Logo of jester cap with thought bubble.

Image source: The Motley Fool.

Elastic N V (ESTC 3.11%)
Q1 2020 Earnings Call
Aug 28, 2019, 5:00 p.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:


Operator

Good day, and welcome to the Elastic first-quarter 2020 financial results conference call. [Operator instructions] Please note, this event is being recorded. I would now like to turn the conference over to Mr. Anthony Luscri, vice president of investor relations.

Please go ahead.

Anthony Luscri -- Vice President of Investor Relations

Thank you. Good afternoon, and thank you for joining us on today's conference call to discuss Elastic's first-quarter fiscal 2020 financial results. On the call, we have Shay Banon, founder and chief executive officer; and Janesh Moorjani, chief financial officer. Following their prepared remarks, we will take questions.

Our press release was issued after the close of market and is posted on our website, where this call is being simultaneously webcast. Slides, which accompany this webcast, can be viewed in conjunction with live remarks and can also be downloaded at the conclusion of the webcast on the Elastic investor relations website, ir.elastic.co. On this call today, our discussion may include predictions, estimates or other information that might be considered forward-looking statements within the safe harbor provisions of the U.S. federal securities laws.

While these forward-looking statements represent our current judgment on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. These risks and uncertainties include those set forth in the press release that we issued earlier today as well as those more fully described in our filings with the Securities and Exchange Commission, including our Forms 10-K, 10-Q and 8-K, and other filings we make with the SEC from time to time. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this presentation. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events, unless required by law.

In addition, during today's call, we will discuss certain non-GAAP financial measures. These non-GAAP financial measures, which are used as measures of Elastic's performance, should be considered in addition to, not as a substitute for or in isolation from, GAAP measures. Our non-GAAP measures exclude the effect on our GAAP results of stock-based compensation, employer payroll taxes on employee stock transactions, amortization of acquired intangible assets, acquisition-related expenses and non-GAAP tax rate adjustments. You can find additional disclosures regarding these non-GAAP measures, including reconciliations with their comparable GAAP measures in the press release and on our investor relations website in the slides accompanying this webcast.

The webcast replay of this call and slides will be available for two months on our company website under the investor relations link. With that, I'll turn it over to Shay.

Shay Banon -- Founder and Chief Executive Officer

Thank you, Anthony. Welcome, everyone, to the call. It's great to be here and share the results of our first quarter in our new fiscal year. Overall, we saw a great start to fiscal 2020 with strong momentum and growth.

We continued to execute well on our strategy, which is resonating with our users and customers as they rapidly adopt our broad portfolio of products. In Q1, revenue grew 62% year over year on a constant-currency basis. We had more than 8,800 subscription customers at the end of the quarter, which included over 475 with annual contract value of more than $100,000 and our net expansion rate continues to be over 130%. But before Janesh covers our financial performance from the quarter, I'd like to talk about some highlights, and I thought I'd start with our preview of Elastic SIEM from our 7.2 release.

This is a new product that gives users accurate security analytics experience for ingesting, analyzing and visualizing security-related data. One thing I find exciting about Elastic SIEM is that you don't have to be a security analyst to get value from it. So say you're a dev ops doing logging with Elastic version 7.2, you can simply click over to the SIEM app in Kibana and automatically see an overview of various data sets, including KPIs for a number of hosts, failed log-ins and more. You didn't have to install or configure anything.

It's all just there and just works. You can even go a step further with an interactive drag and drop experience to deconstruct and document a time line of events that you can then share with teammates from a single UI. Or as of our 7.3 release, you can use our platinum level machine learning features to automatically detect and alert on cyber threats originating from events like unusual log-in activity. For this initial release, we collaborated extensively with our community, from working on integrations with enterprise-level firewall data sources like Palo Alto Networks and Cisco ASA, to popular open-source network monitoring and intrusion detection systems like Zeek and Suricata, it's been humbling to see the level of contributions.

We've also seen validation from other companies, like Empower and Endgame, and we are excited that Perched, a security analytics operations and threat hunting company will be joining Elastic to further expand our product, consulting and training capabilities in this space. There's a lot of excitement within the community as well. A few weeks back, I attended Black Hat, a premier cybersecurity conference in Las Vegas. I had a sense for what to expect, although I'm still processing the handful of actual magicians I saw in the conference floor, but it was fascinating to see how prevalent the commercial and close product approach is in the security market.

I find it refreshing that we are offering a proprietary SIEM product that is both free and open through our basic subscription. Customers with a gold or platinum subscription can get additional value from paid features like machine learning as well as support. And for users looking to run it as a SaaS offering, Elastic SIEM is only available through our Elastic Cloud. So while what we demoed at our booth at Black Hat was an initial release focused on host and network data, the excitement from visitors at our booth was noticeable throughout the event.

There was a lot of questions about integrations, including those who are Endgame's endpoint security product. I also saw a lot of engagement around the Endgame's demo of a new integration with our stack, where users can run our Elastic SIEM experience on top of endpoint data. So this leads me to imagine all the possibilities for new and existing customers to streamline and enhance their security analytics use cases. For example, this could apply to the U.S.

Navy, or software company Smartsheet, or French financial institution Groupe BPCE, all of whom closed business with us for this use case in Q1, or even ASB Bank in New Zealand, who expanded business with us this quarter, primarily for the use of security logging and analytics, effectively replacing their existing SIEM. In the U.S. public sector, we closed new business with the U.S. Defense Information Systems Agency.

They replaced their legacy SIEM solution with Elastic to power security analytics for the joint regional security stack program. This is a part of the DoD strategy to modernize and improve network security, reduce attack surface, and improve situational awareness, ensuring timely delivery of critical information to war fighters around the globe. Elastic was also selected for use with the U.S. Department of Homeland Security's Continuous Diagnostic and Mitigation or CDM dashboard, as part of the solution proposed by our partner ECS.

CDM deploys tools to every civilian agency to increase their cybersecurity posture by ingesting, analyzing and visualizing data that provides insights into asset management, identity and access management, network security, and data protection management. So there is tremendous opportunity for our users and customers to take what they're already doing with our stack, quickly get more value out of it and continue to grow with us over time. While it's still early days for Elastic SIEM, it will only get better over time, with more features like SIEM detection rules, user analysis and threat intelligence integration. Our product development approach for SIEM and other use cases is iterative.

