Date of Recommendation:          March 12, 2020
Stock Price at Publishing:       $48.76
5 Year Price Target:             $170.00

Elastic (ESTC) stock should be considered for long term investment. I expect the price of Elastic’s stock to increase significantly over the next 5 years.  Growth will be driven by their leading position as a generalized development platform for search, which in the broadest sense encompasses wide applications of data discovery. Their product development cadence has accelerated in the last few years, driven by thoughtful acquisitions and organic growth. Strong developer mindshare is supported by an open core software licensing model. Revenue growth has been consistently high with impressive customer expansion rates. The leadership team is strong, led by a technically-oriented founder and CEO. I expect the stock price to more than triple and exceed $170 within the next 5 years.

History and Technology Foundation

Elastic is a search company. Over the years, the notion of search as applied to internet-based software companies has evolved significantly. The original and most basic use case is text search – we are all familiar with the exercise of typing a few key words into a search box and getting back a set of results. As the types of data served from web sites expanded beyond text to products, locations, statistics, user profiles and more, the same core search technology could be applied to these data retrieval use cases as well. Examples included product facet search (shopping), profile matching (dating), content recommendations (video streaming), geographic proximity (mapping), etc. As large volumes of log data began being generated by all sorts of online applications, search could be applied to mine these as well. This elicited use cases like log analysis, APM, security monitoring, business analytics and metrics. The technologies provided by Elastic are able to support all of these functions.

However, Elastic wasn’t the first company to build a generalized search capability. Putting aside proprietary solutions, like Google, the first general purpose, open source search technology was Lucene. Elasticsearch uses Lucene under the covers. Lucene was developed by Doug Cutting in 1999, a luminary in open source, who also built Apache Hadoop. Lucene is a general purpose open source search engine software library, originally written in Java, but has been ported to most other major programming languages. Lucene became a top-level Apache project in 2005. To supplement Lucene, Cutting also built Nutch, which is an open source web crawler. Between Lucene and Nutch, one could build a general search engine, much like Google or Bing.

In the early 2000’s, while recovering from the dot-com bust of 2001, several internet based companies were building out their businesses on the web. Where they needed operational search capabilities at scale, there were few options. Lucene provided a good base set of libraries upon which to build search functionality, but it couldn’t be deployed to a server out of the box and immediately begin indexing and querying content. An additional set of functionality was needed to handle this plumbing and infrastructure in order to make Lucene into a “server” (in this context, responding to requests over a neutral protocol like HTTP).

One company that ran a number of popular web properties was CNET Networks (CNET, Gamespot, Download.com, mySimon, ZDNet, etc.). CNET needed a way to support faceted search of its catalog of technology products. Faceted search represents the common set of filters that an online shopper can apply to reduce a set of product options – size, color, price range, etc. In order to support this, in 2005, the CNET engineering team took the core Lucene libraries and then built an HTTP server around them. This was called Solr, which is now an Apache project. In fact, the acronym SOLR stands for Search on Lucene and Resin, which is a lightweight HTTP server.

Solr enables a number of search operations – full-text search, faceted search, real-time indexing, clustering and data ingestion. Solr can pull data from a number of sources, index it and store it internally in a format suitable for rapid query retrieval (technically a reverse index). Solr was designed for scalability and fault tolerance, by supporting horizontal load-balancing of many individual servers. It exposes a REST-based, JSON API over HTTP that makes communication with other services open and distributed. Solr is still supported today and is widely used for enterprise search and analytics use cases.

The Solr Wiki page lists a summary of the generalized operations that Solr performs, which provides useful context for other search appliances like Elasticsearch. In order to search a document, Apache Solr performs the following operations in sequence:

  1. Indexing: First of all, Solr converts input data or documents into a machine-readable format which is called Indexing.
  2. Querying: Understanding the terms of a query asked by the user. These terms can be images or keywords, for example.
  3. Mapping: Solr maps the user query to the documents stored in the database to find the appropriate result.
  4. Ranking: As soon as the engine searches the indexed documents, it ranks the outputs as per their relevance. Ranking is a calculation of a score, based upon desired weights input by the developer.

According to the Apache Solr web site, Solr is used by a number of large scale web sites, including Instagram, Netflix, Disney, Bloomberg, Travelocity and Zappos. This is important to consider, as we look at competition and alternatives to Elasticsearch.

Around the same time, Shay Banon, the founder of Elastic, was working on his own search solution. As the story goes, he was trying to build a search engine for his wife’s collection of cooking recipes. In 2004, his first iteration was called Compass. After working on a few iterations of Compass, he realized that he wanted to create a distributed solution that supported a common interface for integration, namely JSON over HTTP. This became Elasticsearch, which was released in 2010. Like Solr, Shay also chose to utilize Apache Lucene for the core search libraries.

Elastic NV was founded in 2012 by Shay and three others to provide commercial services and products around Elasticsearch. At that time, two other related open source projects were gaining traction. The first was Logstash, which provides tools for collecting log data from a variety of sources, transforming it into a common format and then forwarding the output to the “stash” of a developer’s choosing, generally the Elasticsearch cluster. The second was Kibana which provides a way to visualize the data in Elasticsearch. The developers behind these two projects decided to join the Elasticsearch company. Combining these projects into a product suite, it was dubbed the ELK (Elasticsearch, Logstash, Kibana) Stack. The company was rebranded as Elastic, in order to reduce confusion with the Elasticsearch product.

The company kept adding new product capabilities. They released two commercial plugins – Marvel for monitoring and Shield for security. In 2015, Elastic added Beats, which provides a set of lightweight shippers to send any kind of data (network, logs, metrics, etc.) from source servers to Logstash and Elasticsearch. This code was all available for download as a package, which engineering organizations could then run themselves. To simplify adoption, Elastic made Elasticsearch and Kibana available as a service on AWS, which was named Elastic Cloud.

In 2016, all the product offerings were bundled into a single package, called Elastic Stack 5.0. This was a big step forward, as it introduced a fully tested and integrated offering. This release also formalized the separation of commercial plugins (Shield, Marvel, Watcher) into a single bundle called X-Pack. Features included security, monitoring and alerting for the core Elastic Stack.

In 2017, with the emergence of hybrid cloud solutions, Elastic released a stand-alone version of the Elastic Stack, which customer companies could use to run the Elastic Stack themselves. This was called Elastic Cloud Enterprise (ECE). ECE facilitated the management and orchestration of all Elastic products across multiple clusters in any hosting environment.

In 2018, Elastic decided to open source the commercial X-Pack features and ship these with the default distributions of Elasticsearch, Kibana, Beats and Logstash. This allowed the developer community to inspect and contribute to source code associated with commercial features, in the same way as the core free capabilities. This provided the foundation for Elastic’s “open core” software software licensing model, which I will address later.

