Elastic N.V. (ESTC) Earnings Call Transcript & Summary

At Elastic, we are inspired by the work of our community every single day, whether it's helping improve societies through philanthropic pursuits, transforming the way business gets done or innovating on technology in ways previously unimagined You, our community are solving complex problems while making your organizations and the world a better place. The Elastic Excellence Awards recognizes outstanding technical projects powered by Elastic. And I am so excited to share the winners with you today. When Elastic's award program began in 2017, it consisted of one category. The Elastic Cause Awards. Through the years, we have celebrated so many incredible teams who have used the Elastic stack to do good in the world. And we are continuing this tradition today. I'm honored to announce this year's winner of the Cause Award, recognizing an organization that is addressing social and humanitarian challenges for the betterment of the world. The 2021 global winner is our Archipelagos. With Elastic at its core, Archipelagos aims to harvest climate intelligence, making it freely available and open source, facilitating the rapid search location and transformation of climate change and air pollution data from multiple sources and formats into a single cohesive form. Their GasX tool, Toolkit rather, will help fellow citizens, governments, academia and industry to visualize greenhouse gas emissions and the many point sources of pollution, emissions and their impact on the wider world. The tool is capable of showing planet-scale views from neighborhood to Orbit and back again with the means of drawing powerful insights previously concealed by platform complexity or [ high cost ] the Cause Award honorees are MindSpot, MQ Health, Macquarie University and Oak Ridge National Laboratory. Our second category is the Business Transformation Award. This award recognizes organizations that are creating measurable company-wide added value within each Elastic solution, enterprise search, observability and security. Our first Business Transformation Award winner is for Enterprise Search. The 2021 global winner is Kin + Carta Europe and Linklaters. By partnering with Elastic digital transformation consultancy kin + Carta Europe offers its clients best-in-class search experiences. Today, we are honoring the work of Kin + Carta Europe and the global legal organization and magic circle law firm, Linklaters. Kin + Carta Europe was able to deliver a 10x faster search experience and improve the multilingual support for Linklaters one legal search application using Elastic Cloud Enterprise. Congratulations. Our second Business Transformation Award winner is for observability. The 2021 global winner is Furuno. Now Furuno is a Japan-based electronics company that specializes in marine electronics, including radar systems, navigation instruments and sonar technologies like fish finders, enhanced by Furuno's use of Elastic Observability. The company provides satellite communication services to help customers analyze and control data use in near real time, without taking away bandwidth needed for operational purposes and preventative maintenance to keep them connected at sea. Our third Business Transformation Award winner is for security. The 2021 global winner is ICF. ICF is a global consultancy and digital services provider with approximately 7,500 full and part-time employees at ICF, business analysts and policy specialists work together with digital strategists, data scientists and creatives to plan, design and implement transformative projects. Their cyber and resilience specialists help military, national security and commercial clients build and successfully defend the most aggressively attacked infrastructures on the planet. From energy to public health, to digital transformation and disaster management, to sustainability and climate adaption, ICF combines unmatched expertise with cutting-edge engagement capabilities to help private and public sector clients solve their most complex challenges, navigate change and shape the future. Congratulations. Now inspired by the year's ElasticON Global theme of SOLVE, we have created a new category, Solve with Search. The category recognizes an organization that is uncovering relevant insights through data and driving action from those insights. And our 2021 global winner is Maryland Innovation and Security Institute. Maryland Innovation and Security Institute, or MISI, is a boundaryless organization designed to disrupt traditional innovation. MISI was founded for the purpose of helping organizations accelerate the discovery of viable cybersecurity and related technologies. MISI founded the MISI Academy concept in partnership with the GBC MISI Academy, a 501(c)(3), which puts emphasis on cybersecurity skills for the next generation, and that has a special focus in the recruiting of young women and minorities that are underrepresented in the fields of STEM and cybersecurity. Elastic's tools and MISI's ability to leverage the Elastic Cloud has been essential in MISI's mission to educate, train and prepare students for employment and to sharpen the skills of their DOD partners. MISI's partnership with Elastic has enabled the team to uncover new insights related to cyber resilience and compliance gaps for small and medium-sized customers, especially in the defense supply chain. Congratulations. The Solve with Search Award honorees are Quorum Software and Deloitte. I am constantly amazed by our community's creative and original projects based on Elastic. Our next category celebrates these use cases. The Innovation Award recognizes an organization that is reimagining the way problems are approached and tackling challenges head on to innovate and achieve success. Our 2021 global winner is the U.S. Army Corps of Engineers, Navigation R&D Program. The U.S. Army Corps of Engineers maintains the nationwide Marine Transportation System or MTS, of coastal ports, waterways and Inland Rivers as part of its federal navigation mission. Elastic has been integral in providing value to U.S. ACE, practitioners and decision-makers through the integrated navigation analysis and visualization, or I-Nav platform. I-Nav provides seamless access to the massive spatial temporal data sets that capture MTS conditions and utilization rates. This information is critical to U.S. ACE project managers seeking safe and cost-effective maintenance strategy. To construct I-Nav, the U.S. Army Engineer Research and Development Center partnered with its Dredging Operations Technical Support Program and the spatial data branch at the U.S. ACE Mobile District. The I-Nav Data Science and Engineering Analysis Platform is providing next-generation capabilities for the Corp's navigation business line. This ensures responsible stewardship of the 15 B taxpayer dollars required each year to maintain hundreds of coastal ports and tens of millions of inland water waste nationwide. The Innovation Award honorees are TopHap, Inc. and Paradox. Here at Elastic, we have an incredibly active and impactful public sector community. We are consistently amazed by these organizations' work and are excited to have an awards category dedicated to them. The Public Sector Award recognizes a public sector organization that is leading the way in innovative, sustainable and critical use cases. Our 2021 global winner is King's College Hospital NHS Foundation Trust. The King's College Hospital NHS Foundation Trust provides health care and emergency services in Southeast London and is a major academic center. KCH is internationally and nationally renowned for its specialist work as well as supporting leading-edge research and an undergraduate medical school. It is also a local hospital, providing vital and extensive acute hospital services, which accounts for 70% of its work. Traditionally, data and health care often becomes siloed into many distributed specialist databases. KCH has used Elastic to overcome this hurdle by creating an analytical platform, CogStack, a centralized searchable resource of structured and unstructured data to facilitate audits and research and fully utilize their data. This award winning platform, its clinicians, and the provision of health care informs their research and improves patient outcomes. The Public Sector Award honorees are U.S. Naval Ship Repair Facility Japan, RMC and GBM. Congratulations. Our final award category is the Certified Professional of the Year. Elastic is proud to offer numerous certifications. Our training and certification team have created a wonderful program and achieving a certification is no small feat. The Elastic Certified Professional of the Year Award recognizes one individual who received their Elastic certification and then went on to give back to the Elastic community and advance their personal and professional goals. The 2021 global winner is Felipe Queiroz. Felipe is a solution architect based in Brazil. He became an Elastic certified engineer in 2019 and has been advancing his career and growing his Elastic footprint ever since. Felipe has shared that the certification has provided him the confidence and the technical skills necessary for new job opportunities, building meaningful projects, writing more than 40 articles and 25 videos in Portuguese and helping others with their journey with the Elastic Stack, providing them support to achieve success in their own projects. Felipe now has completed 2 more certifications, the elastic certified analyst and observability engineer and is a two-time Elastic Gold contributor within our community. Congratulations. On behalf of all of us here at Elastic, congratulations to the 2021 Elastic Excellence Awards, winners and honorees. And thank you to all of this year's applicants. It has been an honor to grow with you and learn from you and from your groundbreaking use cases and successes. You will truly embody what it means to be a solver. [Presentation]

Hey, everyone. Welcome to our second virtual ElasticON Global event. I'm so excited to be here today because our community is core to everything we do. That's why we designed this conference for you, our community, a community of solvers, people who help solve the world's most complex problems every day. Elastic is a company that is distributed by design. It means we believe in harnessing the strength of diversity because different people approach problems and solve them differently. And this is one of the many reasons we believe community is more than code. Community is also the strength of the diversity of its people. Community is the foundation that Elastic is built on. Community helps shape our products for ease of use and adaption, while we remain true to our free and open core. Over the next few days, we have a packed agenda. We have dozens of sessions delivered by Elastic users plus our engineers, solution architects, educators and product managers. We have breakout sessions and hands-on workshops. You can interact with Elastic experts while building new skills. You can even attend live interactive training courses to help you prepare for certification exams. Elastic's Chief Product Officer, Ash Kulkarni, will be sharing what's next in terms of the innovations we will be rolling out over the coming year and beyond, and our solutions and platform keynotes will go deeper into what you can expect. Plus, we have fireside chats with people who are solving some of the most complex problems from here on Earth to Mars and in the cloud. We will be talking with chef Jose Andres. Jose is the founder of World Central Kitchen, which has the mission of using the power of food to nourish communities and strengthen economies around the world during times of crisis and beyond. And Diana Trujillo, an aerospace engineer at NASA's Jet Propulsion Laboratory, where she serves as a flight director and the robotic arm system domain lead for the Mars Rover mission. Both Jose and Diana have fascinating personal stories. And in a few minutes, I will be talking with Scott Guthrie, Microsoft Executive Vice President of Cloud and AI about community, innovation and what the Elastic and Microsoft partnership brings to you. Community, innovation ecosystem, a powerful combination that ensures Elastic brings the power of search to all of you with speed, scale and relevance. We rolled out so many innovations in our Elastic Search Platform, which includes Elasticsearch, Kibana and the 3 Elastic solutions built into it. And at Elastic, every minor release is like a major release elsewhere, and we had 5 releases. Some of the highlights across the Elastic Stack include the GA of Elastic Agent with centralized management in Elastic Fleet, giving you a single unified agent to onboard and manage data sources while also protecting all endpoints, including hosts, from cyber threats. Searchable snapshots in the new frozen data tier, allowing you to store and search petabytes of data easily and economically, using low-cost cloud object stores like S3 and making them fully searchable. Schema on read with runtime fields giving you the choice between flexibility with schema on read or blazing fast performance with schema on write, all in one stack and the best user experience for all of our innovation is the Elastic Cloud. We offer optimized deployment architecture, support and benefits of a managed service delivered by the makers of the Elastic Stack with access to new features on the day the software releases and easy one-click upgrades. In Elastic Cloud, we introduced autoscaling to help automatically scale deployments as your resource needs grow. We enhanced cross-cluster replication and cross-cluster search between regions and across cloud providers to break down data silos. So rather than forcing you to bring the data to one place, which is expensive and slow, we'll bring search to where your data lives. We continued our first-party integrations across the major cloud providers from bringing native billing integration to our cloud marketplace listings, natively embedding Elastic Cloud within the Microsoft Azure portal to tighter integrations with Google data services. We also extended our support for secure private connectivity across all 3 cloud providers so you can now privately and securely connect Elastic Cloud deployments to your public cloud environments. We are making these investments because every organization, your organization, needs to be able to search across all of its data to find relevant information, keep systems up and performing and protect against threats. Search has the power to converge data silos to look around data corners. That's why we believe every data problem can be solved by looking at it through the prism of a search box. We know you look to Elastic to connect the dots between diverse data challenges from SIEM and endpoint security to observability to enterprise search. That's why years ago, even as we were building out our logging capabilities to help companies observe their applications and infrastructure, we acquired an APM company, Opbeat, with the goal of integrating application traces directly into our platform. We recognize that keeping systems up and performing is a search problem regardless of the type of data used to do so. That was even before the term observability was widely used in the market. And we are hearing from you that you are seeing the benefits in our observability solution. For example, we recently released correlation capabilities, built using advanced search techniques in Elastic APM. It accelerates root cause analysis by automatically surfacing the attributes that have the most significant impact on service performance. We made it easy to ingest data across thousands of hosts through Elastic Agent centrally managed by Fleet. We introduced user experience monitoring and synthetics to give developers new tools to test, measure and optimize end-user digital experiences. We also marked an important milestone for Elastic Security. As with observability, we recognize the convergence of SIEM and endpoint security early on. Two years ago, we acquired Endgame. And as we did with Opbeat and APM, we've integrated Endgame's endpoint technology into our platform. I'm thrilled to see this vision come to life in a major way with the market's first Limitless XDR, providing end-to-end protection, detection and response for any organization, not just large enterprises, on all endpoints, including in the cloud, all in a single platform. I couldn't be more proud of the team for delivering this innovation. And with Elastic Enterprise Search, the OG Solution will reach an important milestone in simplifying Elastic deployments and enabling new use cases for enterprise customers with the introduction of a brand-new web crawler. You can now have a fast and powerful way to ingest content directly from publicly accessible websites and make that content easily searchable. In addition to our platform and solution innovations, we are driving significant momentum in our expansion of our ecosystem. We announced that Elastic Cloud on Kubernetes, ECK, became a Red Hat OpenShift certified operator. Elastic Cloud on Kubernetes is scanned for security risk by Red Hat to meet their certification requirements and can be found and installed through the OperatorHub web console. Also, earlier this year, we announced a partnership with Grafana Labs on a joint development of the official Grafana Elasticsearch plug-in. It enables users to combine the benefits of Grafana visualization platform with the full capabilities of Elasticsearch. We also partnered with Confluent to develop an enhanced product experience for Apache Kafka and Elasticsearch users to strengthen existing integration and simplify the ways to output data from Kafka with ECS. And we have continued to expand strategic partnership with our cloud partners. For the second year in a row, Elastic was selected by Google Cloud as the Technology Partner of the Year for data management. And we were honored to be recognized as the 2021 Microsoft U.S. Partner Award winner in business excellence in the commercial marketplace. We now have 45 regions across AWS, Google Cloud and Azure, plus partnerships in China with Alibaba and Tencent. Our goal is to be everywhere you are, because being there for you, our community is what it is all about. I want to thank our amazing community, customers, partners and Elasticians for participating in our virtual event and driving our continuous innovation. It's been an incredible year. Now I'm thrilled to introduce Scott Guthrie. Scott, welcome, and thank you for joining us.