The goal is to have this magical experience, where you deploy Elastic in the context of logging and suddenly, through a single UI, you can do threat hunting or APM or infrastructure monitoring with very little effort. And to achieve this, we're continuing to streamline the ability to easily get started with and seamlessly transition between use cases. Another example of this iterative development approach is with Elastic Maps, our geospatial analysis product. We made it generally available in our 7.3 release this quarter.

This is exciting because Elasticsearch has a long history with geodata going back to version 0.9.1 in 2010. And when we look at today, Elastic Maps delivers a curated experience in Kibana that allows users to answer questions like, where are the attacks on my network coming from, using a pew pew map? Or where do I need to scale up my sales force with a map of enriched sales territory information custom to their business? Or where are shipments delayed using a map that floats single points in their orientation in real time. We're seeing these use cases emerge among our customers and it's exciting. Elastic Maps provides a highly dynamic, embeddable, customizable and layered experience that is powerful and easy to get started with.

Like Elastic SIEM, Elastic Maps is a proprietary product that is also free and open, and if a user wants to run it as a hosted offering, it is only available through our Elastic Cloud. On the topic of Elastic Cloud, we rolled out a new Amazon Web Services region in London and a new Google Cloud platform region in Tokyo this quarter. This expands our presence across these two major cloud providers and combined with our partnerships with Tencent and Alibaba, strengthened our commitment to being where our users are. In the logging metrics APM and uptime monitoring spaces, also known as the observability space, the market is trending toward that convergence of these use cases.

This plays to our advantage. Instead of users gluing UIs from separate tools together to solve a problem, they can instead store, search and analyze all their data, all-in-one place from one UI. And we've made this an even more powerful experience by providing our users and customers with a simple unified pricing model that removes the friction for trying and adopting new products and features. I am excited to see early signs of these resonating with our user base.

In the quarter, we added even more capabilities to our observability products. This included the highly requested Elastic APM .NET agent, which broadens the applicability of this product to even more users, more tooling for Kubernetes monitoring, and tighter integration between our products, such as Elastic Logs and Elastic APM. And we continued to see customers adopt us for observability use cases in the quarter, like NVIDIA, who closed new business with us, or take Dutch electronics company TomTom, who renewed and expanded their business with us. They replaced their Splunk deployment with Elastic to consolidate their logging and analytics environment for all of their online applications.

Mortgage loan company Freddie Mac, who closed new business with us this quarter, is another example. They are replacing an incumbent logging solution with Elastic for application and infrastructure logging and metrics collection, analysis and visualization for their enterprise monitoring platform. So you can get a sense for the ongoing momentum behind us building simple, fast, easy-to-use experiences for addressing many use cases. This is also true in the enterprise and application search space this quarter.

Similar to Elastic SIEM and Maps, this experience will just get better and easier and more powerful as we continue to iterate. With Elastic Enterprise Search, for example, we previewed more connectors such as Atlassian's Jira and Confluence products. This broadens the applicability of this product to even more users and audiences. With Elastic App Search, we took our SaaS-based app search experience and made it available to users to run on-prem.

This is yet another example of how we're giving our users the ease and flexibility to run our products in a way that makes sense for them. It's developments like these that provide customers already using us for this use case the opportunity to adopt a more tailored experience in the environment they choose. A few examples from the quarter include General Motors, who closed new business with us to power search across their vehicle inventory visibility platform. Atlassian, who renewed their business with us for the search embedded in their Confluence application, and Japanese financial institution Sumitomo Mitsui DS Asset Management, who uses Elastic to help fund managers quickly search their internal applications to make the best decisions possible for their clients.

One last engineering investment I'd like to touch on is Elastic Cloud on Kubernetes or ECK. This is our newest orchestration product that makes it easy to run and manage Elasticsearch in Kibana on Kubernetes for one use case or many at scale. The latest preview release this quarter broadens the applicability of ECK to more users. This release enables users to consume ECK through more distributions beyond vanilla Kubernetes.

Red Hat OpenShift, Azure Kubernetes Service, Amazon's Elastic Container Service, and Google Kubernetes engine. It also includes support for Elastic APM and custom security features. ECK is another product that is available through our basic offering, with the ability to extend to paid enterprise-level capabilities and support. All of the things I've talked about today SIEM, maps, APM, logs, infrastructure monitoring, app search, enterprise search and so on, are significant engineering investments that have occurred under the proprietary Elastic license.

Our strategy as a company is to continue to put significant investments into proprietary products and features. Many of them are available under our free and default basic subscription. This means a user wanting to run our software through SaaS can only deploy them via our Elastic Cloud. We believe this strategy is working and this quarter is particularly indicative of our strength to deliver on it.

Overall, it's been an exciting first quarter and I am more confident than ever about our strategy and market position. I continue to be humbled by the team's work and how well they have executed, but there is more on the horizon and I look forward to what's ahead. That's all for me. Janesh, over to you.

Janesh Moorjani -- Chief Financial Officer

Thanks, Shay. We're pleased with our performance in the first quarter, which reflects continued execution against our large market opportunity. We once again demonstrated strong customer growth metrics and expansion metrics and delivered strong overall revenue and billings growth. Total revenue for the first quarter was $89.7 million, growing 58% year over year as reported or 62% on a constant-currency basis.

45% of our revenue came from outside the United States, reflecting the strength of our bottom-up community-based adoption model. We view this geographic distribution as a long-term strength of our business model. Subscription revenue totaled $82.4 million, an increase of 60% year over year as reported, or 63% on a constant-currency basis and comprised 92% of our total revenue. Within subscriptions, revenue from our SaaS products was also strong at $17.6 million, growing 71% year over year as reported or 77% on a constant-currency basis, once again faster than the growth rate in overall subscriptions.

We saw continued strength in our Elastic Cloud offerings, including from some large enterprise accounts. We remain very excited about the SaaS opportunity ahead of us and continue to invest heavily against that opportunity. Professional services revenue was $7.3 million, an increase of 45% over the same period last year. As a reminder, professional services revenue can fluctuate from quarter to quarter based on projects and delivery timing.

We saw some of that this quarter. Overall, we've seen strong adoption of our training and consulting offerings, which continue to be enablers of subscription growth. We expect professional services will remain a small proportion of our overall revenue as our business grows. Moving on to calculated billings.