Financial Overview

On October 5, 2018, Elastic went public under the ticker symbol ESTC. The stock closed the first day of trading at $70.00. Over the next 12 months, the price drifted up and broke $100 twice, peaking in August 2019 around $104. Like most software stack companies in 2H2019, ESTC share price pushed back down 20-30%, settling in the mid-$70’s again by December. On December 4, 2019, Elastic released Q2 2020 results, which disappointed investors, sinking the stock price by nearly 18% the next day. Q2 revenue grew by 59%, beating analyst estimates by a wide margin. At issue was billings growth of 41%, which missed estimates calling for 42% growth and was down from 51% in the first quarter. On the analyst call, management noted that some federal government deals were delayed and this was simply an issue of timing. They recommended that investors track customer and revenue growth as a better measure of the company’s progress. This isn’t the first time analysts and investors have over-reacted to billings metrics. For the next few months, the stock was range bound in the $60’s.

ESTC Stock Chart, YCharts

Q3 2020 Earnings Report

On February 26, 2020, Elastic released earnings for Q3 2020. Ironically, the billings miss from the Q2 report had no impact on Q3 revenue and the ESTC reported solid results. The next day, ESTC closed up 12.7% at $71.93, reaching as high as $77.00.

Here are some highlights from the Q3 earnings release:

  • Q3 Revenue grew 59.9% to $113.2M versus the analyst estimate of $107.3M. This compares to 59% growth in the prior quarter. The original revenue estimate would have represented growth of 51%, so this was nice outperformance.
  • Q3 Non-GAAP EPS was ($0.28), which was $0.07 better than the estimate of ($0.35).
  • Q4 Revenue estimate is $119.5M vs. $118.5M consensus, a slight raise of $1M. This would represent year/year growth of 48.2%. Investors should consider the magnitude of the Q3 beat and assume over-performance here.
  • Q4 Non-GAAP EPS estimate is ($0.31) vs. ($0.33) consensus, representing a $0.02 raise.
  • FY 2020 Revenue guidance was raised to $423.5M vs. $416.7M consensus. This would represent annual growth of 55.9%.
  • FY 2020 Non-GAAP EPS guidance was raised to ($1.12) vs. ($1.22) consensus.
  • Revenue from the hosted Elastic Cloud solution grew 114% year/year
  • Calculated billings grew 54% year/year, a nice acceleration, but again, management guided analysts not to rely on billings as a leading indicator.
  • Non-GAAP operating margin was -18%.
  • Free cash flow was -$24.2M, or a FCF margin of -21%.
  • Total subscription customer count was over 10,500, compared to over 9,700 in Q2. This represents sequential growth of 8.2%.
  • Total customer count with Annual Contract Value “ACV” greater than $100,000 was over 570, compared to over 525 in Q2. This represented growth of 8.6%.
  • Subscription revenue comprised 92% of total revenue.
  • Net Expansion Rate continued to be greater than 130%.

On a “Rule of 40” basis, Elastic just hits the base measure. Revenue growth of 60% + FCF Margin of -21% = 39%. Obviously, profitability is the gating factor here.

Analyst Coverage

Overall, ESTC has 10 buy ratings and 3 hold ratings from analysts, with an average price target of $103, representing over 100% upside from current prices. Since the earnings release, ESTC received two analyst updates according to MarketBeat, both of which were reiterated Buy ratings and price targets of $90 and $130. Obviously, the environment has shifted in the last couple of weeks and we might expect some downward revisions.

ESTC Analyst Ratings, MarketBeat

Product Overview

One impressive aspect of Elastic, which underscores one of my characteristics for a successful software stack investment is their rapid product development motion. This has been driven by both acquisitions and organic development. For evidence of this, investors needs only look at the Press Release section of Elastic’s web site. You will see a rapid fire pace of announcements.

Elastic is fundamentally a “search” company. As discussed previously, the scope of search has dramatically expanded since the early days of simply powering a full-text search box on a content web site. Use cases now extend into many types of enterprise search experiences, along with observability (log analysis) and SIEM (security information and event management). Elastic has created the Elastic Stack to address all of these search experiences. Specifically, Elasticsearch, Kibana, Beats and Logstash allow developers to take data in any format from any source, and then transform, index, analyze and visualize it in a rapid and scalable manner. Since most observability and security functions involve the granular analysis of server logs, these are natural extensions for search.

Elastic Q3 2020 Earnings Deck

Elastic’s solutions can be deployed in three different configurations, depending on customer preferences and their existing infrastructure foundation. This provides customers with flexibility in their hosting approach and recognizes that many enterprises haven’t fully migrated to the cloud (nor immediately plan to).

Elastic Cloud allows the customer to outsource all the hosting to Elastic. In this case, Elastic will provision and run the Elastic Stack service in the desired cloud provider. Deployments on AWS, GCP, Azure, Alibaba and Tencent are supported. Customers can run the basic Elasticsearch service with Kibana. This is priced at as little as $16 / month. The generalized Elasticsearch service can be applied to all relevant solutions – enterprise search, observability or security. Pricing is based on 4 tiers of options – standard, gold, platinum and enterprise. Higher level options include support response, security, endpoint protection, machine learning and custom plugins.

As alternates to jumpstart specific search use cases, Elastic offers the App Search Service for as little as $23 / month. This deployment is customized for search functionality associated with a user application, versus observability or SIEM. It provides schemaless data ingestion and a custom management dashboard to allow customers to rapidly enable a search experience. Data indexing can be done by plugging one of the API clients into the customer’s application. Once indexing starts, then search functionality will automatically be available.

For customers looking for an out-of-the-box site site search solution, there is the hosted Elastic Site Search Service. This is a bit more expensive, starting at $79/month. However, it performs all the functions necessary to power a site search feature, without requiring custom development. The customer simply kicks off a crawl of their website and the Site Search Service handles the rest. A developer adds a few lines of code to display the search box and return a results page. The service scales automatically, regardless of how much content is indexed over time. Pricing ramps up based on volume of documents indexed, frequency of crawls, support levels, persistence of logs and desire for any add-on features.

In addition to the Elastic Cloud deployment model, enterprises can choose to manage the Elastic Stack themselves, either through Elastic Cloud Enterprise (ECE) or Elastic Cloud on Kubernetes (ECK). These models are ideal for organizations that self-host their product environment or utilize a hybrid approach. In either case, the customer IT organization has access to the same tools that Elastic uses to manage the Elastic Stack internally.

Let’s examine each of the three product solutions in more detail, including typical use cases.

Enterprise Search

Elastic Enterprise Search allows developers to implement search experiences across web sites, custom apps or e-commerce stores. This can also be applied internally to facilitate search across documents generated by a team’s work collaboration tools. Content sources might include Google Drive or Salesforce. Data import connectors are available for a many popular collaboration tools.

