DETAILED ACTION
Remarks
This communication is in response to the amendment/arguments filed on October 8, 2020 has been fully considered.  The rejection is made final.  Claims 1-30 are pending for examination.  
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Examiner Notes
Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
The examiner requests, in response to this Office action, support are shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application.


Response to Arguments
Applicant's arguments filed October 8, 2020 have been fully considered but they are not persuasive.

In response to Applicant’s argument on pages 13-14 that Sainani does not teach “determining, at the streaming data processor, using an inference model, a sourcetype associated with one or more messages from the first data stream … the one or more messages including a portion of machine data generated by one or more components in an information technology environment”, is acknowledged but not deemed to be persuasive. 
	Sainani [0068-0070], [0074] and Figs. 1-2 discloses Data Intake and Query system 108 (i.e., streaming data processor) … a forwarder is described as receiving and processing data during an input phase.  The forwarder may receive a data stream from a log file generated by an application server, from a stream of network data from a network device, or from any other source of data … the forwarder annotates each block generated from the raw data with one or more metadata fields. These metadata fields (i.e., sourcetype) may, for example, provide information related to the data block as a whole and may apply to each event that is subsequently derived from the data in the data block (i.e., inferring sourcetype). For example, the metadata fields may include separate fields specifying each of a host, a source, and a source type related to the data block (i.e., determining, at the streaming data processor, using an inference model, a sourcetype associated with one or more messages from the first data stream based at least on the streaming data processor analyzing the one or more messages Sainani [0069-0070], [0074] and Figs. 1-2.  Furthermore, Sainani [0037-0039], [0072] and Figs. 1-2 discloses that in the SPLUNK.RTM. ENTERPRISE system (i.e., information technology environment), machine-generated data are collected and stored as "events". An event comprises a portion of the machine-generated data and is associated with a specific point in time.  The forwarder may contain the essential components needed to forward data. It can gather data from a variety of inputs and forward the data to a SPLUNK.RTM. ENTERPRISE server (i.e., messages including a portion of machine data generated by one or more components in an information technology environment).  Therefore, Sainani discloses the above argued limitations of claims 1, 23 and 27.
 
In response to Applicant’s argument on pages 14-15 that Burke does not teach “generating, using the streaming data processor, a second data stream from the first data stream, … based on a condition associated with the sourcetype for the message and the determining of the sourcetype”, is acknowledged but not deemed to be persuasive.
Burke [0109-0110] discloses that a forwarder receives data from an input source. A forwarder, for example, initially may receive the data as a raw data stream generated by the input source and may segment the data stream into "blocks". … annotates each block generated from the raw data with one or more metadata fields. These metadata fields may, for example, provide information related to the data block as a whole and may apply to each event that is subsequently derived from the data in the data block (i.e., receiving first data stream and generating information about the first data stream).  Burke [0112] discloses that an indexer receives data blocks from a forwarder and parses the data to organize the data into events. In an embodiment, to organize the data into events, an indexer may determine a source type associated with each data block (i.e., determining a sourcetype.  e.g., by extracting a source type label from the metadata fields associated with the data block, etc.) and refer to a source type configuration corresponding to the identified source type (i.e., generating second data stream from the first data stream).  And furthermore, Burke [0125-0132] discloses that the indexers to which the query was distributed search their data stores for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query during a filtering stage (i.e., a condition associated with the sourcetype for the message), the search head can perform field-extraction operations on the superset to produce a reduced set of search results.  Extraction rules can be applied to all the events in a data store, or to a subset of the events that have been filtered based on some criteria (e.g., event time stamp values, etc.).  Therefore, Burke discloses the above argued limitations of claims 1, 23 and 27.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 9-16, 18-20, 23 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Sainani et al. (US Patent Publication No. 2017/0243132 A1, ‘Sainani’, hereafter, previously provided) in view of Burke et al. (US Patent Publication No. 2017/0031659 A1, ‘Burke’, hereafter, previously provided).

