premium apps; Enterprise Security or ES; User Behavior Analytics or UBA; and IT Service Intelligence or ITSI. These apps accelerate time to value for our customers, and we are driving more use case specific solutions in our core markets. Starting with security, we had a strong quarter in Q2 and saw many large security orders driven by what we believe is an ongoing SIEM replacement cycle at our customers, coupled with multiple security events that we all saw in the past several months. This was clear at Black Hat last month. Security departments globally are increasingly realizing the need to shift their focus to an analytics-based approach to security, an approach that Splunk has been defining and leading for years. And as I just mentioned, it’s becoming more clear that we’re in the middle of a SIEM replacement cycle, from a traditional structured data legacy SIEM to a modern analytics-based one. Splunk is helping our customers with this shift, as we continue to take full advantage of this opportunity. This past quarter, we introduced a new security solution, Splunk Insights for Ransomware, which delivers an analytics solution to help our customers manage ransomware threats. This is a great example of our ability to leverage the flexibility of the Splunk platform to quickly introduce a new solution that helps our customers deal with their critical pain point. Similarly, in IT Operations and app delivery, where we have our ITSI app, we introduced Splunk Insights for AWS Cloud Monitoring available to customers via the AWS marketplace. This offering delivers an analytics-based approach to cloud migration and monitoring by providing end-to-end visibility into an organizations AWS infrastructure, delivering real-time awareness of performance, health, configuration, security and spend. Our strategy in these core markets continues to be validated in the industry. I was proud that Splunk was named by IDC as a market share leader in both the worldwide IT Operations Analytics Software Market and the Event and Log Management Software Market by IDC. On the security side, ES won three Industry Awards, Best SIEM Solution in the SC Awards Europe, Security Product of the Year in the U.K.’s National Technology Awards and top SIEM solution in the Computerworld Hong Kong Awards. Congrats to the entire team. Now on to notable wins. Cloud-based healthcare services company Athenahealth, who expanded its use to Splunk Enterprise in ES in Q2 as part of its fraud, compliance and workflow initiatives. You can catch our champion, Jake McAleer, speaking at our User Conference next month about using Splunk for healthcare security. The state of Montana expanded its Splunk Enterprise license in order to help better visualize and act on their data. 25 different Montana state agencies use Splunk for a wide range of use cases. The Federal Home Loan Bank of Chicago, a wholesale bank chartered by the U.S. Congress to improve the availability of funds to support home ownership selected Splunk Enterprise and ITSI to enhance the correlation and visibility of information security and operational events within its environment. IP Australia, who administers IP rights to patents and trademarks for the Australian Federal government expanded their use of Splunk Enterprise and ES and added ITSI in Q2 to improve visibility and become much more proactive in resolving IT issues. Harvard Business School, who already uses Splunk to hunt down security threats expanded their use as Splunk Enterprise and ES to add more data sources and provide deeper and broader visibility of their security team. Long time customer, Swisscom, Switzerland’s leading telecom and IT company bought Splunk Enterprise, ES and ITSI to support the company’s strategy to grow their technology services revenue. Swisscom will use Splunk to monitor its services, keep them secure, increase productivity and reduce time to market. Splunk will also be used to drive new revenue streams by packaging up insights from Splunk and deliver them directly to customers. Other notable customer wins in the quarter included Arizona’s Maricopa County, ABSA part of Barclays, the University of Nebraska-Lincoln, Department of Homeland Security, Panasonic Avionics, CentraCare Health System and Regeneron Pharmaceuticals. And no list would be complete without mentioning an interesting IoT and Business Analytics use case. Long Beach Container Terminal is using Splunk as the eyes and ears of the terminals operations. They use Splunk to monitor the performance of their systems, which control dozens of automated cranes and guided vehicles that are vital to moving cargo from the right place at the right time safely and quickly. Long Beach reduced overall system downtime and drove significant performance improvements in logistics, planning and flow of cargo throughout the terminal. As we do each quarter, we highlight a handful of customers who standardize on Splunk as a machine data platform, signing enterprise adoption agreements or EAAs. A few of these quarter’s customers includes, Carnegie Mellon University, who signed a large three-year EAA to use Splunk Enterprise and ES for IT ops and security, and Shutterfly, the online image publishing company who purchased the Splunk EAA this quarter for Splunk Enterprise, ES and ITSI to replace and consolidate multiple tools and leverage data across all of their departments. Our cloud business continues to grow with revenues more than doubling over last year. Our customers are leveraging this Splunk platform to analyze their data regardless of its location on-prem or in the cloud. A sampling of our cloud wins in this quarter include Australian paint and coating manufacturer, DuluxGroup, who is a new customer choosing Splunk Cloud and ES as its SIEM because of our ability to drive value across multiple use cases using the same data. Educational Testing Service or ETS, the world’s largest nonprofit testing company expand their use of Splunk Cloud, which they use as their platform for IT ops and app monitoring. With Splunk ETS achieved 70% reduction in time investigating IT incidents and 50% faster mean tender resolution. Webroot, an endpoint security and threat intelligence services provider bought Splunk Cloud and ES to help eliminate data silos between their IT and security teams. Thanks to our partner, RedSky for their help in this win. George Mason University is a new customer that chose Splunk Enterprise and ES to replace a legacy SIEM, taking advantage of Splunk’s scale and hybrid deployment flexibility, utilizing a combination of on-prem and cloud footprints. Big thanks to our partners of Blackwood Associates for this win. Other cloud wins include, Royal Caribbean Cruises, Uber and Texas Children’s Hospital. Moving on to ecosystem, where increasingly Splunk has been viewed as a critical component of the IT and security landscape. Because it’s Splunk ability to collect all data types and provide correlations across applications, infrastructure, mobile and wire data, we continue to see growing interest in companies partnering with Splunk. Partners who focus on particular components of the IT or security stacks end up being yet another source of data for Splunk. This model allows our customers to leverage the Splunk platform to enhance serviceability of the entire environment, whether it’s on-prem or in the cloud. Recent integrations and joint solutions include Palo Alto Networks, who released the latest version of their Splunk app, which now has more than 30,000 downloads globally. We also released the next version of the Splunk Add-on for Microsoft Cloud Services, which gives Splunk administrators the ability to collect events from various Microsoft Cloud APIs. Splunk and Booz Allen Hamilton announced a private beta of Booz Allen Cyber4Sight for Splunk, a new solution designed to empower security analysts and threat hunters with actionable threat intelligence, and Accenture, who expanded their Splunk Enterprise license to bring a host of new capabilities to their own clients at scale. Splunk is being delivered through Accenture’s new intelligent automation platform, Accenture myWizard, which helps customers turn data into critical insights and drive improved business outcomes. Moving on to partner customer wins, Carnival, the world’s largest cruise line was a joint Splunk AWS win this quarter. Carnival relies on Splunk Cloud and ES to power their security operations center. Another Splunk AWS joint customer win was PagerDuty, who’s featured in a successful joint marketing campaign this quarter, highlighting their success using Splunk Cloud on AWS across a variety of used cases from IT Operations to business analytics. And our partner Verizon Enterprise Solutions had several strategic wins for Splunk in Q2, including two large federal and defense government contracts; one in the U.S. and one in Australia. These public sector customers both significantly expanded their use as Splunk as their analytics-based security platform. In summary, it was a solid quarter. And as always, I’m very proud of our Splunk team. We have a tremendous opportunity that’s immediately in front of us. We’re delivering high value to our costumers, who are expanding their adoption to Splunk, as their platform for machine data analytics and the machine learning, both on-prem and in the cloud. Splunk is uniquely positioned to capitalize on this opportunity, and we’re pursuing it aggressively. We are early in our journey and are investing for scale and growth. Our customer events give us energy and inspiration. Many of you have attended the Splunk live this year, joining the more than 10,000 customers who have as well. I hope to see you at our biggest event, our user conference for.conf, September 26 to 28 in Washington D.C. And additionally, hearing from our customers and partners, our product teams will be making a robust set of announcements, including new releases of the Splunk platform and our solutions. Thanks, again, to all of our customers and partners, and thanks to everyone who works at Splunk. Now, let me turn over to our CFO, Dave Conte.