Enterprise Search can be applied towards site search. This could replace home grown solutions or Google Custom Search. Site search crawl frequency is configurable with the ability to automatically ingest new content. Site Search provides built-in analytics dashboards of search activity, which enables a feedback loop for further tuning.

App Search allows developers to create a customized search experience for their user applications, like a product recommendation or mapping function. On the data ingestion and indexing side, all expected functionality is supported, like stemming, typo-tolerance and bigrams. Similarly, for search queries, common features like setting synonyms, boosts, adjusting relevance models and assigning weights for individual fields are all configurable. With these, developers can fine-tune retrieval and precision.

Observability

Elastic’s Observability solution allows IT organizations to coalesce server logs and events form other systems into a single view for monitoring and alerting. Making a system “observable” enables operators to detect undesirable behaviors, like long response times and errors. Additionally, once an issue is detected, observability tools provide sufficient data about the behavior to identify root cause (event logs, application error traces, resource utilization, etc.)

One of the challenges previously for DevOps teams (those responsible for system uptime) was that observability data was often collected and displayed in different systems. At minimum, one system collected server logs, aggregated them and provided a search interface on top (like Splunk, PaperTrail, etc.). A second system has an agent embedded into servers that collects processing traces for application requests (New Relic, Dynatrace, etc.). When an issue occurs, like a customer receiving an error response on a web site request, DevOps team members would have to search both systems in order to find root cause.

The latest trend in observability solutions is to consolidate all relevant data into a single operational data store and provide one view of application performance in an intuitive user interface. The ideal case now is to expose system operators to all data relevant to the performance of their application – whether it is a log entry from the servers, trace data for processing an application request, or resource utilization metrics in a time series. Then, if an issue surfaces, the operator can quickly drill down into all source data in one interface to troubleshoot root cause. I can attest to the benefit of this consolidation, when I managed uptime at several large internet properties through a combination of Splunk and New Relic. Having all this in one view would be a huge time savings. ESTC isn’t the only company doing this, though. I will cover competitors later in this post, but Datadog (DDOG) takes a similar approach towards holistic observability.

Finally, as teams get familiar with the typical performance of their application, observability can help “predict” that an issue might occur in the future. This can be based on algorithms or machine learning processes that examine past performance data, set expected ranges for normal performance and trigger warnings when incoming data indicates abnormal behavior is forthcoming.

The Elastic Stack is an ideal solution for addressing the observability challenge. This is due to a couple of reasons. First, Elastic has gone beyond basic text search through an inverted index (use case of just typing “error” into a search box). A few years back, they added a columnar data store optimized for writing and retrieving dense numerical time series, which is the primary format for performance metric data. This columnar data store is used to structure data extracted from server logs, both string tokens and numerical values. Data collection, extraction and formatting is automated through a plug-in called Metricbeat. These enhancements drove many users to apply the Elastic Stack to ingest not just logs, but metric data, in order to create a complete view of their production systems.

As the final piece of the puzzle, Elastic introduced Elastic APM in 2018. APM (application performance monitoring) provides detailed traces of application processing for user requests. These are often displayed as “waterfall” views where operators can see time spent in each step of a transaction by resource. This allows them to quickly identify bottlenecks in distributed systems, like long database query times or time-outs for API requests to third parties. The visual aspect of these read-outs are the key, as it becomes easy to identify problem areas. Data is consolidated and displayed in pre-packaged, intuitive dashboards. This visualization capability is provided by Kibana. Tracing data coexists with infrastructure logs, server metrics, security events, allowing all to be viewed in a single screen.

While the dashboards provide a real-time view of current activity, DevOps personnel won’t spend the day staring at them. Elastic APM allows users to set thresholds for key performance values and generate an alert notification when a value goes out of range. Additionally, machine learning features are available to model past performance data and set these thresholds automatically.

Finally, Elastic APM provides software agents for a variety of development frameworks, including Java, Go, Node.js, Python, Ruby, .NET and Javascript (for browser apps). This makes data collection easy and adheres to the standard established by other APM solutions.

Elastic Blog Site

Security

The Elastic Security solution combines endpoint security and SIEM to provide customers with the ability to identify potential threats at the entry points to their networks, centrally collect all user activity and analyze log data for patterns associated with nefarious activity. Similar to observability, this was a natural extension for Elastic, as security analysis is based on the capability to collect and analyze large volumes of log data efficiently. The additional insight needed was how to identify patterns of behavior in that log data associated with security exploits.

What’s interesting about the evolution of the security solution at Elastic is the customers first started using the core Elastic Stack to build security monitoring themselves. In May 2019, Elastic announced that Ricoh, a Japanese imaging company, was using the Elastic Stack to aggregate and analyze log data from devices across their network to identify potential security threats. In this case, Ricoh utilized the components of the Elastic Stack with support from Elastic solutions engineers to custom build a security monitoring system. Assuming Ricoh security engineers understood the threats they faced and could translate those into log patterns to locate, I can see how they were able to create this point solution. This implementation eventually evolved into Elastic’s SIEM product, which was officially announced in June 2019.

The expansion of SIEM didn’t stop there. In the 7.3 release in July 2019, Elastic announced the addition of machine learning capabilities to the SIEM solution. This allowed users to easily enable and run a set of machine learning anomaly detection jobs designed to detect specific cyber attack behaviors. Detection rule creation becomes automated, going beyond manually adding and adjusting static rules. The 7.4 release in October 2019 expanded the number of machine learning jobs to detect common security threats on network and host activity data collected by Auditbeat. Examples include detecting anomalous processes, nonstandard network port activity, and more. With the Elastic 7.6 release in February 2020, the team added 100 more rules to automatically detect tactics and activity indicative of threat behavior. These will be continually updated to address new threats. Additionally, this release significantly expanded coverage for Windows, which is a common user device OS in Global 2000 companies.

In June 2019, Elastic announced their intent to acquire Endgame, a provider of endpoint security solutions.

About Endgame

Endgame makes endpoint protection as simple as anti-virus. Leveraging advanced machine learning technology, Endgame enables security operators of any skill level to deliver full-force protection, stopping everything from ransomware, to phishing, and targeted attacks. Endgame is the only endpoint security platform to offer a unique hybrid architecture that delivers both cloud administration and data localization that meets industry, regulatory, and global compliance requirements. The US military as well as some of the world’s largest commercial organizations rely on Endgame to protect their people, technology and mission, globally.