Thanks so much, Shay, for having me here, and it's great to be part of this event.

Well, first of all, also thank you for wearing your red T-shirt. You're known for wearing red T-shirts. I wear black T-shirts. I didn't know that, that was happening before, but I feel honored that you're wearing one just for us.

My pleasure.

So let me start. Community is very important to us as we spoke through the whole presentation, and we are proud of our roots. And Microsoft has deep connections to the developer community. It's -- there's evidence throughout a Visual Studio, GitHub and .NET. I can even mention a small tidbit from the history of Elastic. In our first-ever user conference 7 or 8 years ago, Microsoft was the sponsor of our conference, and we were like a very small company. And Microsoft gave away USB that said Microsoft loves Linux. And I remember everybody in the conference were like shocked by the fact that it will be USB keys with it. And I think it shows how much you embrace communities. Now from a security perspective, I'm pretty sure that you don't give USBs anymore out there. But maybe you can tell us a bit about how Microsoft developer tools help users drive innovation and all the investments that you're making there?

Yes. It's -- people often think of Microsoft provide lots of different products, and we do. But if you go back to the foundation of the company, 46, 47 years ago, it started with the developer tool product. It was Microsoft Basic. It was the very first product that we sold and built. And developers have always been deep in our DNA and developer tooling has always been really at the center of the company. And so today, if you look at, whether it's GitHub, whether it's the Visual Studio family of products, including Visual Studio Code, whether it's things like .NET, Azure, as well as kind of a broad set of open source communities that we contribute to. I think we're now the largest contributor of any enterprise or company to open source in the world. That's always been at the heart and having deep developer connections with communities and by delivering great developer tools is always going to be at the center of what Microsoft does because we know that creators are really the future and developers are going to be critical to everything in the world going forward.

It's interesting. It's something that I've also found, which is as long as you have developers at the forefront of what you build and you create direct connections between the developers, the consumers of your products and the developers that create the product. You almost like, you don't have to worry about the future because good things will happen once you get the 2 teams talking. And you mentioned it in your answer, but maybe you can elaborate a bit about why is it so important for Microsoft to support commercial open source and source available companies like Elastic and others?

Yes. And I think it's fair to say Microsoft, 20 years ago, had a very different perspective on open source than we do today. And we changed pretty much 180 degrees over the last 10 years, where open source is now front and center of everything that we do. And so again, going back to whether it's VS Code or GitHub or .NET, all of them deeply embrace open source and are, in the case of .NET and VS Code are, in fact, open source to the world. And similarly, I'd say with Azure and the Microsoft Cloud, the majority of our workloads are Linux and have been for quite a while. And we recognize that open source is at the heart of how developers want to build new experiences going forward, and we're trying to make sure we deeply embrace that. And part of the relationship and the partnership we have with Elastic is also about how do we support and embrace both open source, but also commercial open source and open source companies that are built around it because we also do recognize that people want to be able to use open source, they also want to be able to leverage it as services. They want to be able to have the same type of enterprise, great promises that they're -- they had maybe 10 years ago from commercial products. And partnerships like we have, I think, has been key to taking open source to the next level. I think it's a great example of that would be say Ecolab, who is kind of a global leader in water hygiene, infection prevention, and they wanted to upgrade their legacy security solution and leveraging Elastic on Azure, they were able to dramatically reduce their operational costs as well as the number of security tools they needed and the partnership that Microsoft and Elastic have give them the confidence, really to bet big on this and really build and deliver a tremendous solution that's protecting their customers. And I think there's literally thousands of other examples like that, that I think I can point to. And our shared commitment to having an open, flexible and really integrated platform together, I think, is a great win-win for everyone and to the broader ecosystem at large.

I love that story because it's also such a great cause, and you feel like you're doing something good in the world. I remember when I released Elasticsearch way, way back, I was telling my friends and say, like, I hope that I will just create a net add positive effect on what the software will end up creating. And open source and communities that are at the core of this transformation that is happening. I think in April 2020, Satya Nadella said, Microsoft has seen like 2 years' worth of digital transformation in just 2 months. And it's amazing to see. And we are seeing this dramatic change over the last 1.5 years in many aspects and many of which are acceleration and movements towards like growth in data and move to the cloud and digital transformation. What have you seen in the last 18 months that is really like pushed the envelope or inspired you maybe from an Azure or cloud perspective?

Yes. I think the pandemic has dramatically accelerated, I think, digital transformation and in many ways, just accelerated a whole bunch of trends that were already happening and -- but move them from being a, oh, we're going to do this over the next 5 to 10 years to like, no, we're going to do it over the next 12 months or in some cases, 30 days. And if anything, I'd say the cloud in particular, was already in people's minds before COVID, but the -- I think in some ways, COVID helped cement the criticality of the cloud because suddenly, companies realized this wasn't just key for the next project. It was key to keep their companies running. And we saw people that moved to online and moved to remote work almost overnight and needed to dramatically accelerate their usage of, say, Office 365 and Teams for collaboration. We saw people that had plans to do more with e-commerce retailers that want to do more of e-commerce and they realize we have to do everything with e-commerce because our store fronts are closing down and dramatically accelerate the way they deliver the solutions to their customers in a digital way or an online way first. We've seen people start to kind of adopt business transformation, whether it's supply chain reinvention, supply chains right now are very constrained because of the pandemic. And everyone is reinventing, okay, how do I do supply chain management? That requires new tools, that requires new software and dramatic acceleration there. And I think we're seeing the use of data in new ways. And I think going forward, literally, everything is going to have an IP address, be generating data and companies are going to move from monthly or weekly reports to how do they know in real time what's going on inside their organization. And as part of all that, then there's a whole bunch of security that needs to be added. And I think the world has also become a less secure place or at least the perception is there's more cyber activity from a security perspective than there's ever been. And companies are looking for, okay, how do I do all these things do them quickly, but at the same time, do it in a way that I can operate and run my company reliably, safely and securely. And that also brings with it a tremendous amount of digital change, all of which is happening at once. And so I think this is going to continue, and it's a great time to be in tech because I think for all of us participating on this call and watching, all of us that are practitioners of tech within our companies or providing tech to others, it's an exciting time where new solutions are being born literally every day in lots of new ways. I'm curious what are you seeing from your last 18 months, curious from the Elastic perspective, what you're seeing in terms of trends.

First of all, we're seeing something very similar. Elastic was created with the core belief that once you have data, the best way to explore data is through the power of search. And you put a search box in front of people, and they know how to use it, and that tends to hide behind it, a lot of complex data and make it approachable to users. And when data volumes grow, I think search is an index to that data volume in terms of exploring, these just like grew as well from our perspective. And also, the 3 solutions that we focus that built into that using the search technology, our enterprise search products, you mentioned Microsoft Teams and Office 365 and companies going online and remote, all of that information, dynamics and support tools and issues, all of that needs to be searched. And companies are generating a lot of data now in an asynchronous written way and that's a lot of IP. And by the way, I find valuable because those used to get lost in like face-to-face meetings and hallway conversations that are still important. And it's wonderful that we can capture them now, but how do we search them becomes the actual aspect that companies are looking for. And then tying to what you mentioned around security and to a degree also observability once you bring application online, you need to be able to observe them, make sure that they're up, and that's a big part of what we do, starting from logging, getting into application, performance monitoring and now the broader observability space. And same thing with security. I mean the surface area of a company has expanded dramatically once digital transformation happens and that surface areas generate data, and you need to observe that data to be able to go and protect the companies back and we're investing also heavily in our security capabilities and protection is exactly for that. So it's been an amazing ride. I mean I wish it was under different circumstances, but also the stories that I'm hearing and our ability to support together, Microsoft and Elastic support companies as they go through that transition, that's just very humbling to see. And I think we've invested in trying to make our integrations and Elastic usage within Microsoft and Azure as seamless as possible because easy wins and simple wins. And Elastic, and one of the things that I'm very proud of over the last 1 year, 1.5 years, Elastic is only one of the like handful of companies that were chosen to implement and integrate using this Microsoft Azure++ marketplace integration. And can you tell us a bit about that and thoughts on what were you trying to achieve and maybe why Elastic was chosen for it?

