You are human visitor number — on this page

Language · ภาษา

Search / Observability / Security

ESTC Elastic

Search + observability + SIEM franchise with a serious AI-agent push via ES|QL + Elastic AI Assistant. The rate-limiter is the cloud-native competitive pressure.

Positive Rank 135 · IGV constituent

Last price

$47.56

Market cap

$5.0B

As of

19 April 2026

Live quote sourced from Yahoo Finance. Prices cited in narrative below reflect the original memo date and may be stale.

Scores · adapted framework

Enabler

7 / 10

Autopilot adoption

7 / 10

Disruption risk

4 / 10

Efficiency upside

8 / 10

The Sequoia matrix

Intelligence / Judgment

Intelligence-leaningSearch relevance, vector retrieval, log anomaly detection, and user behavior analytics are the intelligence-heavy core. Security SOAR runbook generation is intelligence-heavy + judgment-mixed.

Copilot posture

StrongElastic AI Assistant adoption is strong inside Security + Observability. Search Copilots help build relevance configurations. Bundled via Enterprise Search + Security tiers.

Autopilot posture

EmergingAutonomous alert triage + log anomaly classification shipping; autonomous threat hunting emerging. Fully autonomous incident response not yet.

Data moat

ModerateOpen-source community is the real distribution moat — Elasticsearch is the de-facto search stack. Moat depends on whether OpenSearch (AWS fork) + commercial Elastic continue to diverge.

Execution layer

StrongElasticsearch is embedded in countless RAG stacks. Observability + Security SIEM are applied execution surfaces — agents act on log + metric data to triage incidents.

The memo

State of play · ESTC

ESTC traded near $47.6 in April 2026. FY26 revenue ~$1.5B with Cloud >50% of total. Cloud growth 30%+, operating margin low-20s. ES|QL adoption (new query language) has been a product win. License change in 2021 post-AWS OpenSearch fork remains contentious. AI Assistant revenue contribution small but growing. Recent strategic focus on GenAI vector search as the agent memory layer.

Thesis angle

Search is the memory layer for AI agents — every agent needs retrieval. Elastic is the open-source default for hybrid search (BM25 + vector). That gives Elastic a distribution wedge into the agent stack. On top, Observability + Security are classic services-as-software surfaces where AI assistants substitute SOC analyst hours. The thesis-positive read is that Elastic sits at two thesis-aligned layers: agent memory + agent action.

The framing

Bulls see Elastic as the de-facto search stack inside the agent era — ES|QL + vector + community moat. Bears worry about AWS OpenSearch commoditisation + competitive pressure from cloud-native observability (Datadog, Splunk/Cisco). Services-as-software read: Observability + Security are clear agent workloads; Search is the memory layer. If execution lands, Elastic is a long-duration franchise.

Two forces, opposite directions

Tailwind · Search + RAG is foundational for agents.

Every AI agent needs retrieval. Elastic's hybrid BM25+vector architecture + ES|QL query language + broad open-source adoption make it the default agent memory layer for many enterprises. Observability + Security SIEM layered on top gives Elastic applied services-as-software products where AI assistants substitute analyst hours.

ES|QL adoption strong across developers
Hybrid search (BM25 + vector) architecturally advantaged
Elastic AI Assistant real bookings in Security + Observability
Open-source community remains distribution moat
Cloud migration still early — multi-year tailwind

Headwind · OpenSearch + cloud-native competitive pressure.

AWS OpenSearch fork remains a commoditisation threat in search. Datadog + Splunk (Cisco) are better resourced in observability. Snowflake + Databricks compete for agent memory workloads via vector indexes. Cloud margins are thinner than on-prem. Growth is decelerating from 40%+ to mid-20s.

AWS OpenSearch commoditisation pressure
Datadog + Splunk dominate observability mindshare
Snowflake + Databricks vector search competition
Cloud margin profile thinner than on-prem
Growth decel from 40% to mid-20s

Elastic must win the agent-memory narrative to re-rate.

Elastic product lines

Line	Mix	AI posture	Thesis read
Enterprise Search	~30%	Agent memory + RAG	Thesis-core
Observability	~35%	AI Assistant + triage agents	Thesis-core
Security (SIEM)	~30%	Threat triage + SOAR agents	Thesis-core
Other	~5%	—	Non-thesis

Every Elastic product line is thesis-aligned. The franchise sits at the intersection of agent memory and agent action.

Bull case

Search is the memory layer for the agent era.

Elastic is the default hybrid-search stack with massive OSS distribution.

Observability + Security are thesis-native SOC agents.

Analyst hours substitution is real and measurable; AI Assistant adoption strong.

ES|QL has been a product win.

Developer adoption strong; positions Elastic as default query layer.

Cloud growth remains 30%+.

Consumption-based revenue accelerates as AI workloads scale.

Bear case

AWS OpenSearch commoditises core search.

Fork continues to evolve; enterprises can use OpenSearch for free on AWS.

Datadog + Splunk own observability mindshare.

Elastic Observability trails in enterprise new logos.

Snowflake + Databricks compete for vector workloads.

Vector index features native in cloud warehouses reduce Elastic's agent-memory wedge.

License change in 2021 still costs goodwill.

Some OSS community members remain upset.

Sequoia-framework fit

Thesis-positive. Search + agent memory is a foundational layer for the agent era. Observability + Security SIEM are thesis-native SOC agent products. Verdict held to 'positive' by cloud-native competitive pressure.

Investor takeaway

The open-source search stack for the agent era. Own for hybrid search moat + SOC agent monetisation.

· · ·