Regarding claim 1.  Sainani teaches a computer-implemented method, comprising:
accessing messages of a first data stream from an ingestion buffer in communication with a streaming data processor to receive data from the first data stream (Sainani [0069-0070]);
determining, at the streaming data processor, using an inference model, a sourcetype associated with one or more messages from the first data stream based at least on the streaming data processor analyzing the one or more messages from the first data stream (Data Intake and Query system 108 (i.e., streaming data processor) … a forwarder is described as receiving and processing data during an input phase, Sainani [0068] and Figs. 1-2.  The forwarder may receive a data stream from a log file generated by an application server, from a stream of network data from a network device, or from any other source of data … the forwarder annotates each block generated from the raw data with one or more metadata fields. These metadata fields (i.e., sourcetype) may, for example, provide information related to the data block as a whole and may apply to each event that is subsequently derived from the data in the data block (i.e., inferring sourcetype). For example, the metadata fields may include separate fields specifying each of a host, a source, and a source type related to the data block (i.e., determining, at the streaming data processor, using an inference model, a sourcetype associated with one or more messages from the first data stream based at least on the streaming data processor analyzing the one or more messages from the first data stream), Sainani [0069-0070], [0074] and Figs. 1-2), the one or more messages including a portion of machine data generated by one or more components in an information technology environment (In the SPLUNK.RTM. ENTERPRISE system (i.e., information technology environment), machine-generated data are collected and stored as "events". An event comprises a portion of the machine-generated data and is associated with a specific point in time.  The forwarder may contain the essential components needed to forward data. It can gather data from a variety of inputs and forward the data to a SPLUNK.RTM. ENTERPRISE server (i.e., messages including a portion of machine data generated by one or more components in an information technology environment), Sainani [0037-0039], [0072] and Figs. 1-2);
Sainani teaches a condition associated with the sourcetype (The system (i.e., streaming data processor) divides this raw data into blocks (e.g., buckets of data, each associated with a specific time frame, etc.), and parses the raw data to produce timestamped events. The system stores the timestamped events in a data store. The system enables users to run queries against the stored data to, for example, retrieve events that meet criteria specified in a query (i.e., condition associated with the sourcetype), Sainani [0041]) but explicitly does not teach
generating, using the streaming data processor, a second data stream from the first data stream, the second data stream comprising a subset of messages from the first data stream, a message of the subset of messages being included in the second data stream based on a condition associated with the sourcetype for the message; and
performing at least one processing operation on at least one of the subset of messages from the second data stream.
However, Burke teaches
generating, using the streaming data processor, a second data stream from the first data stream, the second data stream comprising a subset of messages from the first data stream, a message of the subset of messages being included in the second data stream based on a condition associated with the sourcetype for the message and the determining of the sourcetype (a forwarder receives data from an input source. A forwarder, for example, initially may receive the data as a raw data stream generated by the input source and may segment the data stream into "blocks". … annotates each block generated from the raw data with one or more metadata fields. These metadata fields may, for example, provide information related to the data block as a whole and may apply to each event that is subsequently derived from the data in the data block (i.e., receiving first data stream and generating information about the first data stream), Burke [0109-0110].  An indexer receives data blocks from a forwarder and parses the data to organize the data into events. In an embodiment, to organize the data into events, an indexer may determine a source type associated with each data block (i.e., determining a sourcetype.  e.g., by extracting a source type label from the metadata fields associated with the data block, etc.) and refer to a source type configuration corresponding to the identified source type (i.e., generating second data stream from the first data stream), Burke [0112].  The indexers to which the query was distributed search their data stores for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query during a filtering stage (i.e., a condition associated with the sourcetype for the message), the search head can perform field-extraction operations on the superset to produce a reduced set of search results.  Extraction rules can be applied to all the events in a data store, or to a subset of the events that have been filtered based on some criteria (e.g., event time stamp values, etc.), Burke [0125-0132]); and
performing at least one processing operation on at least one of the subset of messages from the second data stream (Burke [0109-0113]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 9.  Sainani does not teach, wherein the subset of messages from the first data stream are included in the second data stream based on satisfying the condition and the method further comprises generating, using the streaming data processor, a third data stream from the first data stream, the third data stream comprising an additional subset of messages from the first data stream, a message of the additional subset of messages being included in the second data stream based on failing to satisfy the condition.
However, Burke teaches wherein the subset of messages from the first data stream are included in the second data stream based on satisfying the condition and the method further comprises generating, using the streaming data processor, a third data stream from the first data stream, the third data stream comprising an additional subset of messages from the first data stream, a message of the additional subset of messages being included in the second data stream based on failing to satisfy the condition (Burke [0109-0113]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 10.  Sainani as modified teaches, wherein the at least one processing operation comprises publishing the subset of messages to a topic on another ingestion buffer (Sainani [0071-0073]).