Yes. I mean, I think as everyone is trying to drive this digital transformation, I think one of the things that becomes essential is how do you try to get as much done as quickly as you can and do it securely and operate it reliably. And the more we can make it, together, a great integrated experience that ingrates things like identity, things like security, things like billing policies, things like network security rules, the more that it's easy to fall into what I call the pit of success versus the pit of failure, the more successful our joint customers will be. And so we've done work together across Microsoft and Elastic to take the experience and integrate it directly into the Azure management portal and literally have it so that the same way you can say, New VM inside Azure or a new database inside Azure, you can create a new Elastic instance. And again, having identity, security, billing, monitoring, all integrated together, so it just looks like a fully managed service that's completely integrated the way all the other Azure services are I think, again, that just makes our joint customers much more successful, gives them the ability to get going quickly and get going with best practices quickly and leverage the existing skill sets they have with the rest of the Azure experience and be able to use all of that with all the best of Elastic. And it's compatible and consistent with the upstream code base. So it's 100% compatible, all the features there work but again, fully integrated across the Microsoft Cloud. And I think that's the best of all worlds. And as you mentioned, it's not something we do with many partners. Elastic is pretty unique in that and I think that sort of speaks to the depth of the partnership that we have. And I think we've seen -- I mentioned Ecolab earlier as one customer that's been successful with it. Others like [ Porche ] or Iron Vine or Adobe are also likely -- likewise taking advantage of this native integration. This includes others like Blue Yonder. doing a bunch of supply chain projects as well that are also doing co-innovation and integrations as part of this experience. And I think the more we bring in, the more we integrate and the more great partnerships we bring together, again, the more joint success that we can enable for more and more customers and partners around the world.

I completely agree. I love seeing it because like next to Microsoft investments in community and open source, I feel like there has been acceleration also in Microsoft becoming again a platform. A platform is defined by our -- the ability to go and build into it. And I love us working side by side with the developers at Microsoft and figure out the kinks and ways to integrate and everything around that to make sure that our users have seamless user experience and getting to a point where as the Elastic Cloud and Elasticsearch and the ability to deploy, it just feels like a native service. And that native integration is amazing to speak about, but let's give our users and our viewers a chance to see it. So I just love how easy it is and maybe we can see a quick demo of it and just -- I'm still impressed by how easy and native that integration is.

That would be great.

Thanks, Shay. Hi, everyone. My name is Bianca, and I'm a product marketing manager here at Elastic. And joining us, we have Rohit, a senior program manager from Microsoft. And today, we're going to show you how easy it is to find, deploy and manage the Elastic Stack, that's now natively integrated within the Azure portal. Simply search for Elastic Search within the Azure search bar, then create a resource like you would any Azure service. From here, you'll give it a name, select your resource group, and your region. You can change a few other settings like enabling automatic log collection to send data directly into your cluster. Once your cluster spins up, you can view the details within Azure and you can launch Kibana to view the data you just ingested. On the left navigation, you have the option to monitor your resources and virtual machines as well as further configure your deployment. From here, you can resize your deployment, track the health and set up traffic filters for additional network configurations. Now I'll turn it over to Rohit to explain to you what you can do with these configurations.

Thank you, Bianca. In this part of the demo, we will go into the deeper integrations with Elastic, illustrating the ease with which customers can set up their secure V-Net communications via Private Link and also how our Azure Spring Cloud customers can configure their locks. As you can see, you can now configure your Private Link connectivity from the Azure portal directly via the configuration display. As you can see, the Private Link endpoint details are now automatically populated in the Elastic Cloud's traffic filter, allowing for an end-to-end configuration of your Private Link. Now I will show you another example of how our Azure Spring Cloud customers can configure their logs. In this example, we can see how our Azure Spring Cloud users can easily send the logs from their Spring Cloud application directly to Elastic via this integration. They can also view the visualizations of their logs via the default Kibana dashboards built into the Elastic Cloud portal. Thank you, and hope you enjoyed these demos.

So that was impressive to see. I just love how simple it is. I think there's still obviously more work to do, and I love the collaboration that we're building together. It's not only what we've done now, but it's the arc of the collaboration towards the future. And it makes a huge difference. Like for joint customers like Citrix or to just value the transparency and efficiency that happens by that native integration with Azure. Azure also has like an immersive and impressive catalog of services. For users, that make it like a cloud platform of choice, right? The growth of Azure is just wonderful to behold. What role do you see like partners like Elastic providing to Azure users? Like how do you jointly -- how do we jointly serve customers better?

No. I think that integration that we saw is a great example. I think technology should really help remove barriers and by streamlining access with single sign on and portal integration, reducing complexity and really automating data ingestion and just making it seamless. And even just being able to track it as part of your bill and set billing quotas and all the other things that the Azure experience has just making it be completely turnkey, I think, just helps our customers accelerate and their needs are accelerating. So we need to keep doing this because they're going to want to accomplish more and more in the years ahead. And the more we can integrate our entire portfolios together the more we can help them be successful. And we're really focused on how do we integrate with Elastic, with others in the commercial marketplace. We've got a huge number of both enterprise customers, but also enterprise ISBs And in some ways, it's about how do we sort of unlock and enable that end-to-end integration across all of them, which can, I think, make this a win-win situation for everyone. I just, as one example in our marketplace now. We've got thousands of solutions, and we just reduced our marketplace fee. There's lots of discussion right now about app store fees and things like that. We reduced our rates down to 3% whereas most people in the industry are either 20% or 30%, partly because we just -- we want to get out of the friction experience and just sort of how do we connect great partners with great enterprise customers and really let the magic happen, which is actually driving the integration across all these things. And we're very committed around how we build both our own first-party services, but then, again, partner with folks like Elastic and thousands of others in the marketplace to kind of really enable everyone here that's watching this call to be able to kind of deliver even better solutions that drive digital transformation going forward. So I think the future is going to be exciting, and this is really just the tip of what we're going to be able to accomplish together.

I agree. And I just love how forward-looking Microsoft is, like you mentioned the marketplace fees of 3%. We already took this reduction in marketplace fees and immediately rolled it to our customers, and they suddenly saw better bills. So that's just amazing. To a degree, maybe that's also the power of cloud. Once you make this movements, immediately, everybody gets access to it and that's pretty amazing to see. Microsoft and Elastic have made such significant [indiscernible] forward in our partnership and collaboration over the last year. What are you most excited about moving forward as we continue to enhance our partnership and we jointly deliver even more value to our customers?

Yes. I think we're both committed to really enabling developers to code, collaborate and ship from anywhere, all with enterprise security built in. And so I think I'm really excited about how we continue to push forward on that and really integrate our offerings together in deeper and deeper way to enable new capabilities. And our partnership with Elastic across Microsoft is incredibly strong. We partner with you on a global level, and we're going to continue to expand that footprint. So it runs in every Azure region, every Microsoft cloud region around the planet. Earlier this year, Elastic was a Microsoft 2021 Rising Azure Technology Partner of the Year Award finalist and a winner of our partner award and business excellence on the commercial marketplace, which is awarded by our U.S. organization, which is the bigger what we like to give out every year. And [ till the progress ] we've made since we launched the Elastic Cloud on Azure in December of 2019 has been great to see. We talked about some of the customers that are already using it at steel today. And just in the last 2 years, we've expanded to more Azure regions globally. We're going to keep driving that. We're going to integrate it even deeper in the Azure portal and drive our security solutions for adding it to our Azure Gov offering so you can also use it for public sector workloads and ones that need additional compliance and security. And I think you're going to see -- we're going to see continued future integrations between Elastic and things like our Azure Spring Cloud for Java or Azure App Service or Azure Kubernetes services and create even more of a seamless experience both for Java and Open Source developers as well as developers of all languages. And I'm really looking forward to how we continue to kind of achieve more together and more importantly, how do we enable our customers and our partners to deliver even better solutions in the years ahead. And I think it's going to be an exciting ride, and I'm really looking forward to seeing what people create with it.

I agree. I agree. It's amazing to see. And I share your enthusiasm and just excitement about the fact that we're providing such a service working together and just making our customers and partners' life simpler and easier. Scott, I want to thank you very much for joining us. I know the -- are people looking virtually this time around as well. Also very appreciative of you joining us, and thank you for your leadership in Microsoft. It's amazing to see a company that has evolved and progressed in such an art that is very inspiring to smaller companies like us at Elastic. So thank you very much, and enjoy the rest of the day.

Thank you so much for having me. It was great to be here, and want to thank everyone for watching and really looking forward to the rest of the day.

Awesome. Thank you, Scott.