Calculated billings in Q1 grew 51% year over year or 53% on a constant-currency basis to $89.4 million. As a reminder, we launched a significant update to our SaaS services in Q2 of last year, offering customers much more flexibility and we revised our pricing model in conjunction with that. Those changes last year present a headwind to calculated billings growth. It's hard to precisely quantify that headwind, but we estimate that it was in the mid-single digits in terms of year-over-year growth.

Excluding the impact of these changes, calculated billings growth would have been correspondingly higher. Q1 was the last quarter of this billings headwind. As we've said before, calculated billings can fluctuate from quarter to quarter based on the timing of renewals and billings duration for larger customers, so the trailing 12-month calculated billings growth provides an alternative longer-term view of the business. Trailing 12 months calculated billings growth ending Q1 was 61%.

At the end of Q1, the mix of short-term deferred revenue was 90% of total deferred revenue. Remaining performance obligations totaled approximately $363 million, up 59% year over year. Of this, we expect to recognize 88% as revenue over the next 24 months. Although we do not actively manage the business to a target contract length, contract lengths continue to be approximately 1.5 years on average.

Turning to customer metrics, as of the end of Q1, we had over 8,800 subscription customers compared to over 8,100 such customers at the end of Q4 last year. We saw similar strength in new customer additions in Q1 as we have in prior quarters. We also ended the quarter with more than 475 customers with annual contract values above $100,000 compared to more than 440 such customers at the end of Q4 last year. Our existing customers continue to expand their relationships with us, reflecting increasing spend for existing use cases and adoption of new use cases.

In Q1, our net expansion rate remained over 130%. Overall, we were pleased with the pace of customer additions and customer expansion as we continue to execute against the enormous market opportunity ahead of us. Now turning to profitability, which is non-GAAP. Gross profit in the first quarter was $65.7 million, representing a gross margin of 73.3%.

Total subscriptions gross margin was 80.2% up slightly sequentially. We are tracking well relative to our expectations. In the near term, we will continue to invest in our SaaS business, which will remain a modest headwind to gross margin overall. Our professional services gross margin was negative 4.7%.

I referenced the fluctuations associated with the timing of service delivery earlier. Since the professional services business is small, even relatively insignificant amounts can swing the gross margin in either direction. So we expect that the gross margin and professional services will fluctuate significantly from quarter to quarter. Turning now to operating expenses, we remain focused on investing to drive top-line growth.

In Q1, we continued to execute well in relation to hiring and overall scaling of investments in the business. As a reminder, we changed the timing of certain events and hosted our global all hands meeting in Orlando in May. This was reflected in all the operating expense lines. This shift in timing toward Q1 does not impact the full-year expense total.

Sales and marketing expense for Q1 was $47.1 million, up 65% year over year, representing 52% of total revenue. Our overall approach to sales and marketing investments remains unchanged. We will continue to add sales capacity and expand market coverage as we drive growth and expect to realize leverage gradually over the longer term as we scale. R&D expense in Q1 was $29.4 million, up 76% year over year, representing 33% of total revenue.

As we've said before, we are increasing our investments in R&D this year as we continue to invest heavily in both existing and new products and features. G&A expense was $13.5 million, up 54% year over year, representing 15% of total revenue. This includes costs associated with our global expansion and continuing to build the infrastructure to support our growth. Our operating loss in the quarter was $24.3 million, with an operating margin of negative 27%, which was better-than-expected, primarily due to the strong revenue performance in the quarter.

The FX impact on operating margin was insignificant since we have natural hedges as we incur expenses globally as a distributed company. Net loss per share in Q1 was $0.32 using 74.6 million weighted average shares outstanding. This compares to a net loss per share in Q1 of last year of $0.38. Turning to free cash flow.

Free cash flow was negative $3.3 million in Q1 compared to a positive $4.8 million in the same period a year ago. Cash flow was negatively impacted versus historical seasonality given the shift in the timing of expenses I mentioned earlier. We look at free cash flow and free cash flow margin primarily on an annual basis since there are both seasonal and timing effects in any quarter. There can also be some lumpiness to inflows and outflows.

We ended the first quarter with approximately $315 million in cash and cash equivalents. We remain comfortable with our cash position from an operating perspective. Lastly, we ended the quarter with 1,600 employees, adding 158 people in the quarter across all functions consistent with our approach of making investments now to address the longer-term market opportunity we see. Before I turn to guidance, let me talk about Endgame.

We continue to expect the transaction will close in Q3 of this fiscal year. The transaction is subject to regulatory approvals and other closing conditions, and if we secure approval sooner, the transaction may close earlier. Our guidance includes the anticipated financial impact for the second half of the fiscal year. In particular, for the rest of this fiscal year, we continue to forecast insignificant revenue impact given the effects of purchase price accounting and the timing of the transaction close.

We also continue to anticipate an approximate 2 percentage point negative impact to full-year operating margin. We are looking forward to welcoming the Endgame team to Elastic and are excited to further accelerate our ability to address the security market opportunity. As a reminder, our primary investment thesis is to integrate the Endgame product into the Elastic Stack and apply our community-based go-to-market model to it. Therefore, the revenue opportunity for us is much longer term in nature and the current levels of Endgame revenue are not discreetly additive to our revenue for future years.

Turning to guidance for the first quarter and the full-year fiscal 2020. We expect to continue to invest across the entire business in order to drive future revenue growth as we continue to scale. As mentioned in our last call, we plan to accelerate headcount-related investments in R&D and sales capacity and coverage globally to drive growth. Some of these investments will be intended to secure growth this year, while others, particularly in R&D, will help drive growth over the long term.

Investing in innovation remains a top priority for us. In parallel, we continue to keep an eye on the current global economic and political landscape, particularly given our global revenue mix. For the second quarter of fiscal 2020, we expect revenue in the range of $95 million to $97 million, representing a growth rate of 51% year over year at the midpoint. We expect non-GAAP operating margin in the range of negative 23.5% to negative 21.5% and non-GAAP net loss per share in the range of $0.32 to $0.30 using between 77 million and 78 million weighted average ordinary shares outstanding.