All right. Thanks, Doug. Good afternoon, everyone, and thanks for joining us today. Our performance in Q2 was solid, with revenues of $280 million, a 32% increase over Q2 of last year. Total billings were $303 million, also up 32% over last year. Cloud revenues totaled $21.3 million and overall software revenues, which include license and cloud grew 30% year-over-year. Customer success remains our number one priority and adoption of our platform and solutions are driving software bookings growth, where more than 80% came from existing customers. We also added over 500 new customers in the quarter and we recorded 541 orders over $100,000. In Q2, international operations represented 24% of total revenues consistent with previous levels and comparable on a year-over-year basis. As Doug mentioned, EMEA rebounded nicely and exceeded their Q2 plan, which was great. Education and professional services represented 10% of revenue in Q2 at the higher-end of our expected range of 5% to 10%. Now turning to margins and other results, which are all non-GAAP. Q2 overall gross margin was 83%, consistent with our expectations and reflecting improving cloud gross margins. Operating income was $15 million, representing a positive margin of 5%, while Q2 net income was a $11.5 million and EPS was $0.08 per share, based on a fully diluted weighted average share count of 142.9 million shares. Now turning to cash generation and liquidity. Cash flow from operations was $23 million, free cash flow was $20 million, and we ended the quarter with about $1.1 billion in total cash and investments. Looking forward to the rest of the year, we expect Q3 total revenues of between $307 million and $309 million, with an 8% non-GAAP operating margin. With our first-half performance and Q3 outlook, we now expect the total revenues for the full-year will range between $1.21 billion and $1.215 billion, up from our prior guidance of $1.195 billion. We’re raising our full-year billings estimate to $1.45 billion and we reiterate our full-year cloud revenue of approximately $85 million in total. Remember, we denominate revenue globally in U.S. dollars and therefore have no foreign exchange exposure to our revenue line. To execute on the large and growing TAM in front of us, we continue to make our investments in the field, product teams, market groups, and of course Splunk Cloud. As I said, with these investments, we expect to see non-GAAP op margin steadily increase to our target of 12% to 14% in fiscal 2020. A significant contributor to op margin expansion will come from gross margin growth as we scale our cloud offering. Our plan is to expand cloud gross margins from about break-even last year to 70% in fiscal 2020, and we’re tracking well against this plan. In Q2, our non-GAAP cloud gross margin reached 30%. And I expect, it will remain around this level for the remainder of the year. For EPS, remember since we expect to be profitable on a non-GAAP basis for Q3 and Q4 full-year EPS calculations, you should use a fully diluted share count of approximately $144 million in Q3 and 146 million shares in Q4. We continue to generate substantial cash flow from the business, and reiterate our full-year operating cash flow expectation of $250 million in total. In closing, our team continues to execute on our mission to deliver high-value to our customers, and we’re committed to driving the best possible customer experience through continued investments in our products, solutions, the cloud and our global reach. Overall, we had a good first-half, and I’m pleased with the outlook for the remainder of the year. Thanks very much for your time and interest. With that, we’ll open it up for questions.