Welcome. Welcome to ElasticON, our global user conference. I'm Ash Kulkarni, and I'm very excited to be here speaking with all of you, both about all the innovations we've delivered in this [indiscernible] year, but also about where we are taking the direction of the product portfolio going forward. So let me set the context a little bit. If you think about what's going on in our personal lives, what's going on in business, we see data volumes exploding everywhere, just growing exponentially. IDC estimates that we will be generating 480 exabytes of data per day by the year 2025. That's a lot of data. Think in terms of what it takes to ensure that your customers and your employees are able to get the right relevant information quickly. That is a big challenge. Now if your customers aren't able to get the information that they're looking for when they come to your applications or your website, they're going to go somewhere else. So that's a big challenge for businesses. Another different domain, but equally important is how do you ensure the uptime of all of your business applications. Now modern application architectures have become incredibly complex. Micro services-based architecture, containers, cloud-native deployments, infrastructure as code, when you put all of that together, what you see is any 1 web transaction can often cross dozens of technology boundaries. So what it takes for a site reliability engineer to be able to quickly diagnose the root cause for why certain transactions are going slow or why your site is down, that's a pretty big challenge looking through all of that data. And then lastly, let's look at cybersecurity. Cybersecurity is front and center in everybody's minds. If you look at all the sophisticated ransomware attacks that we have seen the industry suffer through recently, the supply chain attacks that are now, at this point, almost pervasive, these are big challenges. And the more distributed our architectures are, the harder it is for a security operations center to be able to find the right needle in the haystack on exactly where is this attack emanating from? How is it proliferating throughout my organization? These are big problems. And if you aren't able to solve that security threat quickly, that's a reputational damage. So at the face of it, all of these 3 might seem like they are distinct challenges that have nothing to do with one another. But in fact, there is 1 common theme, it's the data. And it's the fact that the data is absolutely voluminous. When you think in terms of what it takes to surface the right enterprise information to your customers and employees, it's sifting through all of that enterprise data. Similarly, when you think in terms of what it takes for a site reliability engineer to get to root cause, it's about sifting through all of that observability data. And when you look at what it takes for a security operation center to be able to identify the right indicators of compromise, it's about being able to look through all of that security data potentially going back multiple years. And all of that is really, really difficult to pull off if you do it using traditional databases. That is a big problem. So that reminds me of a quote by Grace Hopper. And she was a veritable legend in the field of computer science. And she once said that the most dangerous phrase in the English language is simply that we have always done it this way. That's the problem. We can't do it the way we've been doing it. Now thankfully, all of you and all of us who have been using Elastic Search for a while know that the right answer to attack all of these challenges with a search. Now why search? Well, search is fundamentally good at being able to understand how with speed and at scale get to the right relevant results irrespective of the use case. Let's look at e-commerce. When you go to any website online, you're shopping for something, pants, shoes, doesn't matter what, you expect to be able to search through the catalog. You expect to be able to filter and sort even know which store nearby has exactly what you're looking for, that is all about relevance. And because search is all about relevance, search is almost always the right answer for powering all of those experiences. That's enterprise search. Let's look at observability. When you're looking at everything from metrics to APM traces, to logs, it becomes incredibly important to quickly correlate all of the information across all of these different sources of data to allow you to understand what is at the heart of a slow transaction or what is at the heart of a system being down. And because search is iterative and it's all about speed, it is what most efficiently allows a site reliability engineer to quickly diagnose and fix the problems. Now let's look at security. Security often ends up being all about trying to find the indicator of compromise or indicator of attack pertaining to the threat that you're worried about within your enterprise. That involves comparing those IOCs or indicators of compromise, whether it be a file hash, a IP address, a domain URL, whatever it might be. Comparing that and correlating it against all the data that you've been capturing across all of your different threat vectors, going back a year or more, that's massive amounts of data, often many petabytes of data, being able to do that at scale is something that search is inherently very good at doing, which is why search is so good at security. So here at Elastic, we always focus on search with the power of search being able to deliver the right kind of enterprise search, observability and security capabilities that our customers care about. And that's going to be the focus of the stock. And we're going to really get deep into demos and so on. Now let's dive into some of the core areas. First, starting with enterprise search. In the case of enterprise search, we have focused a lot on making it simple for you to build integrations or just out-of-the-box integrations for common content sources, whether it be Dropbox, Google Drive, Slack, salesforce.com, every release comes with additional out-of-the-box integrations, just making data onboarding that much easier. Most recently, we have also delivered the general availability of our web crawler. The web crawler is something I'm very excited about. It makes it absolutely easy for you to ingest in all the data, all your web content that you might need to create a search experience on top of your website. Now let's jump a little bit into observability, Elastic observability. On Elastic observability, we delivered user experience monitoring. This means that now you can measure and optimize the experience of your website from the perspective of the end user. Getting that end user insight is so important in observability is now you can make sure that every one of your end users gets the fantastic experience that they deserve and expect when they come to your website. Similarly, we delivered APM correlations. This is all about using the power of machine learning to surface the attributes that are most correlated with either slow transactions or transactions that simply fail using the power of machine learning to point you in the right direction. And then most recently, we've delivered Elastic Agent. Now we've had various ingestion methods like Beats as an example. But what agent does is it elevates our ability to ingest in data easily and quickly. Through one Elastic Agent, you can now on whatever host you want, get the right capabilities for visibility. And it's not just about observability, but it's also about security. Just simply by swiping right, I can effectively give you both Observability and Security on any host that agent is deployed on. And let's touch upon Elastic Security next. Elastic Security, we started on this journey when we joined forces with Endgame. And today, Elastic Security is our fastest-growing business. With Elastic Security, we brought together the capabilities of Elastic SIEM and endpoint security to deliver what we call Elastic Limitless XDR. And we're going to get into a lot more details in the upcoming sections on this. But really, at this point, Elastic Security is the only solution out there where you can start at the very top with highly correlated detection -- security detections in your SIEM coming from all of the different sources of data that the SIEM is looking at, seeing that particular alert and then drilling down all the way to the specific endpoint using our integrated endpoint security capabilities, being able to look at a particular host, inspect that host really using OS query, which is now integrated into our solution as well and then taking remedial action like isolating that host as an example. It is really hard to do all of this from one contiguous workflow, and we can do it because of the power of Limitless XDR. Now let's turn a little bit and talk about Elastic Stack. Elastic Stack is at the heart of the Elastic Search platform. And when it comes to Elastic Stack, we've always thought in terms of power plays. How do we build functionality into Elastic Stack that can be leveraged by all of the 3 solutions that are built in Elastic Search platform, Enterprise Search, Observability, Security. Now just one example of these power plays is the capabilities that we've delivered to help you reduce the total cost of ownership. Searchable snapshots and data tiers is a perfect example of that. With searchable snapshots and data tiers, you can store data in low-cost storage systems like object stores -- like cloud object stores and take advantage of the economics that it provides to make it possible for you to search across many, many petabytes of data. That is a game changer, and it's something that Observability, Security pretty much everything that you do with the Elastic Search platform benefits from. We've also made major improvements in how easy it is for you to both ingest data, deal with new sources of data, unknown formats using runtime fields also made it possible for you to visualize data much more effectively with Kibana Lens. Lastly, we've made a tremendous amount of innovations in the area of machine learning. Now with all of that, I'd like to get to Elastic Cloud. We've always made it possible for our customers to self-manage their deployments of the Elastic Search platform. But we know that the vast majority of our customers have either already moved to public cloud or are rapidly moving to public cloud. Also, they want us to be able to support their multi-cloud architectures and their hybrid architectures. So with all of this in mind, we have invested a tremendous amount of effort to make sure that Elastic Cloud, which is our fully managed cloud service, is the best way for you to consume the Elastic Search platform. Elastic Cloud is supported on all major cloud providers, on AWS, on Azure, on Google Cloud. We even support Tencent and Alibaba for our customers in China. Just on AWS, Azure and Google Cloud alone, we are now present in 45 different regions and growing fast. And in this past year, we have delivered a lot of functionality that makes it possible for you to use Elastic Cloud for all kinds of enterprise use cases. We have delivered, as an example, auto scaling, which makes it possible for you, for your cluster to scale gracefully as your workloads grow. And again, requiring no manual intervention on your part. One last thing I'll touch upon here is the capabilities that we've delivered in the area of cross-cluster search and cross-cluster replication. Data has gravity. So rather than you having to move the data to where your Elastic Search cluster is making it possible for you to have Elastic clusters distributed in different places and moving the query across region, across multi-cloud to where your clusters are. So don't move the data, move the search queries. That is real innovation that we know is going to benefit our customers tremendously. Now I thought that we would get into each one of these sections in detail and have the leaders who are driving the direction of the product in that particular area, give us more insight into the latest that's going on there. So to begin with, I thought we should start with Elastic Stack and Elastic Cloud. Elastic Stack, as I mentioned before, it is the heart of Elastic Search platform. And to help me do that, I'd like you to welcome on stage, Steve Kearns, VP of Product Management for Elastic Stack; and Uri Cohen, Senior Director of Product Management for Elastic Cloud. Steve, welcome.

Thanks, Ash. Excited to be here.

Steve, how many [ ElasticONs ] has it been for you now?

My goodness. This is my seventh year of ElasticONs going right back to our very first in 2015.

That's pretty amazing. If I just think about the arc of innovations that we've seen over all of these years, congratulations. So Steve, we used the word platform, and I'd love to get your take on what does the word platform mean to you?

It's a great question, and it's not surprising that we've been hearing the word platform so much more often. I think it's a good word to describe both the way that we build the Elastic Stack and the way that everybody use -- [ experiences ] it. We've done this from the very beginning. We're constantly asking ourselves, what can we add to Elastic Search and Kibana to this core platform, it makes it easier or better or faster for people to solve a wide range of use cases on that same core technology. As a company, as a product, we have 1 single data store. Elastic Search used across all of our use cases. And that means that when we see a need or we find a way to reduce storage, improve speed, we can build that directly into Elastic Search itself and all our users and customers benefit from that. In this 1 data store, 1 common schema, makes it easy to expand, how you use this back at the company level. You start using it for 1 use case, say observability, you can expand to security or the other way to Enterprise Search or any other of those combinations. But the benefits here go beyond just that developer or practitioner, having 1 platform means that your IT and your ops teams kind of buy the same sets of skills for operating the Elastic Stack. Same rules for defining how you configure security, and thanks to features like cross-cluster search means you only need to store data one time, and you're not having to duplicate it across multiple systems or data stores or even data centers. And so for those who need to consider budget, this idea of having fewer products to manage, fewer contracts to negotiate really makes a big difference. And so this notion of platform really applies across organizations in terms of how they engage with the product, not just how they use it for the one primary reason that comes in the door the first time.

Yes. I love that, Steve. The way I think about it is data has gravity. And everything that you touched upon sort of takes that into account, how do we make sure that we bring the compute to the data, cross-cluster search and all of that's just awesome. So Steve, we firmly believe that the Elastic Search platform is the best platform to help you search, observe and protect. Now tell us a little bit more about everything that we are doing in the stack to make that absolutely a statement that everybody can get behind.

Absolutely. There's a countless number of things that we're working on at any given time. But one of the big themes that we've been focused on over the last couple of years and going forward has really been on driving down the total cost of ownership. What can I do? How much data can I store? How much value can I bring to my organization? And to do that, we've been focused on a couple of different areas. One of our biggest recent additions is what we call searchable snapshots, which lets to use these low-cost object stores -- cloud object stores to dramatically reduce the cost of retaining data for longer. With the cold tier of searchable snapshots, you could reduce cost by almost 50% over a typical hot-warm deployment by moving and keeping just one copy of your data in the cluster and using S3 or another object store to provide high availability, allowing for automatic recovery without having to pay to keep that data active on nodes in your cluster all the time. But the frozen tier is even more significant. It lets you directly search data that's stored in S3 and our approach is smart so that when you run a query, we're only going to pull down the specific pieces of the specific indexes that you need from S3 to answer that request. And because we're pulling this data, now obviously, the results are going to be a little bit slower versus reading it off of an SSD. We have not changed physics yet, but that's the trade-off or normal hot, warm, or cold node would easily hold, say, 10 terabytes without breaking a sweat. For frozen, a single host can search 10x that, well over 100 terabytes without breaking a sweat. And that can translate into a 90% reduction in the cost for retaining data for long. So the benefit here is that you can continue using the same system, the same dashboards, the same reports on the same stack that you already know and use. And so if you do have regulatory or business requirements that require retaining data for 6 months, 1 year, have them for bid 5 years, this capability makes it much more cost effective to continue using that same system, same dashboard that you've [indiscernible] to use a lot.

That is beautiful. All right. What else are we doing?