For the full-year fiscal 2020, we expect revenue in the range of $406 million to $412 million, representing a growth rate of 51% year over year at the midpoint. We expect non-GAAP operating margin in the range of negative 24.5% to negative 22.5%, which includes approximately 2% operating margin dilution from Endgame and non-GAAP net loss per share in the range of $1.40 to $1.24, using between 77 million and 81 million weighted average ordinary shares outstanding. In closing, Q1 was a strong start to fiscal 2020. We're executing well and delivering growth while investing to address the rich market opportunity ahead of us in so many different use cases.

I look forward to sharing our progress with you as we move forward. With that, let's open it up for questions. Operator?

Questions & Answers:


Operator

[Operator instructions] And our first question comes from Raimo Lenschow of Barclays. Please go ahead.

Raimo Lenschow -- Barclays -- Analyst

Hey, thanks for taking my question and congrats to a great start. Can you talk -- given that you have like a lot of newer initiatives going on around security, observability? And Shay, can you talk a little bit about the evolution of the pipeline that you're seeing there, including these newer areas? And where is the sales force and sales report etc., in terms supporting those efforts? And then I had one follow-up.

Shay Banon -- Founder and Chief Executive Officer

Yeah, of course. Raimo, thanks for asking the question. So I'll start with the APM, the security space. I believe that we're moving ahead with the APM space.

We acquired a company called Opbeat a couple of years ago, trying to add these APM features, product features into our product line. Thinking about the fact that this market's APM logs and metrics are going to converge into one, got to have the competitive advantage of being able to support it using a single product line, single stack and single pricing and packaging model. In APM, as I mentioned, we made significant progress in supporting .NET now as an environment that was probably the last major language that we needed to support from an APM perspective. So we're very excited about that.

Our go to market is still going mostly to our existing customers and users that use us for logging and telling them that they can add APM to that data set and see additional value, especially since the pricing model doesn't change. But we're starting to see now us closing deals, where APM leads the way versus being led through logging. When it comes to the security space, it's -- we are in early phases in that space, but the market is always -- the market opportunity we think, is pretty big. We've just released our Elastic SIEM product, we've been working on it for the last year, so we're very excited about that.

But as you probably know as we are very iterative in our releases, and we have a first release, but we have quite a bit of investment left, I'm also very excited about, obviously, the Endgame acquisition since we believe endpoint and SIEM markets can converge or should converge into one, and obviously, endpoint data is very valuable. When it comes to customers, I think you heard in the call as well, we're seeing early adopters, especially the highly specialized security professionals, people like threat hunters or advanced security analytic -- analysts adopting us. In the context of security, I'm very excited about it. They see the value in our stack even before we wrote dedicated products to it through the speed, scale and the ability to search across large volumes of data very quickly.

So we are closing deals, but we're still have our work cut out for us to mature our Elastic SIEM product as well as integrate Endgame into our stack. When it comes to our sales force and our go to market, one of the areas that I'm excited about is taking the same go-to-market model that we have, which is bottom-up, community first, free and open, and applying it to these markets, whether it's APM that we have and now the SIEM market and the endpoint market. This allows us to be more efficient when it comes to our sales motions. And so far, we haven't -- we don't really have any type of specialization or dedicated sales people or something along those lines.

Our salespeople are generalists that go to market and sell any type of our products. We think it's supercritical because we see our users moving laterally between use cases very easily and we think we can service them the best by having to talk to the same person.

Raimo Lenschow -- Barclays -- Analyst

Yeah. OK, make sense. And then maybe like one word -- like one of the hyper cloud guys, obviously, tried to offer like its own open-source, kind of save or whatever around that. Do you see that in the market? Do you see any impact there? Thank you.

Shay Banon -- Founder and Chief Executive Officer

Sure. Great question. So we -- there's an effort, one of the most recent one we've seen it for many years since the company started, there's an effort by AWS to create something called an Open Distro, which repackages our open-source -- our pure open-source solution together with a few additional plug-ins. We haven't seen that really affect any of our metrics when it comes to downloads, community adoption or as you see, our sales numbers.

Actually, I'm very encouraged about -- and what I mentioned on the call about our investments in our proprietary tier, especially the free one. We also opened the code and folded it to a single distribution, which I'm even more excited about it. And, obviously, that helps us significantly invest in this area and increase our competitive mode versus certain cloud providers.

Raimo Lenschow -- Barclays -- Analyst

Perfect. OK, thank you. Well done.

Operator

Our next question comes from Kash Rangan of Bank of America Merrill Lynch. Please go ahead.

Kash Rangan -- Bank of America Merrill Lynch -- Analyst

Hi, let me add my congratulations on the quarter. Just wanted to get your thoughts on some of the shifts we're seeing in the business, which are certainly positive longer term, but you've had a sequentially larger increase in your self-managed subscriptions business than we've seen in the same point in time last year. License did decelerate, and maybe that's by design, and of course, cloud, it's great to see that reaccelerate. I'm curious how should we be thinking about modeling these different line items going forward, and if this is the beginning of a broader shift and that the license, how it seems to be giving way a little bit faster to other forms of consumption, just call it self managed or indirectly the cloud? How do you see the mix of your business changing, given what seems to be a pretty significant turn quarter to quarter, sequentially? Thank you so much.

Janesh Moorjani -- Chief Financial Officer

Hey, Kash, this is Janesh. Maybe I'll take that one.

Kash Rangan -- Bank of America Merrill Lynch -- Analyst

Sure.

Janesh Moorjani -- Chief Financial Officer

So broadly, we are actually quite pleased with the way the quarter turned out. As you mentioned, the SaaS business was really strong for us from a revenue perspective and that's something that we're actually quite pleased about. Broadly, as I think about the mix shifts in the business, the shift for us is really been gradual in terms of how we see the SaaS business growing and increasing in terms of mix. There are some seasonal effects.

So from a Q1 perspective, if you look at the mix of business license would usually be much smaller, but on the license piece, I'll just point out that that's really just an artifact of accounting. From our perspective, it's not a number we look at or focus on. We really look at the total subscription number for the self-managed side because, primarily, our business is a recurring revenue, ACV-based subscription business. And so we tend to focus less on that license line.

One of the oddities around that license number is exactly what you mentioned, that as a SaaS business picks up that license number goes down, and so that's, in some sense, actually, a positive thing. But broadly speaking, we continue to emphasize growth on the SaaS side of the house. We continue to see customer demand and customer retention more toward SaaS than self managed. That said, the lion's share of our business is self managed and a lot of customer workloads are on the self-managed side of the house.