Elastic Press Release, June 5, 2019

The intent of this acquisition was twofold. First, the security exploit expertise within Endgame’s organization would quickly extend Elastic’s nascent SIEM capabilities. Presumably, they provide deep expertise and data history on what nefarious security activity looks like. This knowledge could then be incorporated into the necessary pattern detection to surface potential threats from the volumes of log data being pulled into the Elastic Stack. Second, it allowed Elastic to extend their product suite into an actual endpoint security solution. Specifically, Endgame had Endpoint Prevention, Detection and Response (EPP + EDR) product offerings. These allow enterprises to extend threat identification to the device endpoint. Interestingly, Endgame was already using the Elastic Stack internally to collect and parse endpoint data. Endgame brings broader and deeper coverage to the agent deployment infrastructure already supported by Beats, allowing customers to deploy Elastic security agents to all types of user devices and network entry points for data collection. Endgame endpoint agents bring a significant expansion of security specific context to the Beats data collection agents that Elastic had already been building. Additionally, with an agent deployed to each device, some logic could be applied locally to detect threats and apply some preventative measures in parallel to reporting incidents back to the centralized Elastic Stack monitoring system.

Similarly, Beats agents were previously deployed on “server-side” application stack and network devices. The Endgame acquisition allowed Elastic to extend this to “client-side” devices, on a wide variety of operating systems like Windows, Mac, Linux and Solaris. The Elastic Common Schema (ECS) format has been extended to accommodate security device context, allowing all data types to be shipped and aggregated into Elastic’s centralized indexes for querying by Elasticsearch and display by Kibana. Being an Elastic Stack user, Endgame already had a number of custom security-oriented Kibana dashboards built that could be incorporated into Elastic’s solution to provide customers with an out-of-the-box capability with security context.

Elastic officially launched the Endpoint Security product offering in October 2019. With this release, customers could go beyond monitoring for security threats centrally using the SIEM product and actually protect the endpoint in advance of central threat detection. This was accomplished through Endgame’s existing threat prevention agent technology. This release also changed the pricing model to eliminate per device pricing and adhere to the same Elastic Stack pricing model associated with resource utilization, regardless of the tool used.

It is remarkable how quickly the Security solution has evolved, given that Elastic officially announced it less than a year ago. This represents impressive product development expansion, considering that competitive endpoint protection solutions (Crowdstrike, Carbon Black) have been doing this for much longer (more on this in the Competition section). I think this underscores the advantage Elastic has of building these solutions on top of the foundation of the Elastic Stack and recognition that many of these use cases are simply intelligent extensions of search.

Other Product Solutions

Beyond the core solutions of enterprise search, observability and security, Elastic is promoting a couple of point solutions around Kibana.

Kibana Lens. In December 2019, Elastic launched Kibana Lens. Lens allows users to conduct basic data analytics exploration and visualization tasks. It includes a drag-and-drop interface to view data in an Elasticsearch index and build out visualizations. Charts and data aggregations can be swapped out in real-time through the UI. It also makes smart suggestions that provide alternative ways to visualize data based on common usage patterns.

What is interesting about Kibana Lens is that Elastic implies it could be applied to data aggregation and visualization for teams outside of DevOps, like marketing, sales, business operations. Elastic cited one customer example of this in the release blog post. “Harel Insurance Investments and Financial Services Ltd. is currently using Kibana to visualize and explore operations, security, business, and marketing data, and they’ve expressed excitement at the new possibilities introduced by Kibana Lens.” This extension of Kibana would move it into the space of traditional BI / analytics visualization tools, like Looker or Tableau.

Kibana Canvas. Kibana Canvas is similar to Lens, but focuses on creating visually rich dashboards that pull live data directly from Elasticsearch and combines it with colors, images, text, and other customized options to create dynamic, multi-page displays. While Lens would be used internally for ad-hoc data analytics functions, Canvas could be used to create publicly facing dashboards or views for customers. These might be displayed in kiosks or on screens in public places, like a flight departure display or market summary.

Acquisitions

Elastic has successfully expanded their product offering through selective acquisitions and strategic partnerships. Here is a list of examples:

  • Swiftype – Site Search and App Search Services
  • Opbeat – APM solution
  • Prelert – Machine learning features
  • Packetbeat – Beats product
  • Found – Elastic Cloud offering
  • Endgame – SIEM and Endpoint Security solutions

We can expect this motion to continue. Acquisition represents a powerful mechanism for rapidly expanding Elastic’s product solution coverage, in addition to their own internal development team’s efforts. This is enabled by Elastic’s open source model, which has created an ecosystem of adjacent software providers. As these get traction with strategically aligned product roadmaps, Elastic can opportunistically bring them in the fold.

Open Source Philosophy

At its foundation, Elastic is an open source company. However, there is nuance in how they apply licensing of their source code in order to distinguish between open, free and paid features. All source code is “open” in that anyone can inspect the code, create issues against it and generate pull requests with suggested changes through the Elastic public GitHub repository. However, only Elastic personnel can accept the changes and incorporate them into the main code line.

Elastic Q3 2020 Earnings Deck

Early on, Elastic maintained open source code for the core product offerings (Elasticsearch, Kibana, Beats, Logstash) under an Apache 2.0 license. Commercial features were bundled into a closed private repository and referred to as X-Pack.

In February 2018, Elastic announced they were opening up the private X-Pack code and making it available for inspection, like the core offerings. However, the code associated with proprietary features would be covered by a separate Elastic License. The license basically only allows use of proprietary features in a testing environment and prohibits “transfer, sell, rent, lease, distribute, sublicense, loan or otherwise make available the Commercial Software Source Code, in whole or in part, to any third party.” So, a user must agree to utilize the commercial features only in their production environment and cannot resell or host the software for other users to consume. This essentially prohibits cloud providers, like AWS or Azure, from hosting a version of the Elastic Stack with all proprietary features for their cloud customers. I’ll cover this further in the competition section.

Elastic refers to their approach of open source, as being “open core”. Elastic’s CEO defined what this means for Elastic in a blog post.

To identify high-value features and to offer them as commercial extensions to the core software. This model, sometimes called ‘open core’, is what culminated in our creation of X-Pack. To build and integrate features and capabilities that we maintain the Intellectual Property (IP) of and offer either on a subscription or a free basis. Maintaining this control of our IP has been what has allowed us to invest the vast majority of our engineering time and resources in continuing to improve our core, open source offerings.

Shay Banon, Doubling Down on Open, Feb 2018

This open core model has worked very effectively for Elastic, as many of the new product offerings came from the community and were incorporated into the company through acquisition. This was the genesis for Logstash, Kibana and Beats. This model has arguably provided significant competitive advantage for Elastic and is driving the rapid product development expansion.

Proprietary features provide incremental value for larger enterprises deploying Elastic Stack at scale. Some proprietary features are free to customers, some are paid add-ons. In this context, though, free does not imply unlicensed. Examples of useful paid features are granular system monitoring, alerting, some machine learning features, endpoint security, data encryption at rest and support. Support from Elastic engineers is available in paid subscription levels and would be highly recommended for any large user of the Elastic Stack. If the Elastic Stack will represent a core part of their infrastructure, the enterprise would want to know that they could tap the experts at Elastic if they encountered a serious production issue.