Well, so another big area that we think a lot about is how do we run efficiently in the cloud. And when you're operating in public cloud environments, you have to pay the cloud providers charge for data transfer between availabilities. And if you want a highly available cluster, it has to be in multiple availabilities. And so one of the things we've been looking at is saying, how do we reduce that cost of network traffic in the cloud providers. And one of the things that we've released as part of 715 is a smarter way to compress the network traffic. And what this means is we know quite a bit about the content of the messages. When you're indexing bulk requests, we know that we can compress those. Its JSON going -- JSON documents going over the wire, those are very compressible. But when you're moving [indiscernible] over the wire, it doesn't compress as long. And so how can we be smart about both which kinds of requests we compress and how hard we try to [indiscernible] what algorithms are we using to do that compression. And so rolling out as part of 715 and Elastic Cloud, we actually see a 50% to 70% decrease in network traffic so that the data transfer cost being reduced by half or more for our customers. And so it's a huge accomplishment there, but we didn't stop there in looking at network traffic. We also looked at how data moves between hot, warm and cold and different and healthy clusters. And what happens when hardware fails, and we need to recover from those scenarios. In most production systems, we realize, especially in Elastic Cloud, it's owned by default, folks take regular snapshots or backups to protect against catastrophic hardware failures. What we realized is we can use this data. It's already an S3 to reduce data transfer even more. When data is moving between tiers, historically, you copy that from the primary node. So from one running machine in your deployment to another one. Same thing happens when a node leaves the cluster because you've [indiscernible] or you're doing an upgrade, we have to move that data around. But instead of moving that data from the hot node directly to the new replica or to the warm, we can actually use S3 and pull that data down. If the data hasn't changed from that most recent snapshot, we can pull the data down and it allows us to do something that's pretty impressive. We've seen this reduced [indiscernible] by another 10% while also speeding up the process of recovery and replication and at the same time, improving reliability by putting less pressure on those [indiscernible]. So it's very rare. I'll say that when we can build one feature that reduces costs, improves performance and increases reliability. So this is a nice. We're very happy about it.

Those are the best kinds of features. And so I mean that is the trifecta, right? You're reducing cost all of these things. And again, this is something that we are making available in Elastic Cloud, correct?

Absolutely. Enabled by default, starting with 715.

That's going to be absolutely awesome. What else?

So one other big area, and this will be the last one for this topic for this meeting. But look, one of the biggest use cases that we see, fastest-growing use cases is around metric. And Elastic Search has always been a great place to store metrics. But as we've seen the number of use cases for metrics flowed over the last few years, we've actually spent a good part of the last year designing a better solution for storing and querying metrics data inside Elastic Search. Today, when you store metrics in Elastic search, what we're doing is really storing an event that shows the state of a machine or an application and its metrics at that point in time. This works really well. And it's nice that every document is fully self-describing of all its metadata, right, very convenient for clearing. But it means you're storing all that metadata on each document. And even with efficient compression, that takes real storage space. And worse, because we're treating these as events rather than a stream of data, it makes it difficult to reconstruct the relationships between these different observations from these services and systems. And so one of these big features we're working on is dedicated metrics support directly within Elastic Search. This will allow us to change the way we write metrics the disk and some of our early tests are showing a full order of magnitude reduction in storage space, really substantial impact here. And almost as exciting, it opens the door for us to begin supporting a richer set of metric specific query functionality. Today, it's difficult to write queries around the movement of counters that reset when an app restarts. And supporting this kind of thing is a key design target of this new metric storage. And as we're thinking about saying, hey, how do we support these new kinds of queries, one of the things we're very aware of is that how shouldn't it be nice to use a metric specific query language like PromQL. And so one of the things coming out the other end of this project will be support for PromQL directly within Elastic Search as a first-class query language. Stay tuned for a little more on this one at the conference tomorrow.

Very -- I'm very excited about everything that you're going to presenting tomorrow at the platform, DeepDive. So that's fantastic. What else?

Well, at this point, I'd actually like to hand it over to Uri Cohen, who's joining us by video today to show us just how far we have come and where we're going with easing the onboarding, getting started with the stack, getting data in and showing us really what that looks like. So let me hand it over to Uri. Take it away, Uri.

Thanks, Steve, and hi, everyone. It's great to be here today. I will admit this is only my fourth Elastic compared to your 7, Steve. So I guess there's still some catch up for me to do here. So in the next few minutes, I'll walk you through the improvements we've made and we'll be making to Elastic Cloud to help you get started and see value from it in no time. We realize your time is valuable. And one of the reasons we're using Elastic Cloud to begin with is to save you all the hassle of managing the underlying infrastructure and the Elastic software [indiscernible]. So we can't expect it to spend days just to get your data and visual on it. We'll look at what's already possible with the Elastic 715 and as we do, also touch on what's coming next, leveraging exciting new features like the unified Elastic Agent and centralized integrations [indiscernible]. So let's dive right in. We'll start with the sign-up process. We've worked very hard to make it quick and painless. And as you can see, subscribing to Elastic Cloud and getting immediate access to your 14-day trial only requires you to type in your e-mail and password with no upfront commitment of any kind. You can also use your Google or Microsoft identity you prefer, which is what I'm going to do here. So just like that, with a couple of clicks, I have created my Elastic Cloud account, and now I'm ready to go [indiscernible]. I can also subscribe from any cloud marketplace. Marketplace support is available for all major cloud providers. Let's create the deployment by clicking the create deployment A deployment is essentially an Elastic Search cluster in the Kibana instance and then a couple of other services to support the management of data shippers and enable Elastic features like workplace search and APM. Let's first give the deployment [ a name ]. You can also choose the version, cloud provider and location of your deployment. Elastic Cloud has presence in all 3 major block providers across more than 40 regions worldwide. Now let's [indiscernible] it further and enable auto scaling just by checking this box. This will enable auto scaling of Elastic [ Search data ] based on storage utilization. Elastic Search will constantly evaluate the required storage based on how fast your storage digitalization grows, and will signal to Elastic Cloud that it needs more capacity to accommodate for the growing volume of data. Elastic Cloud will pick up that signal and add the required capacity to the cluster without missing a beat. Since we introduced auto scaling a few months ago, the user reception for it has been great. And in the coming months, we'll be enabling it by default for all new deployments. We're moving one of the trickiest steps of sizing and operating deployments. We'll also be adding additional auto scaling dimensions like your data ingestion rates. Now let's create a deployment. Now once a deployment is created, you'll be able to log right into Kibana by using our single sign-on integration with the Elastic Cloud Console. When you first line into Kibana, you'll see the option to add your data or add sample data, which contains a number of pre-configured data sets. I'll go ahead and click the add data button. In 715, the default option still uses beats, which requires you to install relevant beats components like Metricbeat, Filebeat, or Auditbeat on every server or end point in your fleet and manually configure each of them for every new data source you want to enable [indiscernible]. I'll show the Elastic Agent, which was [indiscernible] 714. So we'll first switch to the integration stage. Actually, that's first installing agent with the fleets page. As you can see, with one simple installation command, you can install and enroll an Elastic Agent to your fleet server, which is available in every Elastic Cloud deployment and can manage and remotely configure tens of thousands of connected agents. [indiscernible] install the agent on my laptop. So it should be up now any second. And here it is. Let's go back to the integrations page. From here, adding a new data source is as simple as clicking a few buttons. Now back to the integrations page, let's also look at the system integration we looked previously. This integration collects various system metrics and long term, the host installed them. Now that I can configure what data sources to collect from within Kibana. Again, no [indiscernible] configuration, all from within Kibana and one single step that can be applied to tens of thousands of agents simultaneously. Note also of that integration is added to [indiscernible] which can literally apply to one or more agents in your fleet. In this case, the integration is already installed into the default policy with every agent. So the [indiscernible] installed on my laptop already has it enabled and is sending data to my cluster. Beyond just enabling data collection on the agent side, each integration also contains additional assets like predefined dashboards and ingest pipelines for service by data enrichment. Let's go ahead and look at one of those dashboards. And there you go, data already being collected and sent to my cluster just with a few clicks. Now this was easy enough and onboarding new integrations is as simple as going back to the integrations page and enabling them from there. So expect more integrations to become available through Elastic Agent, the centralized integrations page, including, for example, Enterprise Search and even native Elastic Search clients. So this was very short, but I would give you a good idea about the amount of work we've been putting in and we'll continue to put in to make data onboarding into Elastic Cloud ridiculously easy. And with that, back to you, Ash.

Well, thank you, Steve. Thank you, Uri. That was absolutely fantastic. It's truly clear to me that Elastic Cloud is the best way for customers to experience the Elastic Search platform. That was awesome. The next area that I'd like to get into is the area of Enterprise Search. Now traditionally, customers might have thought of Enterprise Search as either app search or workplace search. But in our minds, it's a lot more than that. Every time a customer or a user uses Elastic Search to build custom search use cases, that, to me and to us, is enterprise search. And there's a lot that we are doing in that area. And to talk more about everything on Enterprise Search, I'd like to welcome to stage, Diane Tetrault, Director of Product Marketing for Enterprise Search; and Matt Riley, VP of Product Management for Enterprise Search. Diane, welcome.

Thanks, Ash, so excited to be here today.

So Diane, I know that there's a lot that you want to walk us through. It's -- so Enterprise Search has become ubiquitous. So take it away.