So we continue to be agnostic with respect to customer preference, but from a customer demand perspective, we are seeing SaaS demand be higher than that for on-prem deployments, and that's what you just see reflected in the mix of our business.

Kash Rangan -- Bank of America Merrill Lynch -- Analyst

Great. And I suppose -- how are you managing the implications to gross margins? And do you feel like the mix -- the change in the mix of the business has us all modeling the gross margin trajectory accurately? Or are there other puts and takes? And that's it for me. Thank you.

Janesh Moorjani -- Chief Financial Officer

Yeah. It's a good question. I think as we continue to invest in the SaaS business, you will continue to see a near-term headwind to gross margin, and that's just reflective of the cost associated with SaaS and as we make investments in the SaaS business as fixed cost that we then improve the gross margin on as we scale. There's a couple of other drivers there of course, as we get more efficient than the professional services side, then that drives us to scale.

And then the SaaS business itself, once that starts to become a bit more profitable, will be a bit more of a tailwind. So in the near term, I think there is a continuing headwind and we're comfortable with where we are right now. The plan is playing out as we expected it would.

Kash Rangan -- Bank of America Merrill Lynch -- Analyst

Thanks, and congratulations.

Janesh Moorjani -- Chief Financial Officer

Thank you.

Operator

Our next question comes from Matt Hedberg of RBC Capital Markets. Please go ahead.

Matt Swanson -- RBC Capital Markets -- Analyst

Thanks. This is actually Matt Swanson on for Matt, and I'll echo my congratulations as well. I think everyone is really excited to hear you talk more about the SIEM product. So when we're talking about the feature road map, how much of this should we think of as internal development? And how much were coming from acquisitions? And maybe on that, you just go a little deeper on what Perched brings to this plan.

Shay Banon -- Founder and Chief Executive Officer

Yeah, of course. Hi, Matt. I can take that. So a few things, we have our road map cut out for us when it comes to our SIEM product, and that's planned through an internal development and I mentioned it on the call as well things like user behavior analytics, threat, intelligence, integrations and so on and so forth.

When it comes to our potential acquisitions, we're very excited about going after the endpoint market, and obviously, joining forces with Endgame. We think that that's already pretty significant investments that we made. And as you probably know when one acquires a company, acquiring the company is just a first step and we care a lot about the Endgame employees and making sure that they find a good home at Elastic and there's cultural -- all the way from cultural integration to product integration. So we have quite a bit of work cut out for us when it comes to the next year just making sure that that's successful.

When it comes to Perched, I have known the Perched people personally. They're a small company, less than 10 people. They're one of the first ones to really take our stack and build a really significant investment in threat hunting capabilities. They were at the forefront of it.

They built great training materials around being able to go deep with our stack when it comes to threat hunting, have been delivering it mostly in the threat space. So we're excited about joining forces with them but that's a much smaller aspect mostly around our services business, consulting and training. I'm not sure that we have the capacity to go and train all of these threat hunters, if you will. And that's it.

Nothing more beyond that, and obviously, by the way, I can't really comment on any future acquisitions.

Janesh Moorjani -- Chief Financial Officer

Yeah. And Matt, I'll just add from the standpoint of Perched that we've not modeled any additional revenue from Perched as part of the acquisition. As Shay said, it was -- it's less than 10 people and actually, we used to subcontract a fair amount of our business out to them anyways. So there's really no revenue impact at all for this year from Perched.

Matt Swanson -- RBC Capital Markets -- Analyst

All right. That's really helpful. And then if I could just follow up on Kash's line of questioning, could you just help remind us about what the mix shift impact can be on billings?

Shay Banon -- Founder and Chief Executive Officer

Specific to -- you mean specific to SaaS?

Matt Swanson -- RBC Capital Markets -- Analyst

Yeah. Additional SaaS revenue particularly, as opposed to it being a self-managed subscription?

Shay Banon -- Founder and Chief Executive Officer

Yes. So broadly even for our SaaS portfolio, we offer both annual subscription, which are paid upfront, very similar to our self-managed business. And then there's a component that is a monthly SaaS business as well, which we don't break out discreetly. On the portion, that's the annual portion, the behavior from a billing standpoint is really the same as self-managed, so you shouldn't see any differences there from the standpoint of billings and deferred revenue.

Matt Swanson -- RBC Capital Markets -- Analyst

All right. Thank you.

Operator

Our next question comes from Mark Murphy of J.P. Morgan. Please go ahead.

Mark Murphy -- J.P. Morgan -- Analyst

Yes, thank you. And I'll add my congrats. Shay, as you integrate Endgame into Elastic, I'm wondering just how meaningfully you think you can increase the overall volume of data that gets fed into Elastic that is coming off of all of these endpoints. And then beyond that, what do you think the combined vision is going to look like for remediation where -- maybe where you have to isolate a host or stop a process, something along those lines?

Shay Banon -- Founder and Chief Executive Officer

Yeah, it's a great question. So first of all, when it comes to streaming data, that -- by the way, it tends to heavily depend on the reason why someone deploys the system, if they want to create a centralized SIEM or whether they want to go and provide advanced threat hunting. There's also a time aspect to the data, whether you want to store it for seven days, a year or two years or more. Especially in the endpoint market by the way, one of the things that we're slowly starting to realize is the fact that actually the conversions -- convergence of endpoint and SIEM will probably result in obviously more data being stored because endpoint data is so critical and you can combine it with other type of data sets.

As the thing that we've -- we're building significant investments into the ability to store more and more data more cheaply at Elastic, I mentioned our cold nodes capability that is part of our basic license. So hopefully, we get to a point where people won't even ever have to throw away data, which is relatively new concept as I begin to learn from the endpoint market, but obviously not in the SIEM market. So that's definitely going to help increase data volumes when it comes to Elastic. Typically also, by the way, we don't see a significant portion of our deployments involving endpoints, so things like laptops or desktops.

We have some customers that have deployed our agents to ship that data, but it's not common. And I'm excited about being able to bring all of the ability to ship data from endpoints into Elastic.