Total Addressable Market

Defining the total addressable market for Elastic is an interesting exercise. On one hand, we can generate market size estimates for each of the existing solution focus areas – enterprise search, observability and security. In the future, though, we can expect more of these use cases to surface, as Elastic has proven its ability to extend its core “search” capabilities to new categories of behavior. As digital experiences continue to evolve, “search” or fundamentally, information discovery, will be at the foundation of many features.

Elastic elucidates this well in their S-1 filing.

Why we search remains constant: we’re looking for insight, information, and answers. But how and what we search changes over time, from the Dewey Decimal System for libraries to Google for the World Wide Web to conversations with virtual assistants for everyday inquiries. Today, what we search has grown to include a rapidly increasing amount of structured and unstructured data from a multitude of sources such as databases, websites, applications, and mobile and connected devices. While search experiences often begin with search boxes, they are not confined to them. Dragging your finger across a map on a smartphone screen is search. Zooming into a specific time frame in a histogram is search. Mining log files for errors is search. Forecasting storage capacity two weeks into the future is search. Using natural language processing to analyze user sentiment is search.

Elastic created the Elastic Stack (previously known as the ELK Stack), a powerful set of software products that ingest and store data from any source, and in any format, and perform search, analysis, and visualization in milliseconds or less. Developers build on top of the Elastic Stack to apply the power of search to their data and solve business problems. We have also built software solutions on the Elastic Stack that address a wide variety of use cases including app search, site search, enterprise search, logging, metrics, APM, business analytics, and security analytics. The Elastic Stack and our solutions are designed to run on premises, in public or private clouds, or in hybrid environments. As the technology landscape shifts, our products grow and adapt. In that sense, we believe that our company is truly elastic.

Elastic S-1 Filing, Sept 2018

Even in their own definition of their product landscape and list of solutions, Elastic hints at the open-ended nature of their market opportunity. This is one of the advantages of the Elastic offering. They provide a development platform, on which legions of developers can build new applications for “search”. Each application will generate revenue for Elastic from license fees for commercial offerings. Additionally, they provide a continuously evolving hopper of ideas from which Elastic can pull to make new official solutions. This is what they did with Security after observing Ricoh roll their own custom solution. Elastic even states this explicitly – “The Elastic Stack is foundational technology that addresses markets and use cases in many ways. In the future, we expect our users to continue to apply our technology in new ways, helping us create more innovative products, features, and solutions. As a result, we expect our total addressable market to continue to expand.”

This motion of observing customer activity for product funnel ideas reminds me of Twilio and the genesis for their Flex offering.

With that foundation, Elastic did size their market opportunity at $45B in 2018. This represented the combination of several product areas and their estimated size in 2018, based on data from IDC.

  • Search, content analytics, and cognitive/AI software.  IDC estimated this market segment to be $8B in 2018.
  • IT operations management.  IDC’s sizing of the market for IT Operations Management was $9B for 2018.
  • Big data and analytics software. This one is pretty broad. Elastic used IDC’s estimate of $23B in 2018 spend for End-User Query, Reporting, and Analysis; Advanced and Predictive Analytics; Spatial and Location Analytics; Non-relational Analytic Data Stores; and Analytic Data Integration and Integrity.
  • Security analytics.   IDC estimated the SIEM opportunity to be about $5B in 2018.  

We can discount the Big Data segment a bit, as Elastic doesn’t currently have a major solution focused there, besides the nascent Kibana Lens. However, investors can see how this could be the next big focus area for solutions going forward, given the large opportunity. If we cut Big Data in half, Elastic is still left with about $30B of annual spend to target, based on 2018 run rates.

Competition

Similar to the exercise of sizing the market opportunity, an analysis of Elastic’s competition takes two forms. First, we have to consider that Elastic is fundamentally a generalized development framework for building “search” solutions. Second, is to look at the actual segments of the IT market to which clusters of those solutions apply.

Looking first at the generalized search platform capability, the landscape of potential applications becomes very broad. This is an important consideration for investors, as future solutions for the Elastic Stack could take many forms and are really left to the imagination of the developer. Also, I am seeing many software providers making arguments about “vendor sprawl” and a desire from CTO/CIO/CISOs for convergence to fewer providers. The benefit of this to IT organizations is pricing leverage, lower training costs and streamlined vendor management. Elastic makes this argument for their platform, pointing out that the Elastic Stack can provide solutions for app search, observability, security, data analytics and even other undiscovered use cases. The counter-argument of course is that point solutions provide depth and expertise in each segment. Elastic provides a nice balance here, as packaged Elastic Stack solutions can span many IT segments, but edge cases can be customized by customer developer teams to best fit their individual needs.

To illustrate this versatility, Tinder provides a good case study. Starting in 2013, Tinder initially utilized Elasticsearch to power its profile matching technology. Whenever a user needs to be matched with a prospective date, a complicated search and ranking algorithm is run, which returns results in milliseconds. I am personally familiar with this use case, having created a similar solution at Zoosk (on Solr, but before Elastic Stack was widespread). Tinder’s matching algorithm delivers a real-time, personalized, geolocation-based, and bidirectional search experience for its users, running more than 300 million queries every single day. After Elastic added new capabilities, Tinder expanded its use of Elastic Stack to address real-time logging analytics and monitoring. Later still, they extended log analysis to SIEM. This expanded the audience from the engineering team to DevOps and then Security. This expansion motion is very powerful, as the Tinder IT organization could reduce vendor sprawl by utilizing Elastic for several functions. They could also customize the solution as desired.

In this regard, an examination of available generalized search development platforms is relevant. In this area, only one other provider comes to mind, which is Solr, commercially supported by Lucidworks.

Solr is a popular open source enterprise search platform. Similar to Elasticsearch, it uses Lucene for the core set of search libraries. Solr is designed to be scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery and centralized configuration. Solr powers the search and navigation features of many of the world’s largest internet sites.

Solr Customer List, Solr Web Site

The commercial entity behind Solr is Lucidworks. It is an enterprise search technology company that provides an application development platform, commercial support, consulting, training and value-add software for Lucene and Solr. Lucidworks is a private company founded in 2007. The company has raised almost $200M to date, from a prominent set of investors. Additionally, many of the core Solr committers are employees.

Lucidworks provides two products – Managed Search and its Fusion Platform. Managed Search provides a hosted Solr solution on public or private cloud. It allows companies to outsource the DevOps part of managing a Solr cluster in production, which includes features like auto-scaling, event monitoring and integration with other source data systems. Additionally, enhanced security features are included in the package, which are unique to the Lucidworks commercial distribution, like authentication, encryption, identity management, auditing and role-based access controls. This approach to extending the open source core of Solr with add-on commercial features is similar to that taken by Elastic.