Thank you. [Operator Instructions] Our first question comes from the line of Raimo Lenschow from Barclays.

Hey, thanks for taking my question. First of all, congrats on the great quarter that was really good to see that things came together. My question is around the European performance and the changes you guys did to the SIEM organization in general. Doug, can you talk to like, do you think Europe is fully settled now with that kind of Q2 is good, but there’s still work to be done? And where do you see kind of Susan’s work on a global scale? Thank you.

Hey, Raimo, great to hear from you and thank you for the congrats. As I called out in the script and we talked about last time, we’ve got a strong set second line managers over in Europe. I think, this quarter was a good indicator. We talked about the fact that’s how we had a strong line of second line managers, and I think this quarter is a good indicator of that. My faith, she’s got a really rich pipe of candidates and of course is still looking for the right long-term leader, both internally and externally. And I think that our expectations are that team is very effective at doing their work day in and day out and continue to march towards their numbers in EMEA, and we’ll continue to trust, empower and lean on that team to execute.

Perfect. Thank you.

Thanks, Raimo.

Thanks, Raimo.

Thank you. Our next question comes from the line of Melissa Franchi of Morgan Stanley.

Great. Thank you so much for taking my question. I guess, I’d like to just dig into the cloud transition. So some of the changes that you made at the beginning of the year, I believe were kind of centered around getting your sales force more ready to sell Splunk Cloud. I’m just wondering how that’s progressing relative to your expectations? And I know that you reiterated for the – for fiscal 2018, but just wondering if you’re still kind of tracking to your outlook for FY 2020?

Thanks, Melissa. Yes, the core of Susan’s architecture of the field this year was to balance out the allocation between named and existing accounts and non-named and net new accounts. So that we could drive to the target that we gave you guys and have confidence we could drive to the target to give you guys of going from roughly 2,000 net new customer adds per year to 3,000 plus. As part of that, we’ve had an ongoing set of work to make sure that we have comp neutrality and the right overlay of support for our reps. So that they become more and more adept at driving cloud and are able to understand when the characteristics of one of our customers lead them to cloud, so that we can be successful with that overall cloud initiative. I think it was a good quarter for cloud. They’ve reaffirmed our outlook for the year. We’re tracking the way that we would hope and expect to, given the investments that we’re making across the people, the operating – cloud operations and automation front, the product front to try this key initiative of ours forward.

Great. Thank you.

Thanks, Melissa.

Thank you. Our next question comes from the line of Michael Turits of Raymond James.

Hey, guys. Solid quarter. Can you maybe comment to the ratable mix this quarter, I think, it was particularly strong last quarter, and are you on track for that target of 50% for the year?

Yes. Hey, Michael, it’s Dave. We are tracking to our expectations for the full year. But as you know, we’re giving expectations on mix annually and reporting it that way. So instead of going ratable mix, I’m giving you the cloud revenue explicitly. And right now, we’re tracking well.

Okay. And then, I just got one follow-up. Obviously, you reiterated the guidance – margins for the year. You did guide slightly below margins for next quarter, any one timers there?

No, not really. I think it’s just the seasonality of our margin is reflected in the Q3 guide and what we expect for the full-year. So I think, it’s pretty much on track from where we expect it to be.

Okay. Thanks, Dave.

Thanks, Michael.

Thank you. Our next question comes from the line of Abhey Lamba of Mizuho Securities. Your line is now open.

Yes, thank you, and congrats for good quarter here. Doug, you mentioned, I think, in the previous answer about the progress you are making in terms of accelerating new customer adds. But the metric still is at 500 over the last few years. And I think per your plan, it supposed to accelerate towards 600 a quarter. When should we start seeing uptick in that metric? What the exact steps are you taking and how should we expect it to play out?

Yes, thanks for the question. And that outlook we gave is over the three-year time period from FY 2018 to 2020. Knowing that a big chunk of leading in and getting net new customer coverage to actually occur is reallocating for that coverage, and that was the core Susan’s architecture in FY for this year – for this fiscal year, anyway that should laid out the sales force. In addition, our new CMO, or I guess not sooner now three quarters in Brian Goldfarb has really oriented marketing to be a much more demand gen focused. So a combination of a higher hiring rate kind of more explicit and prescriptive focus of reps covering non-named at commercial and net new accounts plus more aggressive demand gen and top of the funnel activity from the marketing team with a tighter twist to use case specific marketing are all part of the mechanisms we’re putting in place to achieve our goal over the next three years to see that net new numbers start to go on a more aggressive growth curve.

Thank you.

Thanks, Abhey.

Thanks Abhey.

Thank you. Our next question comes from the line of Jesse Hulsing of Goldman Sachs.

Yes, thank you. Hey, one of the themes that we have seen in software this year and over the last few years has been a push by many software companies to shift their model from perpetual to recurring or ratable. And you guys have kind of had this ongoing shift with your term license offerings in cloud. I’m wondering if you’ve given more thought to more aggressively moving the needle in the direction of ratable and sooner rather than later. And I guess, when you look at it, what are the puts and takes there? Is it mostly just doing what the customer would like, or is there other considerations that you’ve looked at?