Regarding claim 11.  Sainani as modified teaches, wherein the at least one processing operation comprises assigning the sourcetype to the at least one of the subset of messages (Sainani [0070]).
Regarding claim 12.  Sainani as modified teaches, wherein the at least one processing operation comprises appending metadata to the at least one of the subset of messages (Sainani [0070]).
Regarding claim 13.  Sainani as modified teaches, wherein the at least one processing operation comprises appending metadata to the at least one of the subset of messages, the metadata including the determined sourcetype associated with the message (Sainani [0070]).
Regarding claim 14.  Sainani does not teach, wherein the at least one processing operation comprises generating, using the streaming data processor, a third data stream from the second data stream, the third data stream comprising a subset of messages from the second data stream, a message of the subset of messages being included in the third data stream based on an additional condition associated with the message.
However, Burke teaches wherein the at least one processing operation comprises generating, using the streaming data processor, a third data stream from the second data stream, the third data stream comprising a subset of messages from the second data stream, a message of the subset of messages being included in the third data stream based on an additional condition associated with the message (Burke [0109-0113]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 15.  Sainani as modified teaches, wherein the at least one processing operation comprises:
selecting a set of extraction rules associated with the sourcetype, wherein each extraction rule defines criteria for identifying a sub-portion of text from the portion of machine data of the message to identify a value (Sainani [0041-0044]);
applying the set of extraction rules to the portion of machine data of a message from the subset of messages to produce a result set that indicates a number of values identified using the set of extraction rules (Sainani [0041-0044]); and
based on the result set, performing at least one action on one or more of inference data associated with the inference model and one or more messages (Sainani [0041-0044]).
Regarding claim 16.  Sainani does not teach, wherein the at least one processing operation comprises:
tracking, using the streaming data processor, contextual data indicating a number of the subset of messages that precede a given message in the second data stream and that are assigned the sourcetype;
based on the contextual data, selecting the sourcetype from a plurality of candidate sourcetypes associated with the given message; and
assigning the selected sourcetype to the message.
However, Burke teaches wherein the at least one processing operation comprises:
tracking, using the streaming data processor, contextual data indicating a number of the subset of messages that precede a given message in the second data stream and that are assigned the sourcetype (Burke [0033], [0036]);
based on the contextual data, selecting the sourcetype from a plurality of candidate sourcetypes associated with the given message (Burke [0033], [0036]); and
assigning the selected sourcetype to the message (Burke [0033], [0036]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 18.  Sainani does not teach, wherein the at least one processing operation comprises analyzing the portion of machine data of the at least one of the subset of messages, and based on the analyzing, adjusting inference data associated with the inference model to adjust inferences of sourcetypes made by the inference model.
However, Burke teaches wherein the at least one processing operation comprises analyzing the portion of machine data of the at least one of the subset of messages, and based on the analyzing, adjusting inference data associated with the inference model to adjust inferences of sourcetypes made by the inference model (Burke [0141-0142]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 19.  Sainani as modified teaches, further comprising providing the at least one of the subset of messages from the second data stream to a downstream component comprising at least one of an indexing system, a query processing system, a metrics collection system, and a notification system (Sainani [0078-0082]).
Regarding claim 20.  Sainani does not teach, wherein the inference model infers the sourcetype by at least analyzing a data representation of the message in view of model data, wherein the model data includes a plurality of data representations corresponding to known sourcetypes.
However, Burke teaches wherein the inference model infers the sourcetype by at least analyzing a data representation of the message in view of model data, wherein the model data includes a plurality of data representations corresponding to known sourcetypes (Burke [0033]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani and Burke before him/her, to modify Sainani with the teaching of Burke’s facility for defining an event subtype using examples.  One would have been motivated to do so for the benefit of having tools for selecting particular kinds--or "subtypes"--of machine-generated data events and to see the events from a host containing a particular kind of information, to the exclusion of the other events from the host in order to reduce the complexity of indexing and searching across all of the events (Burke, Abstract and [0030]).
Regarding claim 23.  Sainani teaches a computer-implemented system, comprising:
one or more processors; and computer memory having instructions stored thereon, the instructions, when executed by the one or more processors (Each memory and/or mass storage can store (individually or collectively) data and instructions that configure the processor(s) to execute operations to implement the techniques, Sainani, [0122-0125] and Fig. 19), to cause the system to perform a method, comprising:
although claim 23 directed to a system, it is similar in scope to claim 1.  The method steps of claim 1 substantially encompass the system recited in claim 23. Therefore; claim 23 is rejected for at least the same reason as claim 1 above.
Regarding claim 27.  Sainani teaches one or more non-transitory computer-readable media having instructions stored thereon, the instructions, when executed by at least one processor of at least one computing device (Each memory and/or mass storage can store (individually or collectively) data and instructions that configure the processor(s) to execute operations to implement the techniques, Sainani, [0122-0125] and Fig. 19), to cause the at least one computing device to perform a method, comprising:
although claim 27 directed to a media, it is similar in scope to claim 1.  The method steps of claim 1 substantially encompass the media recited in claim 27. Therefore; claim 27 is rejected for at least the same reason as claim 1 above.