Lucidworks Fusion Platform adds AI/ML capabilities to the core Solr framework to allow data scientists to create models that generate insights and recommendations for optimizing search results. Users can apply and manage rules, tune search relevancy and analyze results through a visual interface. An example use case is for retailers to improve product recommendations and personalization for their customers, as they navigate e-commerce apps.

Solr Fusion Platform Diagram, Lucidworks Web Site

Fusion Server combines Solr with Apache Spark, which provides built-in modules for streaming, SQL, machine learning and graph processing. This is an interesting direction, as it adds data analytics and AI/ML capabilities to Solr. Apache Spark is leveraged by other big data and analytics companies, like Databricks and Cloudera. Fusion AI applies machine learning to intelligently classify data at ingestion and to personalize query response based on user intent. App Studio allows search engineers to rapidly build search applications. It combines an integrated development environment, pre-fabricated components and APIs for developing powerful search UIs.

Getting back to Elastic, at this point, Lucidworks has not added capabilities for addressing logging use cases (metrics, APM, etc.) into the platform. As mentioned previously, Elastic added a columnar data store into the core engine early on, which provided new capabilities for data processing in addition to an inverted search index. The Lucidworks Fusion platform could probably address this through extensions to Apache Spark. However, based on Lucidworks product marketing, it appears they are positioning their platform towards enterprise search and data analytics at this point. Therefore, the argument that customers would prefer a generalized search platform favors Elastic. Also, as a public company, Elastic has rapidly built out its product offering through rapid-fire acquisitions and has greater resources to compete broadly.

There are some other cloud-based search services offered by private companies that readers can research, like Algolia and Coveo.

Otherwise, one could argue that NoSQL solutions compete adjacently, like MongoDB. It is interesting that MongoDB recently announced support for full-text search, which would represent competition for site search. Otherwise, the full spectrum of search capabilities available in Elasticsearch go far beyond what could easily be accomplished with relational or non-relational database solutions, at least currently.

The second level of competition is to examine each of the packaged solution areas. A big part of Elastic’s go to market motion is to take these packaged solutions to the marketplace and promote them to customers. In this way, existing competitive considerations for customers in each area would need to be considered.

I will list competitive offerings in each area, and provide some commentary on the players. However, I won’t do an exhaustive comparison, as that would go beyond the scope of this article. Also, I plan to cover some of these companies in separate posts in the future.

Observability

The observability space has a number of sub-segments including logging, metrics, distributed tracing, APM, monitoring and alerting. This space has grown rapidly in the last few years. There are a number of vendors offering solutions. As I listen to earnings calls for many of the publicly traded vendors (DDOG, NEWR, DT) they claim that little of their new business comes from competitive displacements versus greenfield opportunities resulting from broader enterprise trends of cloud migration and digital transformation. As traditional enterprises scramble to create new customer-focused software applications, these will need to be observed, with log data analyzed, performance monitored, user activity tracked, etc.

Elastic has offered an APM solution since 2018, after the acquisition of Opsbeat in 2017. On the most recent earnings call, Elastic leadership mentioned that observability is currently their largest revenue segment. Elastic doesn’t break out revenue by segment, but given sustained quarterly revenue growth near 60%, we can assume that Elastic is still competing well in this area. Competitive observability solutions have been on the market for some time, so it’s likely market share isn’t shifting rapidly.

Here is a short list of other observability providers, limited to publicly traded companies, along with a few comments.

  • Datadog (DDOG) – Revenue growth of 85% in the most recent quarter. Based on personal connections, I know that Datadog is displacing legacy open source solutions and winning greenfield deals. Datadog started in infrastructure monitoring and expanded to other segments. Like Elastic, they have a rapid product development motion. Their offering is broad and easy to use. Very popular with internet-first companies.
  • Dynatrace (DT) – Revenue growth of 25% in most recent quarter. Has a more enterprise focus, with deep customer penetration in mainstream retailers, banks, travel companies, etc. Their offering is competitive, but Datadog seems to have more momentum as a broad observability solution.
  • New Relic (NEWR) – Revenue growth of 23% in most recent quarter. One of the pioneers in APM. Revenue growth has been decelerating over the past couple of years, however, as innovation slowed and they began losing deals to competitors. They are making a concerted effort to turn this around.
  • Splunk (SPLK) – Revenue growth of 27% in most recent quarter. Similar to New Relic, early commercial provider of log analysis at scale. Deep customer relationships with Fortune 100 – list 92/100 as customers. Went through a challenging period over the last couple of years due to inflexible pricing and deployment model. Now shifting to less restrictive, cloud based distribution.

Interestingly, the industry research firms don’t provide a lot of help cutting through this list. The most recent Gartner Magic Quadrant for APM didn’t include Datadog, Splunk or Elastic. Gartner cites these as “Honorable Mentions”, with the clarification “This list is representative of vendors that address some APM use cases, but do not meet all of the functional and/or business requirements to be included in this research.” This may change in the upcoming 2020 report.

Gartner Magic Quadrant for APM, March 2019

The Forrester Wave Application and Service Monitoring report from April 2019 includes a few more players, but not Elastic.

Forrester Wave IASM Report, Q2 2019

In terms of what this means for Elastic, the lack of inclusion in these industry research reports is a bit of a concern. While I appreciate the reasoning, these reports are sometimes referenced by CIOs in making purchase decisions. The Elastic product marketing team should be lobbying for more consideration.

With that said, I think the Elastic Stack represents a strong solution for organizations to achieve their observability needs. Relative to other commercially packaged offerings, as a generalized search development platform, Elastic offers customization capabilities for customers. There will be a constant tension in customer evaluations for observability solutions between those that are purpose-built and immediately pluggable (Datadog, New Relic, Dynatrace, etc.) and the Elastic Stack, which functions out of the box, but requires more configuration. However, as a platform with open source underpinnings, it offers more opportunity for customization to address edge cases and expansion into adjacent areas.

Security

Besides its generalized usage to collect and retrieve log data for security analysis, Elastic’s security solutions cover SIEM and endpoint protection. A few years ago, Elastic started helping customers apply the Elastic Stack to use cases like threat hunting, fraud detection and security monitoring. In 2019, Elastic formally announced the launch of its SIEM offering. This was further enhanced by the acquisition of Endgame, which became the basis for endpoint protection and further enhancements to SIEM.

Like observability, many other vendors exist with offerings in SIEM and endpoint security. For endpoint security, Elastic considers competition to be Crowdstrike (CRWD) and CarbonBlack (now owned by VMWare – VMW). Elastic provides a useful feature comparison between the offerings on the product page for endpoint security.

Elastic’s positioning is that their endpoint security product provides necessary feature coverage in the base product, versus competitive offerings that require add-ons for desired features. Obviously, this is a selective list from Elastic and there may be other features or scope missing from the Elastic offering.

Looking at the Gartner Magic Quadrant report for Endpoint Protection Platforms released in August 2019, we see Crowdstrike and Carbon Black. As this was before the formal announcement of Elastic’s endpoint security solution, it wasn’t evaluated.