Good question. So the number one priority for the company that we have are fixated on and centered around is customer success and really drives all of our key decision-making. And as comp neutrality at this point is to really make sure that we hear the customer’s voice that we’re not artificially pushing them one way or the other either to perpetual or to ratable or cloud. But we obviously like the ratable model. We gave a forecast to get to a 75%-plus subscription/ratable over the coming three years. And that’s really based on both the voice of the customer. We see – we all know and it’s past dated to even talk about the cloud momentum at this point in time. There’s a lot of advantage for all of us and utilizing cloud when cloud makes sense. That’s in the face of the reality of that the vast majority of the world’s data still sits behind the firewall and a solution like ours tends to be – is architected and tends to be deployed. So that the data aggregation layers can sit closest to the data without, while having easy search mechanism irrespective of where that data actually is housed. But our three-year outlook assumes, I guess, more and more customers voting to go to cloud and to term on-prem. And we’ll always optimize our commission plan to make sure that customer voice can be heard.

Yes. Hey, Jeff it’s Dave. I think one point that Doug made, it’s really important in terms of differentiating factor for us and our transition then perhaps some other companies. And it’s the realization that customers will continue to request to deploy our products, both on-prem and in the cloud and many of the transitions we’ve seen have – it’s been the removal of perpetual with term, but I think even more weighting towards pure SaaS offerings. So I think, we’ll continue to have the environment, as Doug pointed out, where customers will need our software, both behind their firewall and in the cloud. And that’s really an important element in terms of how our incentive plan is structured.

Yes, that’s helpful. And Dave, I might have missed this, but what are you expecting for billings seasonality in the second-half?

I didn’t guide the billings first-half, second-half. I updated the full-year number to $1.450 billion, both based on the results from the first-half and the strength in the second quarter and our outlook for the back-half of the year. So I think, you can infer the billings calc I think I’ll give you the balance sheet for the third quarter. But I think you can get close to it from a quarterly basis based on the revenue guide.

Gotcha. Thanks, guys.

Thank you, Jesse.

Thank you. Our next question comes from the line of John DiFucci of Jefferies.

Thank you. Nice to see the license acceleration guys this quarter. It looks really good here. I – but Doug, I have a sort of like a high-level question and a follow-up for Dave. And it has to do with some of the conversation around Europe. When I look at you guys, you guys are – you almost had $1 billion in revenue last year, you’ll have more than that this year. And still it’s only about a quarter of your revenue is international and it’s been like that for about five years. And when I look across the universe of software, it’s like – it’s usually around 40% in the U.S. and 60% in international. I’m just curious, is there some reason for this? I mean, your infrastructure software, it seems like you – there shouldn’t be like the regional issues with selling it. And I’m just – or is there something I’m missing here, or is it just a matter of you more aggressively pursuing those international opportunities put aside what happened last quarter in Europe, it just seems like you should have more international business at this point?

So I mean, by an agreement that long-term, we fully expect international to get to be a much bigger number than it is now. And of course, we get to 50-50 and above would be normal and healthy curve. I think part of what we are doing with the Splunk is that, cohort the Dave walks everybody through, where over the course of multiple years, four or five years, you’ll see the typical customer from that class increase their data volume by 10x and their spend by 7x. And so the international markets who guide kind of dual challenge out there further away from corporate and so it’s always little bit harder to grow international wherever that happens to be when I was at SAP Americas wasn’t doing that well and Germany was taken, but normally because they’re a German company and it was harder to get the distance from German entity to do as well. But when you have a solid installed base like we see in the Americas, that has been with us for up to eight or nine years. There are larger deals. It’s easier to get a larger deal from that cohort. It is a one, two or three-year customer. So international has gotten here up in the transaction velocity and laying the groundwork for the big deals. And I’m happy that they’ve been able to hold the ground, given the increasing six and seven-figure deal and cadence that we’ve been driving and logically a big chunk of that coming from America’s. But we absolutely are pushing on the levers and expect that to change over time and have international contribute a larger share than 23% to 25%.

Okay. That does make some sense, I wasn’t thinking about that. But, yes, we’ll see how that develops over time. I guess, Dave, a follow-up. I just noticed the last couple of quarters, the long-term deferred revenue as a percentage of total deferred just sort of popped up a little bit from – up from like low 20s to the sort of mid-20%. And I’m just curious, is that something – I mean, you increased the guidance for the year for total revenue. You maintained cloud guidance. I know there’s term license in there, too. So – and I’ll get – I keep telling you, you’ve got to give us more, but we’ll get that, I think with 606. But I’m just curious, is this something – or we also seeing renewals of those term deals in there, is that what’s really causing that?

Hey, John. Yes, 606 will be a lot of fun for everybody. Thanks for remembering, that’s coming down the pipe. When you think about some of the customer examples that Doug articulated in our prepared remarks, there are number of EAA type transactions. And those historically have almost exclusively been on-prem and would, of course, have be a multiyear characteristics. So when we look at the composition of the quarter, what you’re seeing inside of the composition between current and deferred revenue is certainly some contributions from cloud. But probably a heavier contribution today from standardization, enterprise adoption agreements.

Okay. Okay, great. Thanks, guys, and nice job.

Thank you, John.

All right. Thank you, John.

Thank you. Our next question comes from the line of Phil Winslow of Wells Fargo.

Hey, this is Johana Kamien on for Phil. Thanks for taking my question. This is another healthy quarter for a 100,000-plus deals, and I know this remains the focus. I was wondering how you’re thinking about a pipeline for these deals in the second half and how much they’re being driven by newer areas of business like UBA and ITSI?