Claims 2-4, 24-26 and 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Sainani et al. (US Patent Publication No. 2017/0243132 A1, ‘Sainani’, hereafter, previously provided) in view of Burke et al. (US Patent Publication No. 2017/0031659 A1, ‘Burke’, hereafter, previously provided) and further in view of Anglin et al. (US Patent Publication No. 2010/0174881 A1, ‘Anglin’, hereafter, previously provided).

Regarding claim 2.  Sainani and Burke do not teach, further comprising storing the second data stream to one or more of the ingestion buffer and another ingestion buffer.
However, Anglin teaches further comprising storing the second data stream to one or more of the ingestion buffer and another ingestion buffer (Anglin [0007], [0020], [0050]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Anglin before him/her, to further modify Sainani with the teaching of Anglin’s optimized simultaneous storage operation for data objects onto a combination of deduplicated and non-deduplicated storage pools.  One would have been motivated to do so for the benefit of optimizing the simultaneous storing of deduplicated data among multiple pools of a storage-management system that provides a repository for computer information that is backed up, archived, or migrated from client nodes in a computer network (Anglin, Abstract and [0001]).
Regarding claim 3.  Sainani and Burke do not teach, wherein the messages of the first data stream are published to a topic on the ingestion buffer, and the streaming data processor receives the one or more messages for the determining from a subscription to the topic on the ingestion buffer.
However, Anglin teaches wherein the messages of the first data stream are published to a topic on the ingestion buffer, and the streaming data processor receives the one or more messages for the determining from a subscription to the topic on the ingestion buffer (Anglin [0007], [0020], [0050]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Anglin before him/her, to further modify Sainani with the teaching of Anglin’s optimized simultaneous storage operation for data objects onto a combination of deduplicated and non-deduplicated storage pools.  One would have been motivated to do so for the benefit of optimizing the simultaneous storing of deduplicated data among multiple pools of a storage-management system that provides a repository for computer information that is backed up, archived, or migrated from client nodes in a computer network (Anglin, Abstract and [0001]).
Regarding claim 4.  Sainani and Burke do not teach, wherein the streaming data processor receives the one or more messages for the determining from a subscription to a first topic on the ingestion buffer, and publishes the subset of messages to a second topic on one or more of the ingestion buffer and another ingestion buffer.
However, Anglin teaches wherein the streaming data processor receives the one or more messages for the determining from a subscription to a first topic on the ingestion buffer, and publishes the subset of messages to a second topic on one or more of the ingestion buffer and another ingestion buffer (Anglin [0007], [0020], [0050]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Anglin before him/her, to further modify Sainani with the teaching of Anglin’s optimized simultaneous storage operation for data objects onto a combination of deduplicated and non-deduplicated storage pools.  One would have been motivated to do so for the benefit of optimizing the simultaneous storing of deduplicated data among multiple pools of a storage-management system that provides a repository for computer information that is backed up, archived, or migrated from client nodes in a computer network (Anglin, Abstract and [0001]).
Regarding claims 24-26, the method steps of claims 2-4 substantially encompass the system recited in claims 24-26.  Therefore, claims 24-26 are rejected for at least the same reason as claims 2-4 above.
Regarding claims 28-30, the method steps of claims 2-4 substantially encompass the media recited in claims 28-30.  Therefore, claims 28-30 are rejected for at least the same reason as claims 2-4 above.

Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Sainani et al. (US Patent Publication No. 2017/0243132 A1, ‘Sainani’, hereafter, previously provided) in view of Burke et al. (US Patent Publication No. 2017/0031659 A1, ‘Burke’, hereafter, previously provided) and further in view of Hanaoka (US Patent Publication No. 2019/0007295 A1, previously provided).

Regarding claim 5.  Sainani and Burke do not teach, wherein the condition associated with the sourcetype of the message is based on a confidence score of the sourcetype for the message.
However, Hanaoka teaches wherein the condition associated with the sourcetype of the message is based on a confidence score of the sourcetype for the message (Hanaoka 0006-0008]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Hanaoka before him/her, to further modify Sainani with the teaching of Hanaoka’s method and apparatus to manage insufficient data in distributed analytics system.  One would have been motivated to do so for the benefit of conducting analytics on received streamed data to produce analytics results of the streaming data for the various apparatus (Hanaoka, Abstract and [0006-0008]).
Regarding claim 6.  Sainani and Burke do not teach, wherein the condition associated with the sourcetype of the message is based on a plurality of candidate sourcetypes associated with the message.
However, Hanaoka teaches wherein the condition associated with the sourcetype of the message is based on a plurality of candidate sourcetypes associated with the message (Hanaoka 0006-0008]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Hanaoka before him/her, to further modify Sainani with the teaching of Hanaoka’s method and apparatus to manage insufficient data in distributed analytics system.  One would have been motivated to do so for the benefit of conducting analytics on received streamed data to produce analytics results of the streaming data for the various apparatus (Hanaoka, Abstract and [0006-0008]).
Regarding claim 7.  Sainani and Burke do not teach, wherein the condition associated with the sourcetype of the message is based on a determined sourcetype for the message.
However, Hanaoka teaches wherein the condition associated with the sourcetype of the message is based on a determined sourcetype for the message (Hanaoka 0006-0008]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Hanaoka before him/her, to further modify Sainani with the teaching of Hanaoka’s method and apparatus to manage insufficient data in distributed analytics system.  One would have been motivated to do so for the benefit of conducting analytics on received streamed data to produce analytics results of the streaming data for the various apparatus (Hanaoka, Abstract and [0006-0008]).

Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sainani et al. (US Patent Publication No. 2017/0243132 A1, ‘Sainani’, hereafter, previously provided) in view of Burke et al. (US Patent Publication No. 2017/0031659 A1, ‘Burke’, hereafter, previously provided) and further in view of Terwilliger (US Patent Publication No. 2016/0020945 A1, ‘Terwilliger’, hereafter, previously provided).