Gartner Magic Quadrant for EPP, August 2019

However, Endgame did receive an Honorable Mention call-out in the report. Endgame wasn’t evaluated in the full report, as it didn’t meet the threshold for field deployments. The short commentary provided is positive however, so we might see Elastic included in this year’s report.

Endgame is one of the new crop of vendors from the EDR market that have added EPP functionality. Its core differentiator is ease of use and good efficacy test results with multiple major labs. Endgame provides a single-agent architecture and has feature parity across Windows, macOS and Linux. As well as providing full event fidelity, Endgame’s EDR features remediation of exploits via guided response actions to revert damage to the system. Recent enhancements include: Reflex, an autonomous behavior detection engine and Artemis 3.0, which is a chatbot that provides security admins with a natural language interface for hunting and guided investigation and remediation. Endgame also provides instrumentation for detailed examination of PowerShell and other scripts. Unfortunately, it did not meet the market presence inclusion criterion, which required a minimum threshold of 4.5 million centrally managed license instances.

Gartner Magic Quadrant for EPP, August 2019

For SIEM, relevant competitors are Splunk (SPLK) and Rapid7 (RPD). Both have been in the security space for a while. Similar to Elastic, Splunk moved into SIEM from log analysis. Rapid7, on the other hand, started in penetration testing and vulnerability detection with their popular Metasploit and Nexpose products. These allowed Rapid7 to build a knowledge base of exploit behavior and vulnerabilities, which seeded the data set for the SIEM product.

Rapid7 also offers 24/7 threat monitoring and response, which would appeal to smaller organizations that lack a dedicated security team. Splunk has the advantage of having an observability solution as well, but has the reputation for high pricing and taxing usage models.

Elastic was not evaluated directly for the Magic Quadrant, as it likely did not meet one of the inclusion criteria (revenue threshold, percent of revenue from SIEM, international SIEM customers, etc.). Gartner did mention Elastic in a blurb near the end of the report.

Elastic, Graylog, Sumo Logic, Devo and other vendors that have previously targeted log collection and analysis for IT operations use cases are adding more support for security use cases. In some cases, they’re marketing them as SIEM. Although they didn’t meet the inclusion criteria for the research, Gartner customers have expressed interest in whether they might be able to satisfy security use cases and enable a single log and event collection architecture for security and for IT operations.

Gartner Magic Quadrant for SIEM, Feb 2020

Cloud Providers

Several of the cloud providers offer a competing solution to Elastic. These range from outright hosting of the open source version of Elasticsearch as a service to their own point solutions.

AWS. AWS is the most overt competitor with their hosted version of Elasticsearch, called the Amazon Elasticsearch Service. This offers a managed version of open Apache 2.0 licensed features of the ELK stack. This does not include any of the proprietary free or commercial features of the Elastic Stack covered under the Elastic license.

Amazon started providing their service in 2015, when fewer commercial Elastic Stack features were available, then distributed as part of X-Pack. Since then, Elastic has added many new free and paid features under the proprietary Elastic license, which would not be available to Amazon. Elastic provides a pretty comprehensive list of the differences between the two offerings. Notable are built-in machine learning, granular security controls, Kibana Canvas/Lens and alerting. Also, commercial packages from Elastic provide support, which to me is a big advantage. For large production deployments, I would take comfort in having the actual Elasticsearch project maintainers on retainer to help address critical issues.

Amazon does provide some customer testimonials for the service on its site, although the Elastic customer list is far more extensive. There is an often referenced Medium post from the Coinbase engineering blog in Feb 2019, explaining their migration to the Amazon service from a stand-alone Elasticsearch cluster, but this doesn’t address why the Amazon service would be incrementally better than Elastic Cloud, beyond tighter integration with other AWS services.

The Elastic team was asked about the Amazon offering on the most recent earnings call. Elastic CEO Shay Banon stated that they have seen very little adoption of the Amazon service in the marketplace. He cited the growing number of proprietary to Elastic features available in the latest release. Even the free Community version has proprietary features that cannot be adopted by Amazon. Due to Elastic’s rapid development and acquisition motion, this gap is increasing with each release. Per Shay, “And the amount of differentiated features is just increasing exponentially, every single release.”

Azure. Microsoft offers Azure Cognitive Search, an AI-powered cloud search service for mobile and web app development. This is based on the Microsoft natural language stack utilized by Bing and Office. The feature set appears focused on text-based search use cases. The list of customer testimonials is limited.

GCP. Google offers a Cloud Search product. This is based on the same data ingestion, classification and query technology utilized by Google internally. It can be applied towards internal business productivity tools or G Suite. Similarly, it could be used to power a site search. However, all code is closed. They have posted 3 customer testimonials from Whirlpool, Colgate and Oakland County, Michigan. These appear to be focused on internal document search.

Netting all of this out, I think that the space in which Elastic operates is broad and crowded. Many competitors offer arguably superior point solutions. The main competitive advantages for Elastic pertain to its open source status and positioning as a development platform. For enterprise IT organizations looking to address multiple use cases with a single platform or have a need to create custom solutions for unique data search use cases, then Elastic will be a strong choice.

Customer Adoption

Elastic has an extensive list of reference customers, spanning both Global 2000 companies and rapidly growing, internet first start-ups. In their S-1 filing from September 2018, Elastic provided several notable examples:

  • When you hail a ride home from work with Uber, Elastic helps power the systems that locate nearby riders and drivers.
  • When you shop online at Walgreens, Elastic helps power finding the right products to add to your cart.
  • When you look for a partner on Tinder, Elastic helps power the algorithms that guide you to a match.
  • When you search across Adobe’s millions of assets, Elastic helps power finding the right photo, font, or color palette to complete your project.
  • As Sprint operates its nationwide network of mobile subscribers, Elastic helps power the logging of billions of events per day to track and manage website performance issues and network outages.
  • As SoftBank monitors the usage of thousands of servers across its entire IT environment, Elastic helps power the processing of terabytes of daily data in real time.
  • When Indiana University welcomes a new student class, Elastic helps power the cybersecurity operations protecting thousands of devices and critical data across collaborating universities in the BigTen Security Operations Center.

As of July 31, 2018, Elastic customers represented 32% of the Fortune 500 and 21% of the Global 2000.

Elastic S-1 Filing, Sept 2018

On the Elastic web site, they provide an extensive list of over 100 reference customer examples. These span all the solutions offered – search, observability, security, data analysis. They also list a couple examples of companies that moved from the Amazon Elasticsearch Service to Elastic Cloud.