The sales team has got a Splunk challenge of managing the run rate business as well as the bigger, notable deals. The big notable deals get a lot of attention because we can all see them much more easily. And the guidance that we had gave you guys is based on the latest views and confidence and what that pipeline looks like that we can see through Q3 and into Q4. A – the – one of the core elements that helps us get time to value and drive success in our accounts is to be focused on use cases. Customers want a solution to their problem, and Splunk is a brilliant, flexible platform that making sure we cast in a way that solves our media problem, helps close that gap of why would I use Splunk and then how do I make sure I get value quickly. And then I think ES and ITSI are two good examples of the general dashboard that a stock owner of the general dashboard, that an IT ops are not going to use to make sure that their systems are operating healthy and doing what they should be doing. And that helps us a lot with that use case orientation. And we’re seeing ES and ITSI continue to be attached to more and more deals, and that’s exactly we want for these premium solutions. UBA is growing nicely as well. But there’s also these 1,500 plus apps on Splunkbase that most of which are free that are downloaded at various rates. Chris talked about the Palo Alto app on the call that has 30,000 downloads. And those make it much easier for specific use cases around different data types. So if I buy a bunch of firewall and I want to get feasibility on the health of my parameter and make sure that I configured my firewalls effectively and that they’re being monitored appropriately, then Splunk is a great solution on top of that. So it’s a combination for us of we are seeing UBA, ITSI and ES be wonderful additions to the portfolio. We’re going to continue to drive more and more packaging and more and more use cases to make it easier for customers get that time to value, and we want to continue to enable the partner, ecosystem like we saw with Accenture, Booz Allen, Verizon as callouts to be able to do that as well.

Yes. Hey, it’s Dave. I think just a couple added points that reconcile back to what Doug was saying. What we expect and what we laid out at our Analyst Day was that we see ASPs go from the mid-50,000 range to the mid-80,000 range. And that’s really around two factors. One just fundamentally, we know and we see it in the cohort and we see it in terms of how customers deploy the product, the more of our system state they deploy, the more value they extract from their data and that flywheel starts to accelerate inside of the enterprise. Ultimately, our goal leading to an enterprise adoption agreement. A big component of that is the combination of our core platform, plus our premium maps, plus partner-driven solutions and other solutions that are available. So when we think about the suite of product that Doug articulated, how that gets deployed inside of the customer that leads to higher ASPs and to your originating question, larger orders overall or more larger orders.

Great. Thanks and congrats on the quarter, guys.

Thanks.

Thank you, Joanna. Thanks so much.

Thank you. Our next question comes from the line of Matt Hedberg of RBC Capital Markets.

Thanks. This is actually Matt Swanson on for Matt. I’ll add my congratulations on the quarter. I’ve got two questions that maybe a little more macro-related both around the security environment. The first would be at the beginning of the quarter, you guys had an article you put out kind of comment on some research about how you see, talk about how overwhelmed security teams are. I was seeing a lot of articles lately about how few cyber security professionals are out there, especially in the forecast. Could you talk about how these trends will kind of effect companies like Splunk and what potential there is for products like you offered to replace those manpower deficiencies and if you’re seeing any of that in customers?

Sure, Matt. So when you look at the core something like Enterprise Security and UBA, the value they add is – there’s a number of value points, one of which is in they help with that human augmentation something like UBA, windows down the sea of events, often millions and tens of millions that made different accounts through the handful of notable events that someone who is actually paying attention to. And the interoperability between UBA and ES helps ensure that as we winded down to notable events, you investigate them effectively with Splunk and then understand what led to it that the role engine and workflow architectures of ES allow you to then codify that and that would be an automated response going forward. So I think, the security analytics trend that we’ve been talking about for four or five years now is one of the core answers that how do you – while most security appointments have to keep deploying lots of different devices, virtual appliances, real appliances to help cover the landscape. How do you actually get insight from all those devices? And you need an effective analytics platform to give that insight. But how do you couple that data flow with machine learning, with predictive analytics algorithms, so that you can leverage the expertise that you have and often paired with some outsource expertise deal, contractors or managed security service providers. Splunk is definitely in the heart of that and that’s lot of the continued momentum that you’re seeing in our security business.

And then just ne more quick one around security. Was any of the strength in EMEA, particularly security base, maybe I was trying to see some of GDPR tailwind?

I think, we’re still early in the GDPR wave. I went out there like a month ago, I think I was last time I was there. And it was beginning – first time I’d heard it in two, three quarters come up as part of many conversations. But I think people are still trying to figure out exactly what does it mean. We do believe strongly that Splunk is a key component to effective GDPR coverage. Our legal and product teams can now have some nice white papers and have two guides. And I would expect that you will see some interesting stuff from Splunk in the coming weeks, months and quarters that help people with this GDPR initiative. So I think there’s more of the features that are occurring right now.

All right. Congratulations again.

Great. Thanks, Matt.

Thank you.

Thank you. Our next question comes from the line of Kash Rangan of Bank of America Merrill Lynch.

Let’s go to the next question, please.

Our next question comes from the line of Brian White of Drexel.

Yes. I’m wondering if you can just comment on customer additions and the big deals here. I just went back in history, it looks like it’s a strongest sequential growth ever for deals over 100,000 in a July quarter, so congrats there. But it does look like it’s the weakest sequential growth was flattish in the July quarter for total customer additions. If you could just walk us through kind of that dynamics and is this something we should think about as we will forward as well?