Yes, you're right. It has. It's amazing to see Search has taken over almost every aspect of our daily lives, both as consumers and as employees. Just think of how many times you've searched today looking for a coffee shop or maybe a document. And in these days of [indiscernible] we're no longer looking for pages of possible answers. We're now looking for the answer. And that means now more than ever, we, at Elastic, need to give our customers the tools they need to deliver that advanced relevance. So relevant that, in fact, they could continue to return a single search result so they can answer every single question every single time. And we've been making tons of advancements in Enterprise Search and service of that [indiscernible]. And we've been doing mindfully, trying to achieve that perfect balance between giving you as much control over as possible over your search projects, while still simplifying the complex for you to speed up your time to value. And that path to single best answer confidence is kind of a journey. And to deliver that perfect relevance, you need to get all of those foundational building blocks right along the way. The first step of that journey is the core technology, which, of course, we believe is Elastic Search. But the second step is one that we've heard from most of our customers loud and clear that it's possibly the most difficult step and that's side of ingestion. It makes or breaks the success of every search project. And in search results, always starts with what you put in, and it's harder than we think than to get all that content in. Sometimes it's really hard to find that data. There's so many disparate data sources to integrate with and getting to that is very hard and difficult to manage, which is why for the last 12 months or so, we were focused on simplifying ingestion. And you'll see that in a number of our recent product announcements, and we'll dive into those in more detail in our Enterprise Search keynote as well, but I'm going to take you through just a couple of those today. First, over the last year or so, we've made huge advances in the depth and breadth of the connector library that we offer. These out-of-the-box connectors enable you to simply integrate with all of the most popular cloud applications, whether that be Salesforce or ServiceNow or even Google Drive. And we have made it easy to integrate those, so you can search across all of those from a single search bar, and these intelligently built connectors are now even more configurable and flexible as well as easier to manage. We've added granular indexing control, which allows you to specify exactly which objects to synchronize or exclude when ingesting. And we're super excited because so many of our customers have told us that the majority of the content that they need to be searched is on their website. And with that in mind, we are delighted to announce the GAs, the general availability, of our new powerful enterprise search web crawler. It's designed to simplify the ingestion of all of your web content while giving you complete control over how and what it indexes. And it means you can make your website content searchable in minutes, not months. In fact, let's take a quick look at the Crawler. I'm going to show how easy it is to set up and automatically ingest and crawl all of your website data. So I'm going to just head over into Enterprise Search, and I'm going to pop into [ app ] search. And I'm going to go into my engine that I have running already. And I'm going to just go in there. And as you can see, it's inviting me to add content. This is obviously the first step. We have to ingest in content. And there's a number of ways to do that. through JSON or indexing from API. But now we want to go ahead, and we want to use the Crawler for the simplest, easiest way to ingest our website content. So it's really easy for me to go in there and create a new crawler because all I have to do is choose my domain. So I'm going to go ahead and I'm going to index our Elastic blog. And the reason for that is that it's actually the kind of site that makes a great candidate for this because it's constantly being updated, often by different folks. And we want to make sure that content is always searchable. So I go in there and I add that URL, then I can go ahead and validate the domain, and it's going to do a couple of quick checks just to make sure that, that URL is going to be working for us and then I go ahead and add that. And so now I can go ahead and start that crawl, but what I could also do is like to go in there and I can sort of edit this crawler to make it even more powerful and effective. So if I want, I can go in and I can even add a site map, right? So I can go in, if I have one from my side, I can go in and I can easily add that. I can also set up some crawler rules. I can choose what to exclude, what content to allow and not allow or what pages to allow. Maybe I want to limit it to a single language on my site or a single area. So I can go ahead and do that. And of course, there are some filters and there are some things like making sure that we don't duplicate documents, which is a really important step in adding all this content. So I can always go ahead and do that. And before I keep that off, I'm just going to have a look at the query tester, and I'm going to type in a little query and I'm going to show that actually, I don't have any content just yet. So just -- so you know that there's nothing in there just yet. So I'm going to go ahead and now that I've done that, I can go ahead and I can get started by clicking the start crawl button at the top. And that's going to kick off a crawl, and it's going to get going and it's going to go out there and it's going to start indexing the site. So you'll see over here, I've got 0 documents to start, but as that crawl is running, if that count is going to go up. And I can also go into My Documents tab and have a look at the documents that are being added. And if I want, I can go up here back to my query tester and as I see the documents are adding in, I can go in and run a little query test and see what's popping up. And as you can see, some results are starting to show up. And I can also go into the search UI, and I can automatically generate a search UI that allows me to go in and just do some tests and see how the search results are performing. So what I can see right away that my documents are showing up. And going back here to the web crawler tab, I can see the status of it. I can see that it's running, and I can see that there's documents populating. And I can always go in and I can always make sure that I've created an automatic crawl as well. So if I want to make sure that my content is being updated every day or so, I can go ahead and set that to one, save it, and I can run. And now as you can see, the documents are populating and the crawl is running, and it really was that simple to get the web crawler to start crawling the website and making all of that content findable.

Yes. And that was very impressive. So first of all, I have to say, I love the vision that you've painted. This idea that we want search, we want Enterprise Search to be smart enough that we can always give you the 1 correct answer. That's an absolutely fantastic goal. And the way you laid out that journey, everything from onboarding to relevance and so on, just makes so much sense. And the ease of use that you just demonstrated with the web crawler, I mean, this seems to be just perfectly built the user experience designed for making it easy to add a search experience on top of web content. So exciting. This is going to be a big, big timesaver for our users, for our customers. So great work. And I know that there's a lot more. You talked about onboarding. And then in that picture that you had, you had relevance. So to talk about everything that the team is working on in the area of relevance, I'd like to now turn it over to Matt. Matt, welcome.

Thanks, Ash. I'm happy to be here and excited to tell everyone about some of the recent releases and some of the investments we're making into the future, especially regarding bringing machine learning models and techniques into our relevance products. So we'll start with precision tuning which gives you a new level of control over the underlying keyword matching that forms the basis of your relevance model. And we've put all of this in a very simple UI right alongside the other relevance controls that we've had in the Enterprise Search product for some time now. We've also made investments in the curations feature, which allows users to go in and modify the search results on a per keyword basis to make them match whatever you think is the most relevant set of search results for that particular keywords. The way that we're improving keywords is by driving machine learning algorithms to create automation, essentially by taking the click-through behavior of the end users on your website or in your search experience, how they're interacting with the search results themselves, we analyze that information and the machine learning models automatically create and suggest curations for you so that you are going through on each individual keyword, trying to make sure that you're getting just the exact right document in place. And this is something we share about from a lot of our customers. They all know that they'd like to be leveraging more of their end user behavior to improve the search relevance for their specific set of content and machine learning allows us to automate some of that process. But by putting it all inside the administrative dashboard of the enterprise search product, it also allows us to give them some editorial control. So as we make suggestions via the automated algorithms, the end administrator also has the ability to review those suggestions, accept them or project them and ultimately gives them the kind of control that they expect to have while also automating a lot of the hard work that they end up having to do. And we're really proud of the progress we've made in bringing these relevance features to market so far. But as we look to the future, we're eager to start leveraging even more recent advancements in machine learning to take our relevance models really to the next level. And that brings us to the investments we're making in vector search and natural language processing. The idea with vector search is to move beyond keyword matching to the point where we can return documents that are relevant to a user's query, even if that document does not contain the exact words that the user used in their query. Now imagine you're building a search experience over a knowledge base that describes the end user requirements for a consumer streaming service, for example. And you'll probably have an article that describes things like the connection speed requirements for streaming on that service. And for a certain set of queries that uses my type when they're seeking that information, it's going to be very easy for us to match the keywords. If they type connection speed requirements and those words are present in the document that you wrote in the knowledge base, the match will take place, and they'll find the relevant content quickly. But the fact is users ultimately search for things in a huge variety of ways, even when they mean the same concept. And what we're trying to do with Vector Search is really make it possible to actually match those documents even when the keywords in the user's query does not exist in the document itself. This takes us well beyond traditional keyword matching and into what we call semantic search. And the way we do this is through this dense vector search model. Now in order to make this work, we have to pass all of this text -- the original text body through a pretrained language model that produces these dense vectors. And then the querying process becomes a search through vector space, where semantically similar words are close together in that space. And this is what allows Elastic Search to really make that relevance match and return the document even when the words are not necessarily the same. So in order to make this possible, we've actually had to make a few key fundamental investments in the Elastic Search product. The first of those is model management and native inference, which means you can take a pretrained language model, load it into Elastic Search directly and perform influence calculations directly inside of Elastic Search, leveraging the distributed nature of the entire Elastic Search cluster. And that allows you to boost those dense vectors that allow this new kind of relevance matching to take place. The second investment we're making is around nearest neighbor search and making that as fast and as scalable as possible, which requires a whole new set of algorithms to be implemented natively inside of Elastic Search that now will take that dense vector search space to find nearest neighbors and can do it very quickly and at scale. So we're really excited about these investments and some of the earliest releases of this are coming very soon.

Thank you, Thank you, Matt. This has been exceptional. It's great to see everything that we're doing in the area of enterprise search, especially loved the vision. Being able to get to 1 single correct answer, that's a great vision to have. So now I'd like to turn to the next area, Elastic Observability. An Elastic Observability -- Elastic is one of the most widely deployed Observability platforms out there. And to tell us everything that we're doing in the area of Observability, I'd like to invite on to stage, Tanya Bragin, VP of Product Management for Elastic Observability. Welcome Tanya.

Hi, Ash.

So Tanya, how long have you been at Elastic, like what is this ElasticON number, what for you?

ElasticON #5, I believe. Yes.

That's awesome. We've come so far in that time frame. So the question that always comes to mind is, as we think about modern applications, there is this narrative you always hear that Observability is a really complex challenge. What makes it so complicated?

It is a complex challenge. Observability initiatives, as you know, Ash, are not new, but we see it with our customers, they're still hard to get right. And it's at least in part due to the fact that the infrastructure and applications that we build are constantly changing in terms of what's required. It's a shifting landscape. And so you think you're done and then something new comes along and you're doing it all over again. When you think about it, modern applications, they involve hundreds and hundreds of hosts and containers dynamically deployed load balancing, web APIs, mobile clients. There are so many moving parts. So truly understanding these interactions is just very hard.

And so if it is that hard and all these moving parts, what is the right answer? Like what are we focused on? How do we believe we can actually simplify this and make it easy for practitioners to do with the Elastic Observability product?

Yes. So in the end, in order to get visibility into everything that's happening, you have to collect all the data, and we'll see that it's an ongoing process. You're never done with that. You do have to centralize it into a platform that then exposes this data and makes it actionable to those that build and maintain the applications. That's kind of the easy picture. In reality, we see that our customers find it challenging. They find it challenging to quickly onboard Observability data. And they do find a challenging also to make a sense of it. It's a massive amount of data. How do you make it really relevant to all of these different stakeholders, those are the key challenges. And the good news is that the Elastic Search platform excels at solving these challenges, and that's why it's become such a good base for our customers' observability initiatives. But you know, Ash, I will say that we're never sort of content. We're always working to make it better. So remember back to Steve's section, he talked about the dedicated metric support, that's so exciting, right? This means that for all of our observability users, the metric storage efficiency is going to get even better, which is great. It's a good example of the power of the platform.

Yes, that makes a ton of sense. So you talked about the fact that Observability involves sort of getting the right visibility into all kinds of data. So tell me a little bit more about that like what's -- what are we doing to make it easier for you to bring all that data into the platform?

Absolutely. So as I mentioned, data onboarding is a continuous process, especially for modern applications and infrastructure that underlies it. Take as an example, Kubernetes. With all the apps being deployed and redeployed and services being spun up and taken offline, you're never done onboarding. And that's exactly what we enabled so well with the Elastic Agent. We let you have continuous visibility into this onboarding process and really make it a center of excellence. So let me show you actually how we do it. In this scenario, we have an e-commerce website, just transitioned Kubernetes in micro services, that's the good news. The bad news is that they're now very quickly need to get visibility into all of their operations ahead of a big sales event, a very common scenario. So how do they do it with Elastic Observability and Elastic Agent? So in this case, I'm going to put the hat on of an Observability platform engineer looking to enable Kubernetes integration provided as part of our solution. How do I do that? I'm going to search for Kubernetes, and I very quickly see that it's not a single integration. It's actually a number of integrations because Kubernetes is pretty complex, and there are many ways to collect data from it. The good news is I have this 1 Uber integration that I can enable with just a few clicks. And once I do that, I'm prompted to install the Elastic Agent into my Kubernetes infrastructure with a single command. As I run that command, the agent deploys as a DaemonSet in my Kubernetes nodes, and this is the key part. It registers back with a central console that we call fleet. So I, as an Observability engineer, can quickly observe the health of these agents and just make sure they're running or even pushed on policies back to them as needed. That always be onboarding kind of mentality that we see become so important. So this is the console. I can see all of my agents. I can now observe how my deployment is going, and I see that they're online now. That's good, right? In parallel, I can start seeing data coming back from all of these places and infrastructure. I can see logs, I can see events, I can see metrics. And I can start searching around. And for instance, one of my key services, Redis, I can quickly see where Redis is deployed inside this infrastructure. For Redis, I may want to enable additional visibility, and I can quickly go do that with an integration that we've built for Redis. I just go back to the same integrations UI, search for Redis and enable it. And noticed that the central console tells me if they need to update any of the agents, right? I don't need to redeploy anything. I don't need to go mass with the MO files. Everything happens via just ways of clicks, and I can now examine Redis in a lot more detail with these prebuilt assets.