Mark Murphy -- J.P. Morgan -- Analyst

Great. And as a follow-up, perhaps for you, Janesh, customers have preferred your pricing model versus the competition for a long time. Recently, Splunk has described some upcoming changes toward all-you-can-eat and I think core-based pricing, and I think we'll be learning more. I think Shay might have mentioned something in passing about a simplified or unified pricing model at least for a part of your products.

What is your view of the pricing environment currently and just your ability to provide this superior value prop which you've been doing so well?

Janesh Moorjani -- Chief Financial Officer

Yeah, Mark. If I had to summarize it in a short sentence, so I'll just say our strategy is working nicely. We've had the unified pricing model, which is really a node-based or a capacity-based pricing model, for quite some time now, and it allows us to provide the same pricing model to customers regardless of the use case. It's really compelling from the standpoint of logging as well.

And we all know that from a competitive standpoint, the market logging in particular has been ripe for disruption and there's been some level of dissatisfaction out there among the customer base in terms of the alternatives that they've had in the past. And so that's playing nicely to our advantage. From our perspective, we continue to believe that we deliver enormous value to the customer. So it's not just about being a low-cost provider, if you will.

In fact, if anything, we believe that in many instances, we can actually win transactions at significantly higher levels of aggregate realization because that's the level of value that we deliver to the customer. In terms of recent trends, what we've seen, I've not seen any particular shifts in terms of our own business, in terms of deal sizes or discounting trends or anything else that I'd highlighted. It's just more of the same. Our strategy is working nicely and we're just continuing to execute to it.

Mark Murphy -- J.P. Morgan -- Analyst

Thank you.

Operator

Our next question comes from John DiFucci of Jefferies. Please go ahead.

John DiFucci -- Jefferies -- Analyst

Thank you. The numbers continue to look strong here, but I have a follow-up to Raimo's initial question on AWS. And I guess this is probably for Shay. Conversations with customers when your teams out there, are there any considerations? Are they talking at all about waiting to see where AWS comes out here on top of the free Elastic offering that they offer? Because there is -- and I talked to Janesh about this too.

We -- the investment community is always worried about things and -- as they should be. And this is one of the things that they worry about is that perhaps AWS comes out with something, some of their own proprietary technology to sort of displace what you're doing. And I just wonder if you are seeing or hearing that at all from your customer base because we haven't really heard it in the field, but we do hear a lot from the investment community.

Shay Banon -- Founder and Chief Executive Officer

Yeah, I can take that. Hi, John. So we're not really seeing that and we haven't seen actual implementation on the Open Distro itself to prove it one way or another. What I do see and proud of is the -- just the significant investments that you see into the differentiation between the pure open source version versus the proprietary license versions that we have.

And I'm talking about pretty significant product lines, feature sets that I just find it very hard to believe that anybody, to be honest, would be able to compete with us on our level, especially when we control the whole stack. So I mentioned it on the call, but Elastic SIEM, a whole new product. Elastic Maps, we have a whole team working on it every single day just on improving our mapping and GIS capabilities. APM, logs, all of these and more are proprietary features that continuously create a level of differentiation between these two product lines that I feel very, very comfortable about and resonates also with our users.

Once we release Elastic SIEM, every single developer that upgraded to our new version of 7.2 and has access to our default distribution, which is most of them if not almost all of them, immediately have Elastic SIEM product now for free. So I'm excited about bringing more and more to our user base and then through that, realizing the differentiation between anything that any of our competitors can do.

John DiFucci -- Jefferies -- Analyst

That all makes sense, so thank you. And I guess, Janesh, just a follow-up for you. Like I said, the numbers all look good. The one number that I think I may get questions or we all might get questions on tomorrow is current deferred revenue, which is a bit lower than what we were looking for.

So I don't know, is there anything unique in that number? I mean billings were strong, so I mean -- I know that's a part of it, but is there anything -- any comment you can make on that?

Janesh Moorjani -- Chief Financial Officer

No, nothing in particular that I would call out there, John. What I'll say is short-term deferred revenue was 90% of the total deferred revenue. That's consistent with the general range we've seen historically, broadly in line, I would say. The growth rate, that was 60% year over year, so obviously pretty pleased with that too.

As we've said before, from time to time, there might be deals out there or customers out there who might request upfront billing for budgetary reasons. We actually did see that this past quarter. There was one particular customer. For one transaction, they wanted us to invoice them upfront for the entire transaction, which we did, and that's what caused a slight bump up in the long-term deferred revenue.

But that actually doesn't impact the calculated billings growth rate in any significant way because that was partially offset by other transactions on the short-term side, which had billings timing differences in the opposite direction. So nothing in particular that I'd call out, but still 60% year-over-year growth in the short-term deferred revenue, which is something that we were quite pleased with.

John DiFucci -- Jefferies -- Analyst

OK. Great. Thanks guys. Nice job.

Thank you.

Operator

Our next question comes from Tyler Radke of Citi. Please go ahead.

Tyler Radke -- Citi -- Analyst

Hey, thank you. Maybe talk about the -- you talked about an RPO number. And just as we're doing the math around an implied bookings and thinking about that in terms of triangulating around an underlying growth of the business, is there anything you would call out as we're doing that math? I know you did see a nice uptick in the SaaS business this quarter, but anything that we should call out, whether it's duration or mix shift from self managed to SaaS, that would impact that number?

Janesh Moorjani -- Chief Financial Officer

Yeah, Tyler. The punch line there is actually we don't manage the business based on contract duration or TCV. We manage it based on annual contract values and annual subscriptions. And so we really don't focus on RPO billings much.

But that said, let me sort of elaborate a little bit further. As I think about the business more broadly, we're acquiring customers at a sustained high rate as you've seen. Deal sizes broadly remain the same. Our expansion economics remain largely unchanged.

We are continuing to migrate customers to be more than $100,000 in ACV and the net expansion rate remain strong. Broadly speaking, our customer relations continue to get deeper. Customers are using us in more mission-critical environments. Contract lengths continue to average around one and a half years.

They can vary from quarter to quarter, as I said, because we don't manage the business by contract duration. And as I mentioned earlier, contract durations here in Q1 were, again, one and a half years roughly speaking. And that was similar to last quarter, but a little bit shorter than the year-ago period. And the RPO billings calculation that you're referring to can actually be quite volatile based on just very small changes in duration.