Yes, thanks, Brian. So the motion that I know we are very effective at, I’ve watched it for three solid years now almost four years is brig enterprise sales. And from a headcount allocation as well as expertise basis and that’s why you’re seeing the continued surge of six-figure deals, seven-figure deals. our coverage is effective there and then this cohort that Dave always talks about, I think, really helps us with that flywheel as well. The new – they’re much more aggressive motion. One say, it’s new, because we’ve always had a team of people covering more of that commercial territory type segment. But I would say it’s been underemphasized and under resourced versus the opportunity. The core of Susan’s architecture, the heart of our decision this year whereas let’s get significantly higher growth rates and focus and attention in that area. We’ve been hiring up leadership around the world. We just had a really talented folks, person in the Americas just a few weeks ago to specifically cover this area. And we’ve been growing the teams as well as a much tighter relationship between marketing and sales to make sure that we are sourcing, following upon and effectively closing leads that are coming from those sets of new accounts. So it is – we’ve charted out as a multi-year journey. You’ve got developed a set of muscles and skills that are there, but are much weaker than the other sets of skills. And its something that is – our number 2 and 3 corporate priorities initiatives and very important the company going forward.

And of your cloud customers, what percent do you think use Splunk in the cloud and on-prem versus just in the cloud?

It’s kind of even that, 50-50 or 50% of them are hybrid and 50% of them are just cloud.

Okay, that’s great. Thank you, guys.

Thanks, Brian.

Thanks, Brian.

Thank you. Our next question comes from the line of Fatima Boolani of UBS.

Good afternoon, and thank you for taking the question. Doug, a question for you, just drilling into some of your comments from the prepared remarks around the joint win you had with AWS in the quarter. I’m actually wondering in those joint win scenarios who the implementation processes and sort of post sales support – whose comp that falls into? And then maybe dovetailing that into Dave’s comments around the incremental cloud margins at about 30%. Can you sort of help me understand how that works and how that sort of translates into your ability to get margin from those joint win?

So the implementation piece would generally tend to be a partner of the two of ours. We’ve got a number of joint partners. It could just be a primary Splunk partner and in some occasions, will be a Splunk processor direct, it depends on the deal. AWS generally leans on third-party partners for implementation. But we are tightly coupled in the selling motion side with their enterprise sales force. And, Dave, do you want to answer the margin question?

The margin is – there’s multiple sources in terms of margin that has been part of our plan all the while. Obviously, economies of scale has always been one as we initiated our cloud business, getting the components that are required, the fixed cost to run cloud that have been embedded in our cloud structure. And as that cloud business continues to grow and we get into variable type expenses, you see margin expansion, couple that with many initiatives we have both from an operational perspective and importantly, from a products capability perspective and you start to see the expanding cloud margins, which have been part of our plan for the next three – well, we’re in the middle of our three-year plan to get to 70%.

If I can sneak another quick one in about your deals over 100,000. I’m curious if the general sticker price on those quarter deals is actually increasing?

So is the average price per greater than $100,000 transaction larger. And I think overall, it is across the customer base back to my earlier comment about, one, the greater amount of the product that you deployed, the great amount of value. But importantly, when you start combining it with the premium solutions, you see an uptick in ASPs, and we expect ASPs to continue to uptick over the next 2.5 years.

Thank you.

Thanks, Fatima.

Thank you. Our next question comes from the line of Keith Bachman of Bank of Montreal.

Hi, thank you. I wanted to ask about the security market. And you generally characterized there’s about 40%. And I want to see, has there been any change in the run rate of the business. In particular against the SIEM portion of your business, and how are you using Splunk is offering more than – increasingly offering more than just SIEMs. And how are you seeing the diversification around the SIEM to help sustain growth. And Dave, just to sneak the follow-up then I know it’s late in the call, but I’m going to ask them both on the same time. DSOs were up a little bit. Is there anything there you want to call out specifically? And DSO were up year-over-year, is there anything else you want to call out specifically and how do you think that will trend next quarter?

Right. I’ll start off with the security piece, which is, yes, as we talked about the security landscape is getting more and more complex for people globally. There’s a lot more notable things happening around the world. Obviously, we saw the ramps more flare up this past quarter, and we are excited to be able to respond quickly with this Splunk Insights for Ransomware package that we delivered in between the two big, notable events more events. I know we got this SIEM replacement cycle that has – we started seeing probably about a year ago, where people were really started thinking about what their next iteration of SIEM is going to be and we see it continuing to pick up speed. And we see that, I mean, all those are great. They’re great for Splunk. We believe that we are incredibly valuable and tight partner to both the security vendors, as well as the customers that are trying to deal with this very difficult task. And the beauty is in the data right reading in for security is often usable and highly valuable for those use cases outside of security. But that packaging you saw for the Splunk – around Splunk randomware is the theme that I think you’re going to see from Splunk in the coming quarters, which is an additional set of packages that focus on the different buying centers that have security-oriented needs. In the compliance arena, in these fraud arena and then just different departments within the general cybersecurity department coming out with more specific packages around perimeter defense, as an example, as given earlier, bringing in firewall data and network packet flow data and others to make sure that your perimeters is well defended.

Yes. And hey, it’s Dave. As it relates to DSO, nothing there. We’re certainly very happy with the trajectory of our enterprise adoption agreements, which tend to be larger. Those tend to happen towards the end of the quarter and can contribute a day or two to DSOs, but there’s nothing anomalous there.

Okay, fair enough. Thanks, gentlemen.

Thank you.

Thank you. Our next question comes from the line of Nate Cunningham of Guggenheim.

Hey, guys. Dave, on gross margin this 400 basis points is still the right way to think about the impact from cloud this year?

Yes, it was – back at the beginning of the year, I said it’s roughly 5. It’s still – it’s moving down. But obviously, nominally given its overall contribution. So call it 4 to 5 drag.

Okay. And for Doug, when you talk about the SIEM replacement cycle, what inning are we in? And how much of that would you estimate is tied to the impending ownership change, is it one of your main competitors?