This is actually really, really compelling, Tanya. We've always had support for ingesting logs. We've supported metrics. We've had support for APM, user experience monitoring, so much in the overall area of observability. But like you said, the biggest challenge is always starting with the data, how do you get all the data in. And what I like about this is it's Beats. We've had Beats for a while, but Agent sort of takes it to that next level where like from one place you're able to deploy and then get all the information that you want, right? It's almost like this mechanism for deploying everything that you need on the endpoint and then making sure that everything can be managed centrally through Fleet. So clearly a lot. And I presume I might be speaking ahead security Beats, but I presume that through Agent, we can also deploy and manage some of the endpoint security beats. Am I getting this right?

Absolutely, Ash. That's the exciting part. So many of our users have joint Observability and security strategies and now they can leverage the power of the platform and the centralized onboarding UI for both.

That's awesome. We often say, right, why just observe when you can also protect. This is great because now I can just effectively just swipe and say, swipe right and select and now I've got security for that system as well. This is great. Now part of it is bringing the data in. But when you are looking at information coming at you from all of these different areas, what I heard you also talk about is the complexity of being able to identify what matters. I presume mean time to resolution. All of that is very critical in this space. So what are we doing for that?

Absolutely. I mean the reality is that no human can mentally process all this raw data even from this modesty size Kubernetes environment I just showed you. It's just too much, right? The concept of staring at logs or even looking at a charter or a dashboard. How are you going to do that? We have thousands of metric points coming in? You can't possibly figure out what's relevant, right? So we need help. We need help to actively look for anomalies in our data and identify problems. We need help when we're investigating even looking at what seems relevant, what else is correlated to it? How can I find that out automatically. And finally, we need access to raw data to ask any question we want and get the answer quickly. That is all important, and I would love to show you how we do this with Elastic Observability.

Go for it.

All right. So in this scenario, now we've onboarded our data. So now I'm an on-call SRE and our site is experiencing some performance degradation. So let's see how I will, first of all, find out about it and investigate it. The good news is that I don't find out about it from our customers. We have automatic trending of the most important KPIs, in this case, being reported back through alerts into my console. So I'm on call and I'm seeing a number of severe anomalies around transaction duration for a key service, advertising service, right, very common. And so I'm going to investigate it. I'm going to review this before we hear from our customers. By looking at this, I can identify that this is coming from Elastic APM. So I'm going to go to a service map and look at all the dependencies of this advertising service. I see here that not only the website is affected, but also our mobile clients. This is pretty bad, right? This seems really high impact. So I'm going to spend some time investigating it. In order to investigate it, I'm going to click on to this adverse service and go to all the anomalies here. And I see them highlighted over the latency charge in red. By going through the detail, I am also presented with something called correlations. And correlations is a powerful new capability, which brings machine learning-enabled insights right into my investigative workflow. In this case, latency correlations tell me that slow transactions are highly correlated with cash misses. By drilling in only on those transactions, I now focus my view even more to the most relevant data points and start looking at transaction traces or logs just associated with these both transactions, really, really powerful. But I'm not done yet, not done, right? We all know that even in this scenario, logs can be really voluminous, even in this focused view. So I'm going to leverage the power of machine learning categories, log categories to limit what I need to look at even more. We see here thousands of messages -- log messages that happen all the time, right? And this is not an anomaly. But a few messages just started appearing as this performance degradation started to happen. So now I can start taking a look just at these log messages, specifically in the context of the log stream where they started appearing. This is really powerful. This is what helps me as an analyst, very quickly get to just exactly what matters and get to the root cause faster.

Wow. Tanya, that was absolutely fantastic. I mean I loved how you started first with the ease of use when it comes to data onboarding. And by the way, that's been a theme throughout. And then showing how you can start with at the very top, prioritized alerts that have been prioritized with all the machine learning capabilities that we now have going into the service maps, going into the APM traces and then all the way down to the logs to understand the root causes, this is very compelling. And I know that our users and our customers are going to be very excited about all of this new functionality that we've built. And clearly, agent is a game changer. And this idea of being able to do everything through 1 console, through one place is fantastic. Awesome. Thank you very much, Tanya.

Thank you.

Now the next area that I wanted to focus on was Elastic Security. Security is clearly, at this point, a Board-level concern and a Board-level priority, and we care a lot about it here at Elastic. Matter of factly, it's our fastest growing business. And to tell us more about all the innovations we've done and all the things that we are working on right now, I'd like to invite on to stage Mike Nichols, Senior Director of Product Management for Elastic Security. Mike, welcome.

Thanks very much to invite me on.

Mike, I've often heard you say that you believe that security is fundamentally a search problem. Tell me more.

Ash, when I used to be a defender, one of the biggest challenges I faced was collecting all the information from all the disparate data sources in 1 place in order to answer the questions of what happened, why did it happen, and how can I fix it? Now oftentimes, those systems just didn't have the data, I didn't have access. It was always a challenge to have that 1 unified area. And I always imagine what if I could bring a search part of this problem, would if I could just search like I can anywhere else. And that's been exasperated lately with this trend of running to the cloud as fast as possible. More and more systems out there, SaaS applications, infrastructure is in the cloud, more data that I need to answer this question of what happened in the attack. And so it's even more prevalent today than it was years ago. All these systems are producing all this data, how can I bring search to this problem to answer that question of what happened and how can I fix it.

Mike, that's awesome. I love it because in a way, we are so used to that search experience in our personal lives. How do you bring that same search experience to this fundamental problem of security? So what are we doing about that?

Well, at Elastic, we're building something we like to call Limitless XDR. And Ash, this is really about unifying sort of 3 core use cases to provide a simple solution for this problem for our users. SIEM, which is the problem of getting all that data I talked about in 1 place, putting that search bar on top and analyzing it to find threats that other people missed. Endpoint security, which provides an ability to prevent and respond to attacks on any host out there. Think about this idea of why you observe, why not protect? If you're looking at the data, why can't you also stop the problem? And then cloud security to protect that growing vector of our cloud infrastructure as we're able to take that same controls on our windows and our Mac laptops and desktops and apply them to that Linux and ecosystem in the cloud.

Yes. And cloud security clearly is a massive concern as workloads are moving to the cloud, that's an area that's a new vector of attack. It's something that every CISO worries about. Now Mike, I know that you've got a demo teed up. Everybody is excited to see demos like that's this audience. We love seeing demos. So let's cut to it. Let's cut to the demo.

I'm super excited to go even deeper in our keynote later on today for security. But I want to touch on just a couple of key highlights to tell you about. The first is let's talk about ransomware. And boy, you can't really go anywhere without seeing ransomware nowadays. It's always in the news. It's unfortunately just impacting so many different aspects of our lives and so many different companies are facing this challenge. In Elastic, we got your back. We have a way to really help you come back this ransomware threat. In the new Elastic Agent, which is our single installer that lets you manage hundreds of integrations in a single place, we have a simple place to go and check ransomware. So now I just toggle ransomware on into prevent mode, and guess what? Now I'm stopping advanced attacks that might be hitting my system. In fact, there's a recent attack that came out called REvil. REvil was a recent variant of ransomware that was going around and unfortunately impacting many users. And here in Elastic, what I want to show you is the many different ways we stopped this. Ransomware, for us, is a multipronged approach or a defense in-depth approach. We have different layers trying to stop that threat for you so that if one thing might miss, hopefully, another layer catches it, this ability to have many different bites of the apple, so to speak. Let me just quickly show you this. This is that REvil attack. And I put everything here in detect-only mode so that you can see the different pieces. And then I put the last step of this problem, the behavioral ransomware in to prevent. As you could see, many steps along the way were first, our malware detection engine, which is a machine learning model but is detecting unknown threats, found this thing and could have stopped it had I put it into prevention mode. We also have a behavioral model that runs on the events on the endpoint itself and is looking for things that might be malicious. For example, DLL side loadings, which is a way that adversaries gain persistence and execution on top of a system or host discovery, where the adversary is trying to discover other hosts in the environment in order to pivot throughout the network. We also have a layer of memory protection as well. So wrapping the memory itself, looking for things that are trying to execute off of disk, off of where most of the security tools are looking. Of course, our memory section found that and have we toggled in the prevention could have stopped the threat at that layer. And finally here, our behavioral ransomware prevention, which is another layer of ransomware, where we are looking to stop the impact of the files on disc itself, looking to stop that encryption that destruction from happening. And in this case, because I had this one set in prevention mode, it actually stopped that attack on the system, and we were able to protect the host. And not only this, but also new for -- Elastic Agent also allows us to have 1 click remediation. Let's say that I wanted to go to the system and start a deeper analysis, I simply clicked into the alert details and now from the take action button, I can isolate this host. And what isolation means is actually locking it down. So the adversary can't continue to communicate with it and nothing can be destroyed or stolen off that host while I conduct my investigation. So just a really amazing way that we are helping you to combat that ransomware challenge. Another really exciting thing about Elastic that I want to talk about is, again, new for us is this idea of ad hoc data collection. Elastic has always been the best place to collect and store your data and you had to decide what data you wanted, when you wanted to get it in the first place, right? But what if you wanted to get data after the fact, what if you realized this host was just impacted by REvil. I stopped it, but something happened, and I'm going to go dig deeper on that system and know like for example, what users were logged in in the first place? And if I wasn't collecting that user data previously, I'd have a difficult time getting it from Elastic directly. I have to go to that host through a different third-party system. With Elastic Agent, I have a 1 click integration now for Osquery. Osquery is a fantastic Open Source project that works on Windows, Mac and Linux and allows us to access that system on an ad hoc basis and collect that we might have not previously been collecting. So with 1 button here to add Osquery directly into Agent, I can now go conduct live queries on my system, things like, hey, let's take Chrome extensions or get the logged-in users. So here are one, for example, this logged-in users query that I ran earlier and show you that we can instantly pull back those results, tell you exactly who was logged on to the system. And all that data is stored back in Elastic Search. And of course, if you want to schedule this to run it again and again, you can do that. If you want to run it now, you can simply copy this and run that query again. All the power of Osquery is unlocked in a very simple management layer now using Elastic Security and Elastic Agent. And finally, I want to touch on what happens if you want to go further back, what if you actually want to build a story, a narrative, a collaboration with your team. Well, first, Elastic has built-in case management, which is really fantastic. So when that REvil ransomware attack happened, I was able to actually create a case here, and I'll click into this to show you that, where I'm able now to do things like link out to [ virus little ] for more information or link to an article that has additional details for my team to see. I can conduct actions like that isolation request. I actually log that here and put a note on why I was doing that. So that my team was aware and has an audit trail of what I was doing. I was then able to go through and look at other alerts that might be related to this and pull them into this case. So now I have a folder of all the relevant problems that exist, and then I was able to integrate this case into my third-party systems. I integrated this into, as you can see here, into Jira. So now I have a system that's tracking the sort of management of that response and remediation process. And that's not all. A common problem that exists is people will know not just about the data that exists sort of now in the system, right, not just what happened now, but did this ever happen before. Part of this analysis could have exposed, for example, a malicious command and control domain, as you saw that discovery that was earlier mentioned in the alerts. So if I saw that domain, a common question you might ask is, well, have we ever seen this domain before? Did it ever happen in my environment? And many products out there can look at today. So here, for example, here's that domain I'm looking for this malicious to see and verify that net. I'm looking at them now. But what if I want to know a month ago, 6 months ago, a year ago or even longer, those questions were previously impossible for people to answer unless they had a massive amount of technology or infrastructure behind them supporting this data collection, but that's untenable for most organizations. Elastic, when we talk about data, what we mean is storing data in inexpensive object stores and then searching on them directly. Let me show you what I mean. I'm going to simply go here in changes to the last 4 years. So now I'm not looking at today, I'm looking at 4 years of data. And what this is doing, it's doing 2 things that are really unique for Elastic. One is I'm going across the object stores themselves, those inexpensive storage mechanisms. I'm going back and seeing what's there, I had to go back years and years of data. Also, it's coming across different clusters in different cloud regions. This is actually looking at numerous different cloud regions, bringing the search to the data to be able to tell me if this problem ever existed before. So I don't have to worry about centrally locating all my information, it's going across all those things automatically. And here, you see even while I was talking, it already came back with the hit from December 4 in 2020. So almost 2 years ago, in seconds here, I was able to discover. We saw this thing before. It actually was a problem in my network earlier and now I can continue my analysis and my investigation, knowing that a year ago, 2 years ago now, I might have seen this problem before. Again, we're going to go in much more depth on this security keynote. But hopefully, this gives you a quick preview of the types of power that Elastic Security unlocks for our teams. But we didn't go deep yet on cloud security. I wanted to talk a little bit more about that and the way we view cloud security is sort of being 2 halves of this problem. One is that continuous cloud data security side, protecting ourselves sort of a build time and the deployment time of that infrastructure and the other side is that runtime security, stopping that threat as if someone is trying to circumvent control -- all my cloud infrastructure. And I think you probably saw the announcements here we joined forces with 2 amazing companies to help accelerate us in both of these areas, Build Security and Cmd. We've actually invited both of them today to come talk to you actually about how each of their technologies are going to help as they integrate directly into the Elastic Stack to solve these problems for our users.