So that's yet another reason that we actually don't pay attention to that. If I look overall at the composite of metrics that we do provide between the calculated billings growth and even if you just look at the aggregate RPO balance, that RPO growth was 59% year over year. And all the other customer metrics that we mentioned are all pretty strong as well. So broadly, the way we look at it and the way we run the business, we were pleased with our metrics across-the-board.

Tyler Radke -- Citi -- Analyst

OK, thanks. And then maybe a question for Shay. So you opened up the call talking a lot about security use cases with your new SIEM product. I'm wondering if there's anything that you could share in terms of win rates that are improving or the percent of new business that's tied to that market, that -- if that's moving in a positive direction or anything you could share? Thank you.

Shay Banon -- Founder and Chief Executive Officer

Sure. So I'll start with just the fact that I'm proud and we're all very excited about releasing the new product. So it naturally just takes the space. It is something that we've been talking about for a year now and it's just good to see it out and executing on our vision toward building one of the best SIEM products out there.

When it comes to usage or customers or win rates or something along those lines, we apply -- it's almost like one of those cases where it's very similar to, if you will, the logging space or the APM space where we see early adoption but mostly by thought leaders and advanced use cases that take our product. And even though we don't have the end-to-end user experience in the security space, believing it because of the core fundamental features that it has that nobody else has. In the security space, that's -- those are the advanced threat hunters and so on. And then we see great wins in that space simply because you can't achieve the same capabilities with any other products today in the market.

Just the ability to go and search across one year worth of data and get results in milliseconds is just that -- is just something that users are not used to. Now I think that we -- our opportunity there grows. As we mature, our product lines then start to get to not only the advanced threat hunters, but also the security analyst that expect to see out-of-the-box alerts and investigations and remediations and all of these things and combining endpoint into our products. I'm excited about seeing our advancements there.

It seems like it resonates -- walking the host of Black Hat was fascinating for me. It's like walking a 10-year-old conference in other spaces, tons of booths, close source, commercial trying to compete for the attention of the attendee by bringing gifts and things like that. We're used to something different. Now our users come to us and can't wait to talk to us.

So I'm excited about bringing that go to market to the security space, but that obviously also takes time.

Anthony Luscri -- Vice President of Investor Relations

Operator, next question.

Operator

Our next question comes from Heather Bellini of Goldman Sachs. Please go ahead.

Dan Church -- Goldman Sachs -- Analyst

Hi, this is Dan Church on for Heather Bellini. Thanks for taking my question. Just a quick one on the APM. Just any incremental color on additional traction or any changes in the percentage of overall use cases that you're seeing? And how are you able to really differentiate yourself in a relatively crowded field?

Shay Banon -- Founder and Chief Executive Officer

Yeah. I'm happy to take that. So a few things. As I mentioned before, I feel like our product line is maturing to a level where we're just fully complete in APM product.

There's some minor features that are missing, but there will always be one feature or another being missed or something that is on the road map. That's why we have road maps. Our go to market in terms of sales motion has not changed. In terms of going to our existing customers, the widespread adoption that we have in the logging space specifically just lends itself to go and having a very simple discussion with our customers to add APM to it.

We really also believe in the fact that these markets converge and differently maybe for -- compared to other companies. We think that it not only apply to our product where you have a single stack supporting all various use cases, APM, logging, metrics, infrastructure and uptime, but also a single pricing model that is super simple. There's no whole space pricing. There's no one type of pricing for logs and another type of pricing for APM or something along those lines.

Users don't like that and it hurts adoption. In our case, if you bought our software and you bought it for logging, you can just go and add APM to it and we charge based on the data set that you store and it's the same way. So that really starts to resonate with our user base and obviously helps the adoption of APM next to logs or next to other investments that you've already made with us. I did mention that I start to see early customers leading with APM.

So they come to us and say, we e heard you have an APM product. We'd love to engage with you in APM. And then through that, we start to talk to them about logs and monitoring. So we do start to see that.

That field is still early stages. We need to get to a point where we can also lead with APM the same way that we do with logs, but I can see early signs of it now, yes.

Dan Church -- Goldman Sachs -- Analyst

Helpful. Thanks. And as a quick follow-up, it looks like operating expenses, particularly sales and marketing, were a little higher than we were anticipating in the quarter. Anything to call out there? And any impact or anticipated impact from Perched, although it seems a little bit small?

Janesh Moorjani -- Chief Financial Officer

Yes, so nothing in particular from Perched, that is relatively small. The increase in expenses, I think, is reflective really of the broader comment I made earlier about the shift in the timing of expenses as we moved our global all hands meeting into our fiscal Q1. So that's why you saw increases really in all the lines that were a little bit different than the typical seasonality pattern that you've seen from us in the past, but nothing else to call out. We continue to invest quite heavily in sales and marketing as we said we would and based on the plan that we laid out at the start of the year.

And we will continue to do that as long as we see the opportunity to grow the business.

Dan Church -- Goldman Sachs -- Analyst

Great. Thank you.

Operator

Our next question comes from Richard Davis of Canaccord. Please go ahead.

Richard Davis -- Canaccord Genuity -- Analyst

Hey, thanks. One of the good things about you guys if you're a salesman at Elastic is that you have a lot of places to kind of run an organization or go after, but that also means -- there's good things and bad things for everything -- it also means your sales management, I guess, whether that's Aaron or Justin or whatever, has to keep your salespeople focused, right, because otherwise they could run off in 50 different directions. So what is your philosophy in kind of keeping your salespeople with an eye on the prize? Is there a way that you kind of guide them? Or do you just say, hey, go get them? So -- and then I have a quick follow-up.

Shay Banon -- Founder and Chief Executive Officer

Yeah, it's a great question. It's something that we think about a lot. I think one of the differences that we potentially have from other companies that have tried to go and open up multiple vectors of use cases is that we have our bottom-up adoption model. So to a degree, we don't really rely on our salespeople to go and introduce our users to new use cases or new opportunities.

Our goal is to have our users self-discover that. So if they're already using us for logs or metrics or APM, for example, then they can go and add the respective other side of the equation, or even getting to SIEM. As I mentioned before in the call, I'm just very excited about the fact that we just made every single dev ops person out there a threat hunter with Elastic SIEM. Every single log message that they stored in Elastic is also a security event.