Regarding claim 8.  Sainani and Burke do not teach, wherein the condition excludes, from the second data stream, a plurality of the messages of the first data stream based on the plurality of the messages being associated with a single sourcetype.
However, Terwilliger teaches wherein the condition excludes, from the second data stream, a plurality of the messages of the first data stream based on the plurality of the messages being associated with a single sourcetype (Terwilliger [0035]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Terwilliger before him/her, to further modify Sainani with the teaching of Terwilliger’s method for initializing a network interface based on stored data.  One would have been motivated to do so for the benefit of efficient initialization of network elements that route packets through the network (Terwilliger, Abstract and [0003]).
Regarding claim 17.  Sainani and Burke do not teach, wherein the at least one processing operation comprises:
determining, using the streaming data processor, contextual data indicating a number of the subset of messages that are in a defined proximity to the given message in the second data stream and that are assigned the sourcetype; and based on the contextual data, assigning the sourcetype to the given message.
However, Terwilliger teaches wherein the at least one processing operation comprises:
determining, using the streaming data processor, contextual data indicating a number of the subset of messages that are in a defined proximity to the given message in the second data stream and that are assigned the sourcetype; and based on the contextual data, assigning the sourcetype to the given message (Terwilliger [0034]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Terwilliger before him/her, to further modify Sainani with the teaching of Terwilliger’s method for initializing a network interface based on stored data.  One would have been motivated to do so for the benefit of efficient initialization of network elements that route packets through the network (Terwilliger, Abstract and [0003]).

Claims 21 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Sainani et al. (US Patent Publication No. 2017/0243132 A1, ‘Sainani’, hereafter, previously provided) in view of Burke et al. (US Patent Publication No. 2017/0031659 A1, ‘Burke’, hereafter, previously provided) and further in view of Porath et al. (US Patent Publication No. 2010/0174881 A1, ‘Porath’, hereafter, previously provided).

Regarding claim 21.  Sainani and Burke do not teach, wherein the inference model infers the sourcetype by at least analyzing a punctuation pattern in the portion of machine data of the message.
However, Porath teaches wherein the inference model infers the sourcetype by at least analyzing a punctuation pattern in the portion of machine data of the message (Porath [0067]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Porath before him/her, to modify Sainani with the teaching of Porath’s context-adaptive selection options in a modular visualization framework.  One would have been motivated to do so for the benefit of providing data visualization to clarify and efficiently communicate machine-generated data/information to users (Porath, Abstract and [0002]).
Regarding claim 22.  Sainani and Burke do not teach, wherein the at least one processing operation comprises: 
assigning the sourcetype to the message;
parsing the portion of machine data of the message based on the sourcetype assigned to the message to produce an event comprising the portion of machine data associated with a timestamp; storing the event as part of a plurality of events in a data store; and
executing a query against the events from the data store to retrieve a set of events that meet criteria specified in the query.
However, Porath teaches wherein the at least one processing operation comprises: 
assigning the sourcetype to the message (Porath [0067], [0126]);
parsing the portion of machine data of the message based on the sourcetype assigned to the message to produce an event comprising the portion of machine data associated with a timestamp; storing the event as part of a plurality of events in a data store (Porath [0067], [0126]); and
executing a query against the events from the data store to retrieve a set of events that meet criteria specified in the query (Porath [0067], [0126]).
Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention was made having the teachings of Sainani, Burke and Porath before him/her, to further modify Sainani with the teaching of Porath’s context-adaptive selection options in a modular visualization framework.  One would have been motivated to do so for the benefit of providing data visualization to clarify and efficiently communicate machine-generated data/information to users (Porath, Abstract and [0002]).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASANUL MOBIN whose telephone number is (571)270-1289.  The examiner can normally be reached on 9:30AM to 6:00PM EST M-F.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fred Ehichioya can be reached on 571-272-4034.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/HASANUL MOBIN/
Primary Examiner, Art Unit 2168