Well, Mike, first of all, that was a great demo. I really loved the fact that you showed going all the way from the highest level correlation in SIEM, all the way down to a specific host, identifying the issue and doing something about it. And yes, I am super excited about the fact that we've joined forces with Build Security and with Cmd. And to talk a little bit more about what we are doing with Cmd, I'd like to welcome on to stage all the way from Vancouver, Jake King, Co-Founder and CFO at Cmd. Hi, Jake.

Thanks for the invite, Ash. It's great to be on the line with you.

Well, I'd say this is an audience that absolutely appreciates great technology, great innovation. And I always like to begin with a Co-founder by asking this question what was the vision? Like share with this audience like what was the genesis of Cmd?

Cmd started with a really simple concept in mind. Can we simplify ways to collect information, workload, translate it into something and analysts can operate, act upon and understand like Mike has mentioned difficulty of getting these sources of information together is always difficult. My co-founder and I really want to dissolve that problem in the easiest and most efficient way possible. And Cmd was born out of a lot of that struggle of dealing with these disparate tools and interest challenges with getting these software systems to work with one another.

Now I know that you invested a lot of effort into EBPF. Like the thing that got me very excited when I first talked to you and to your team, Santosh and others, and saw a demo of the product, what really excited me was the amount of effort that you've put into both -- with EBPF, making it easy for somebody to understand what's really going on in a system, but also the user experience. I know you used to be, from your own personal experience, somebody who is involved in helping detect and protect enterprises. So what do you have to show? Are you going to show us a demo? I know that there's work involved in integrating the products and so on, but what have you got?

Absolutely happy to show everyone a preview of what we've got in mind for Cmd and Elastic joining forces, Ash.

That's awesome. Well, let's cut to the demo then.

It's a really incredible to be giving everybody a preview of the Cmd portal and some of the capabilities that you can expect to be seeing in the Elastic family of products in the near-term future. What I wanted to give everyone a preview of today is a little bit of that dashboard experience that we provide our customers today at Cmd. What you're seeing in front of you here is a preview of some of the alerts, sessions and metadata around interactions with a production Linux Fleet, leveraging our EBPF sensor technology at Cmd. We provide a capability that allows you to track and monitor user interactions, whether they be through interactive sessions or processes running on a workload. And one of the most valuable components of Cmd is in the way we render this information. In a nonlinear fashion, we provide a very clear outlined view of user interaction with the system. This begins with our session view, detailing a number of the components around what a user has performed on a system, what they may have been doing and all of the information around those actions in a very clear and concise manner. Not only do we track nonsecurity pertinent events like the one that I'm highlighting right now, we can also highlight security-sensitive events and probably very simple and easy-to-understand explanations behind what policy went wrong and when something changes on your system. All of these activities and behaviors attract alongside many different other components of metadata, and this is provided by that powerful EBPF sensor. All of this information comes into our portal through our standard agent installation. And policies are managed using our trigger interface, a simple and easy-to-understand methodology for creating policies at a Linux first and Linux focused. We wanted to create high-quality indicators of compromise for users that are managing large feeds Linux systems and obviously providing a series of different components around the resolution and alert workflows for these, allowing you to not only break down policies by the type of user, but also by the policy themselves, highlighting every single interaction with the system in a very clear and concise way. This is a bit of a preview of the Cmd platform. We'll be going over a little bit more information in the security keynote later on, but I wanted to give everyone a preview today. Thanks, Ash.

Jake, that was fantastic. The entire user experience. And I know that Elastic users, Elastic customers are going to be very excited to see the sessions view being integrated into Kibana, into the Elastic Security console. I mean, that entire workflow is really something that I know people are going to find incredibly useful especially as we look at Linux systems. So welcome, again. Very excited to see what we're going to do together.

Absolutely, Ash. It's so great to be joining the team and great to be bringing some of that innovation to the broader Elastic community, too.

Awesome. Well, I know that we have more. All the way from Israel joining us is Co-Founder and CEO of build.security, Amit Kanfer, welcome.

Thank you very much, Ash. Great to be here.

Well, Amit, just as I asked, Jake, I always love to ask this question, what was the inspiration behind build.security? What was the genesis? Tell us about that?

So when we started the company, one of the key problems that we wanted to solve is authorization. And we thought hard how is the best way to achieve that, and we came across a great project a CNCF project called Open Policy Agent. And we chose that technology, which is very, very adopted, very trending lately. It has a vast community and ecosystem of innovations, and it's a great part of our technology, and we're happy to contribute it and help it.

Yes. And it seems like this whole idea is that policy is a core pillar of security, right? So I know that I've heard you talk about how you really need a singular, unified way to define policy in 1 place and have it be applied everywhere. Am I getting that right, Amit?

True. There's a -- every company today is a software company, and there are so many technologies, so many applications and there are many policies, many security guardwares that you want to put on top or surrounding those applications and APIs and open policy agent is a great way to do that.

Yes. So when Mike talked about continuous security enforcement in a way, talking about deployment time security and build time security like that's the part where I see policy really coming together. So what's the vision? Like now that we've joined forces, what's the vision for the work that the teams are going to do together, Amit?

Yes. So, at build.security, we really started at the runtime -- at the runtime section of it on the right-hand side of the slide that you see now with onboard integrations and hosted applications in OJS and .NET and Java and Kafka Streams, but we are shifting left. This is something that we -- a feedback that we got from customers, and we're really going left to the cloud, to configurations, the Kubernetes admission control. And that's Kubernetes admission control will be the first milestone that we plan to deliver in Elastic. We will hook the Elastic Agent into the validating and mutating webhook of Kubernetes. We'll provide premade benchmarks compliance scoring to the customers -- to the users' clusters and everything will be available to manage, to author and to view within Kibana.

That's awesome. I mean I really liked that idea of being able to define using OPA and creating these preconfigured policies, making it possible for users such that every time somebody deploys something to Kubernetes, to your cluster that you're able to validate and enforce the right security checks at that point, which is, again, this idea of continuous enforcement. I think Gartner refers to it often as security posture management. So very exciting. I know that you also have a demo. Should we cut to that, Amit?

Yes, do you want to see?

Awesome.

Ash, what I'm about to show you is our vision of how build.security will integrate within the Elastic Stack, starting from Kibana through the Elastic Search and all the way down to the Elastic Agent. Here in Tel Aviv, we have a small but mighty team of engineers working hard to help you get on top of your cloud security posture. There's first dashboard that you see here. And again, this will change in the future, provides an overview of your cloud security posture, compliance findings and where our focus needs to be. We know how complex managing compliance can be. So this dashboard is really the heart of it. The score that you see here on the upper left corner of the screen is generated using industry standard benchmarks, such as CIS, GDPR, PCI and more. Now let's explore the policy rules that enable us to provide this information to the user. Our users will have the complete control over the benchmarks they use, how they use them and when they want to use them in a dry mode, in an active enforcing mode using admission controllers, our plan is to start with CIS focusing on Kubernetes, but then take it from there to other clouds like AWS, GCP and Azure and other compliance benchmarks like GDPR, PCI and more. Before I turn it back to you, Ash, I want to show you one more thing, a tiny glimpse into the power of the solution. On the single view of the rule, you'll be able to see all the information about it, the rationale behind it and a way to remediate the findings of the rule. On the right-hand side of the screen, you can see the regular code. And this is because we're using open policy agent under the hood. Open policy agent is an extensible open-source policy engine that recently graduated from CNCF. And here at Elastic, we are embracing OPA in keeping with our community-driven open standard product development philosophy. There is a time more to come. So stay tuned. Ash, back to you.

Now Mike, we've often said, why observe when you can also protect. We've also talked about the fact that every endpoint, you really shouldn't have to count where you're deploying security, including when it comes to hosts and workloads running in the cloud, containerized applications, this is really bringing it all together. So amazing vision, great to see it all come together. Thank you, all. Appreciate it. Thank you. Wow, that was a lot. Clearly, we talked about a lot of topics we covered a lot of ground. In concluding, I'd like to say that if there's just 1 thing that I can leave you with. It's this promise that Elastic -- the Elastic Search platform, it is, and we will continue to make it the best platform to search, observe and protect all the data in your enterprise. This is something that we take very, very seriously, and it's something that we will absolutely continue to drive forward. This is just the beginning. Thank you very much.