And now they open up -- once they upgrade, they open up our products and suddenly they have a SIEM product next to it. That's not something that they're used to, to be honest, with any other vendors almost out there. You would see people fighting over the subject line in the mail inbox of a CSO to try to get a chance to have a POC in that area. So that's our go to market and that's our go to motion.

And we definitely aim and work toward the fact that the default mode would be our users coming to our salespeople and telling them, hey, like I'm using you now for one use case or another use case. Help me figure out if I made the right decision. I want to double down on it. I want to go and explain it upwards in the management chain.

I want to help making sure that I'm being successful. And that's our goal when it comes to our salespeople and our account managers.

Richard Davis -- Canaccord Genuity -- Analyst

Got it. That's super helpful. And then a quick last question is, look, the secret sauce, I think, of your new Elastic SIEM is that it's not just rules because that's whatever, that's simple, I mean, getting around it, but it's the AI component. So can you reuse -- one of the things you can sometimes do is can you reuse some of that technology, the AI technology and other modules like, I don't know, asset discovery for APM or better search outcomes, for example, or -- and maybe you can't use the workflows.

Maybe you just understand the language that you're using or whatever foundational system you're using. But is there a reuse capability there that helps you guys kind of report AI over to other parts of the business? Thanks and that's it.

Shay Banon -- Founder and Chief Executive Officer

Yeah, if I can take that, I think it's a wonderful question and I think a great one. So I'll start with just saying that we, at Elastic, don't think that AI solves everything. At the end of the day, you might not have thought of everything that you can. And one of the reasons why the advanced threat hunters actually adopt us in the context of security is the fact that you can come up with all the various permutations and all the various attacks that you might have, but then you want to have the opportunity to ask the question quickly if you haven't.

And we act quickly. So first of all, just having the data at your fingerprints for their last average through all time is about 90 days, at the very least for 90 days, to be able to go and search on it fast, that's critical to any business. At the same time, we did acquire a few years ago a company called Prelert or joined forces with them. And they've built a great anomaly detection engine.

And actually, they were specializing more and more in the security space. So to a degree, about three or two and a half years ago, we went to the team and told them, hey, let's make sure that we build a generic anomaly detection engine so we can use it across any type of data in Elastic. And that's what the team has done. So if you open up our APM app today, you know -- not only have APM data visible to you and the ability to drill down to various transactions, but we can also use our anomaly detection engine to find anomaly -- anomalous traces or transactions and so on.

And we've just integrated that into our security space as well where within the Elastic SIEM map, you can integrate our anomaly detection engine to find anomalous login events or DNS data points or things along those lines. So yes, our goal is to take everything that we develop in the context of AI and machine learning and build it in a way that can move laterally between use cases because it's all the same data in Elastic. And I'm excited about being able to take that and apply to all the various use cases that we have.

Richard Davis -- Canaccord Genuity -- Analyst

Great. Thank you very much.

Operator

Our final question will come from Brent Bracelin of KeyBanc. Please go ahead.

Brent Bracelin -- KeyBanc Capital Markets -- Analyst

Thank you, Shay. Aso a few here. You talked about NVIDIA, Freddie Mac, TomTom in the opening script. What's resonating most with those customer wins? Is it the pricing model, cost, true consolidation, new insights enabled by a single repository for APM log? I'm wondering what's resonating the most with some of these new customer wins.

And then one quick follow-up for Janesh.

Shay Banon -- Founder and Chief Executive Officer

Sure. So by far and the place where we're most established at in the observability space is logs. We are the most popular, best product out there today when it comes to storing logs in any environment. We are the de facto open source solution now there and our products get better and better and better all the time.

And we see that reflected either on a competitive basis or even in a non-competitive basis because we're the only one playing there. So I'm excited about that. Then all of these customers adopted us initially for logs and still a big part of their decision-making is the logs aspect when it comes to adopting our products. It does resonate with them.

The fact that they can then go and also use us for infrastructure monitoring and APM, especially since most of these customers already have APM vendors that they're using and they're excited about the ability to consolidate all of their spend with a single vendor but also all of the data in a single vendor, and being able to go and gain even a more significant insights into with. And that's another area that I -- when I talked to the customers and the users that they're excited about, there's a level of efficiency that is supercritical when you're in an operational mode. And the need to jump between products, whether it's by a single vendor or not, is just exhausting. And this goes beyond just the need to go and command switch between application.

It also just the need to go and have to go and have the mental override of remembering where you were to be able to go back to it. And that's something that truly resonates with the actual practitioners that do the work day-to-day. And I'm excited about the ability to go and enable them and making them successful.

Brent Bracelin -- KeyBanc Capital Markets -- Analyst

Helpful. And then, Janesh, as a follow-up, a lot of concern on the macro. And given you have 40% plus the business international, could you just talk about linearity you saw internationally? Or any color on the demand activity outside of the U.S. over the last 30 to 60 days?

Janesh Moorjani -- Chief Financial Officer

It's a great question, Brent. We haven't seen anything fundamentally different in terms of shifts in the last 30 or 60 days. Obviously, we continue to keep a pretty close eye on those developments, and things are moving quite quickly. And to your point, just given the amount of business that we have coming from outside the U.S., that's something that we are keeping a close eye on, but we haven't seen any fundamental shifts in buying behaviors or demand in the last 30 or 60 days.

Brent Bracelin -- KeyBanc Capital Markets -- Analyst

That's all I have. Thank you.

Janesh Moorjani -- Chief Financial Officer

Thank you.

Duration: 68 minutes

Call participants:

Anthony Luscri -- Vice President of Investor Relations

Shay Banon -- Founder and Chief Executive Officer

Janesh Moorjani -- Chief Financial Officer

Raimo Lenschow -- Barclays -- Analyst

Kash Rangan -- Bank of America Merrill Lynch -- Analyst

Matt Swanson -- RBC Capital Markets -- Analyst

Mark Murphy -- J.P. Morgan -- Analyst

John DiFucci -- Jefferies -- Analyst

Tyler Radke -- Citi -- Analyst

Dan Church -- Goldman Sachs -- Analyst

Richard Davis -- Canaccord Genuity -- Analyst

Brent Bracelin -- KeyBanc Capital Markets -- Analyst

More ESTC analysis

All earnings call transcripts