Yes, good question. I think we’re still early in the innings. The majority of Splunk implementations in and around SIEM vendors is still integrating with. I think that some of market moves probably have an impact. But that cycle really is past its 10-year mark from kind of the gold brush and the big push of both ArcSight and other vendors that came in around the same timeframe. So I think that, as the security landscape is changing pretty notably and organizations are moving to a much more of a heavy analytics, machine learning, big data approach to security, they need a technology solution, both app and underlying capability, like Splunk cast to help them manage that. And I think that’s probably the biggest drivers, it’s just the natural, next-generation of people.

Okay. Thanks, guys.

Thanks, Nate.

Thanks, Nate.

Thank you. Our next question comes from the line of Anne Meisner of Susquehanna Financial.

Hi, thanks, and nice quarter by the way. I have a multipart question related to the Booz Allen partnership. First of all, can we expect to see a GA version of that in the market at some point soon, the Splunk Enterprise Security, I guess, integrated with their threat intelligence? And then secondly, there’s a lot of great vendors out there with unique threat intelligence. Can we expect to see additional partnerships in this area where you integrate third-party intelligence and to Enterprise Security? And then last quick one for Dave, and I apologize Dave in advance for mentioning 606, again. I know you wanted to get to that call without discussing that. But I’m just wondering if you provide a bundled solution with a threat intelligence subscription, would that potentially allow you to recognize those particular term deals ratably under 606?

Yes. Hey, thanks, Anne, for – let me put on my propeller head through accounting hesitation so like the quick answer is, ultimately what you need to do in 606 is look at all the components of what you deliver and assign a fair value to those. And if you have a threat intelligence component that is continuously delivered and it’s tied back to the bits that you deployed on-prem, that would be upfront under 606, you could argue those would be a single delivery mechanism therefore recognize ratably. We don’t have that product offering today. We’re not forecasting that product offering today in that structure. So as we implement 606, we’ll be updating everybody about how to think about our product portfolio, how those get delivered and how we have to assign fair value to each of those components, and what the associated rev rack is.

Anne, yes, on the Booz Allen, I’m really glad you know that and focusing on it. I’ve been down the table since I got this Splunk about how important partners are and how that – the piece that we assemble strongly enough. Absolutely, Booz Allen has full intent to get that thing from a beta to a full GA and product decision. We are working with currently already a number of different trend and total providers. High-end actually nominated and centered the security research activity around one of our top technical and overall Splunk leaders, again, Monzy Merza, almost about a year ago. He has been hiring a set of – a team of researchers to populate Splunk Enterprise and it’s a similar framework with UBA with a threat Intelliflo, which is a mash up of work that we’re doing in third-party work. So we see it going along your lines of thinking that’s definitely what high-end team have been thinking through over the past year in change, both our own and third-party as a key delivery set across the security portfolio and and actually I think we can use a similar orientation even around IT ops, app dev, app delivery, where that is increasingly become – going to become a analytics-driven, machine learning oriented set of activities. That ideally we’ll see some same disruption that we’ve been seeing in the same marketplace as ITSI and the future packages that we’re rolling out became more and more traction there.

Thank you. very helpful.

Thanks, Anne. I appreciate it.

Thank you. Our next question comes from the line of Sarah Hindlian of Macquarie.

All right. Thank you. Hi, Dave and Doug, congrats on the quarter. I wanted to ask you guys about your EAA strategy. You called out, it sounds like some very nice EAA deals in the quarter. And I want to ask how your sales force is dealing with that now? What you are seeing there? And how you’re really driving more all you can eat usage?

Thank you, Sara. So, first of all, EAAs are not necessarily all-you can eat. There are different variations of the EAAs. But the core purpose is to take away the concern that customers may have on lack of flexibility on what their exposures Splunk might be, then the ultimate EAA is, hey, it’s unlimited and go to town. And you likely have all heard me say in past calls, I’m a little bit frustrated with the non – that not every rep is out there upon the door down there and their customer is saying, hey, there’s this thing called EAA and let me tell you about it. We have seen this very good traction around that the past two quarters. And I literally just sat through a presentation. I think yesterday or day before, or sometime this week, with our best practices team and our pricing team that have ruled out a consistent set of frameworks and tools and education and literature to make it as brain-dead simple as we possibly can for any rep to approach any customer and have the right discussion on how we can make it easier for them to get away from the lack of predictability and be able to build a bigger Splunk. We are seeing continued traction there and you can see that with the EAAs are not always big deals or a few smaller customers that do have done EAAs with us, but certainly the biggest deals also tend to be EAA driven deals. And my desire and goal is to see as many customers as we can possibly get that for a department wide usage and increasingly corporate wide where we are seeing lot of users, all of security really wants Splunk across all of the different use cases or all of IT does etcetera. The more that we can the better, I think it’s great for the customers and it’s a nice recurring and effective way for us to run the business as well.

All right, that’s very helpful. And so is there anything you can do with your data cap as well to help that along? Is there any strategy there that you are thinking about just as a follow-up?

What do you mean by the data cap?

So when your customers are running bigger license and you are going to go sell them more, is there things you can do to smooth out that process and make it a little bit less friction?