  • Box – Observability
  • E-Trade – Real-time operational intelligence
  • Airbus – Search of aircraft technical documentation
  • Bell Canada – Security analytics
  • Oak Ridge National Lab – Transitioned from Splunk to Elastic for log monitoring and anomaly detection
  • Ticketmaster – Search to help customers find the best seat
  • Lyft – Moved from Amazon ES to self-hosted Elasticsearch
  • Citi – Monitoring app infrastructure
  • Shopify – Search for documentation
  • Volkswagen – Distributed logging and monitoring
  • Walmart – Analyzing customer purchasing patterns and storage of performance metrics
  • Barclays – Security monitoring
  • Slack – Security monitoring
  • New York Times – Article search spanning 100 year archive

Once on the Elastic Stack, customers often significantly expand their usage of products over time. Expansion includes both increasing the utilization of the stack for a particular use case and applying the platform to address new use cases. Elastic encourages customer expansion through its internal sales team. The Net Expansion Rate measures growth in existing customers’ annual subscriptions over a twelve month period. Elastic’s Net Expansion Rate has been over 130% consistently for several quarters, which is at the high end of the range for software stack companies.

Developer Motion

Developers can download Elastic software directly from the website. As of the IPO in September 2018, Elastic software products had been downloaded over 350 million times, including both free and paid products.

Elastic also sponsors a very broad set of local meet-ups for developers to convene, share best practices with Elastic Stack and demo their custom solutions. As of July 31, 2018, the Elastic community included over 100,000 Meetup members across 194 Meetup groups in 46 countries. Elastic provides swag, budget for refreshments and promotion for local events.

Elastic also runs a popular set of conferences, called Elastic{ON}, which target both developers and customers. Elastic’s approach is to distribute these mini-conferences across the globe, usually lasting a day full of content. This allows participants to minimize travel time and their commitment, providing flexibility and convenience. Of course, some enterprise software companies count of “locking down” their customers for several days in big centralized conferences. I like Elastic’s approach.

Elastic{ON} location list

In Stack Overflow’s annual developer survey for 2019, Elasticsearch performed well. As readers are probably familiar, Stack Overflow is the largest community site for software engineers. Annually, they poll their developer community about trends in software engineering and infrastructure.

In the survey for 2019 (2020 survey is just starting now), Elasticsearch had the highest percentage of users for a search technology. Additionally, it rated even higher for the “most wanted” technology, reflecting developers working in shops that haven’t adopted Elastic Stack yet, but would like to. This data reflects Elastic’s high developer mindshare, which I consider to be a key aspect of a successful software stack investment.

Stack Overflow 2019 Developer Survey – Most Commonly Used Databases
Stack Overflow 2019 Developer Survey – Most Wanted Databases

Leadership

The leadership team at Elastic is strong. It is led by a technically-oriented founder, which is one of my primary criteria for a successful software stack investment. Since the founding in 2012, Elastic has attracted other experienced leaders to guide the company through its rapid growth.

Shay Banon founded Elastic after writing the first version of the software himself and open sourcing it. He has a strong technical background with a Bachelors in computer science from Technion, Israel Institute of Technology.  He is a self-proclaimed builder/hacker and is still active in shaping the technology roadmap for Elastic. Although he has a technical background, Shay has been able to successfully transition into the CEO role, demonstrating strong vision and clear communication skills. As an investor, we couldn’t ask for a better CEO. Shay reminds me of Jeff Lawson at Twilio.

Other noteworthy members of the executive team:

  • Janesh Moorjani, CFO. Joined Elastic in 2017, prior to the IPO. Previous finance leadership experience at Infoblox, VMWare and Cisco.
  • Justin Hoffman, SVP Sales. Has been with Elastic since 2013 and recently tapped to lead all of sales. Prior to Elastic, spent 10 years at VMWare, ultimately leading the applications group. Elastic is conducting a search for a seasoned Chief Revenue Officer, who “has built and seen multi-billion dollar scale.”
  • Kevin Kluge, SVP Engineering. Joined Elastic in 2013. Prior to that, held VP Product and Engineering roles at Citrix and Cloud.com. BS/MS in computer science from Stanford.
  • Sally Jenkins, CMO. Recent hire in Jan 2020. Leads product marketing, field marketing, digital marketing, partner marketing, brand strategy and corporate communications. This is a new role at Elastic charged with driving engagement with customers, partners and the community. Previously, held similar roles at Informatica, VMWare and Symantec.

Take-Aways

Generally, I am bullish on Elastic for the following reasons:

  • Sustained high revenue growth over 50% for several quarters with no evident deceleration yet. At a $420M annual run rate, this is impressive. I would expect greater than 35% annual growth sustained for the next several years.
  • With digital transformation and data analytics strategies garnering large IT budget investments, the market opportunity remains large.
  • DBNER over 130% shows evidence of a strong expansion capability within landed customers and further supports revenue growth
  • The pace of product development is exceptional. Every few months, Elastic announces a new product release with multiple meaningful features. Few software stack companies at scale are executing at this velocity.
  • Open core model appeals to developers. It also encourages ancillary solution development that feeds the Elastic acquisition funnel.
  • Positioning as a generalized search development platform. As discussed previously, this allows customers to leverage a single vendor across multiple use cases and create customized data discovery solutions where necessary.
  • Strong technical founder as CEO.

Elastic has some risks:

  • Profitability is still far off. Operating and FCF margins were -18% and -21% in the most recent quarter.
  • Platform approach may not appeal to customers who prefer deep point solutions. Industry analysts (Gartner, IDC) are not including Elastic solutions in market segment competitive reviews.
  • Cloud providers may evolve their search capabilities.
  • Other data analytics, data warehouse or database providers may pivot into search use cases, limiting the available market share for Elastic.

Investment Plan

It seems a little strange to be recommending a stock purchase in this environment. However, I take a long-term view and over a 5 year period, I expect ESTC to perform well. Additionally, with the stock price down 32% from a recent, post-earnings peak of $71.93, I think the opportunity for long term appreciation is even more magnified.

With the recent drop in price, ESTC’s enterprise value has also decreased from about $6B on Feb 28th to about $4B now. Similarly, EV/Revenue peaked at about 15 after earnings to just over 10 now. With $420M in revenue projected for FY 2020 ending in April 2020, I estimate growth to $1.5B in revenue for FY 2024. This assumes annual growth rates of 45%, 40%, 38% and 35% for FY 2021 – 2024. Given that the current estimated FY 2020 revenue growth rate is 56%, I think this is reasonable. If we further cut $1.5B by 20% to be conservative, this gives a FY 2024 revenue target of $1.2B. With revenue growth in the 30% range and assumed marginal profitability by then, ESTC might garner a EV/Revenue ratio of about 12. This yields a target enterprise value of $14.4B, or a 3.6x increase from today’s value.

Therefore, I am setting a price target of at least $170 by the end of 2024. I think this takes into account an appropriate level of conservatism, but also recognizes Elastic’s large opportunity as a leading search technology company with a rapidly growing product portfolio and a variety of customer use cases to address.