I’ve got it, okay. So, I think the biggest time dependent among this pole and the project plan I’m getting to an EAA is getting the customer to plan with a photograph, where the power Splunk is that one plus one equals a more than three or four with the different data types. And the more data and the more variety of data, the more correlations and insights they tend to get. And there is usually a journey with the account where we drop-in with a very specific departmental use case to get them going, do that a few times across a couple different departments and then start with connects ops. So seriously that has the biggest impediment and to try and get around that this packaging that I’ve been talking about, continuously coming from Splunk, which allows us, partners and our customers themselves to much more rapidly create use case specific solutions around Splunk, I think is one of the biggest levers that we have to push on to get that momentum going to the point where the customer now wants a department wide or corporate wide licensing structure.

All right, thank you, congrats on the quarter.

Thank you again.

Thanks Sarah, I appreciate it.

Thank you. Our next question comes from the line of Kirk Materne of Evercore.

Hi guys, and congrats on the quarter. Doug, I just want to ask you just a question about sort of Partner momentum these days that your – at one of the Splunklives had recently, the Partner’s commentary on some of the things you are doing, I think were definitely more constructive or more upbeat I guess versus perhaps maybe a year ago. I was just kind of wondering what kind of progress you’ve seen on that front and what you are hoping to get in terms of sort of a force multiplier and in terms of your go-to-market strategy from the Partner channel as we look out say, 6 to 12 months? Thanks.

Thanks Kirk. The hard part of that so much what we talk about is, you lay the investments for a lot of our initiatives, four quarters, six quarters, eight quarters, before you actually start to see the true fruits and I think Partner has been one of those. Obviously we’ve been talking a lot about how do we get after a net new and the lower accounts as one of those that we are investing a lot now that we’ll see the returns over time. I agree, I mean we’ve hearing what you are hearing. I’m hearing a lot more positive things from the Partner community, we really started that journey two plus years ago, the latest rollout of our Partner Portal, I think was a really good step that put automation and replication and scale in place for a lot of the human programs that we put in place a year and half or two years ago. We’re seeing Partner originated registrations, registrations go up and I think a piece of that is they now have a easy way of doing that, they sell automated, but there is a lot more effect of education and self-service, all the way down to marketing development funds and other activities that the Partners now have access to. We’ve over the years – over the past year and half, two years, we’ve peeled off a lot more technical resource to help get these guys enabled. I think a lot of packaging we’re talking about will them, we’ve been running some experiments with different Partners for how do you tie Splunk, now that’s itself Splunk native, but tied to one, two, three different technologies and due to true value added work that I think helps differentiate them and speeds up the sales cycle. So it’s a constant drumbeat and I think Susan, Sherilyn and a woman named Brooke Cunningham and a whole set of people that have been working at this for a while are starting to get some of the results and it’s definitely something that is a top priority, it has been a top priority for the company and will continue to be, given that we have always got, Dave and I always talk about coverage, coverage, coverage, coverage, how do we get enough feet on the street and we need our Partner community to be there with us in a way that they add value to help with that coverage piece.

All right, thanks Doug, congrats guys.

Thanks Kirk.

Thanks Kirk.

Thank you. Our next question comes from the line of Mark Murphy with JPMorgan.

Hey guys, this is Albert Chi actually on for Mark. Thanks so much for taking my question, but I want to ask if you can quickly comment on what you are seeing vertical wise and I know that you noticed some impressive customer wins, but was there any outperformance in any sector that you’d call out? And kind of related to that, could you talk about the federal space and the opportunity that you are seeing especially as we’re nearing the government fiscal year end? Thanks very much.

Thanks Albert. I mean, we have – the only real vertical that we have carved out in the go-to-market motion and it’s been carved out for five plus years as public sector, which is kind of classic definition of federal, state and local and education. That is principally less, although we have now implemented that in a handful other countries where we’ve got a little bit more maturity. And that’s been a really, really important go-to-market initiative for us, that’s why we are replicating outside the U.S., they are our critical customer base and obviously their data needs are very high, especially in the security space. So it’s important, we remain focused on it, and while there is an end of year cycle with the U.S. government that we’re experiencing, it’s – there is mid-of-year cycle every year, so I’m excited about our what our team is going to do, but there is a year-over-year impact that mutes out a little bit. The other vertical is that, we’ve tended to be a little bit stronger and it’s probably more just both our ability with technology and engineering, as well as our data creation and consumption needs has been telecommunications, financial services and web-based properties or high-tech properties. And Susan has taken – we had about a two year dream there to start to allocate more people to those in addition to some of the IoT work we’re doing with manufacturing, healthcare and a handful of other verticals. But we have seen some of these big EAAs, and particularly if I carve out financial services or telco, really start to become something that customer demands as we get into line of business oriented use cases in these verticals. I’ll give you one quick example that we see replicate across different telcos. Obviously quality of service delivery is critical to them and it’s really, really difficult for them to do. There is lot of variance and variability and cell tower switchover and cell tower coverage and the huge complexity of equipment from a multitude of vendors on a landline, hard line distribution and allowing Splunk to navigate some of data around that and do that ML and analytics work to optimize their performance is something that we’ve got some really good use cases around that’s very different than our classic security, IT ops type of work that has material revenue and customer set impact. So those types of activities, I think are what we’re looking for as we start to aggregate some of go-to-market, as well as marketing and some product folks around some of these verticals.

Thank you and congrats again.

Thanks Albert.

Thanks Albert.

Thank you. This does conclude our Q&A session. I would now like to pass the call back to Mr. Ken Tinsley for any closing remarks.

Great, thank you. And thanks to Jerald, I really appreciate your help today and thanks everyone for your participation. As always, if you have any questions, please feel free to contact us here tonight, we’d be happy to help you out. Thanks so much, have a good evening.

Ladies and gentlemen, thank you for participating in today’s conference. This does conclude the program and you may all disconnect. Everyone have a great day.