EXAMINER'S AMENDMENT
Claims 1-20 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Matt Chung on 8 Feb 19.

The application has been amended as follows: 
Claim 1. A computer-implemented method comprising: receiving a plurality of log messages, wherein each log message of the plurality of log messages was generated by a host device of a [set]plurality of host devices; 

identifying, from the plurality of log messages, a set of underlying fields for generating a new categorical field, wherein the set of underlying fields indicate one or more data fields that are processed to generate a categorical value of the new categorical field; 

identifying a space of potential values for the set of underlying fields; 



defining a specification for each value subspace of the plurality of value subspaces to include a category name that identifies an operational characteristic corresponding to the [set]plurality of host devices, the space of potential values including the plurality of value subspaces; 

associating, for each value subspace of the plurality of value subspaces the value subspace with a category nam

generating the new categorical field based on the set of underlying fields; 

generating a definition for the new categorical field, the definition indicating how a categorical value of the new categorical field depends on one or more values of the set of underlying fields, the new categorical field being configured to be associated with any of a set of values specified for the new categorical field, each value of the set of values corresponding to a particular category name associated with a value subspace of the plurality of value subspaces; 

for each log message of the plurality of log messages: extracting the one or more values from the log message; 

determining a categorical value for the new categorical field based on the definition and the extracted one or more values, the categorical value being one of the set of values; and 

storing the categorical value in association with an identifier of the log message; generating a presentation that represents, for each of at least some of the plurality of log messages, the particular category name corresponding to the categorical value determined for the log message; 

facilitating a display of the presentation on a user device; 



selecting, from the [set]plurality of host devices, a host device that corresponds to the one or more log messages; 

identifying, for each of the one or more log messages, a corresponding categorical value of the new categorical field ; Page 3 of 20Appl. No. 15/699,529Attorney Docket No.: 088325-1051797 Amdt. dated January 4, 2021 Response to Office Action of September 4, 2020 

determining, based on the categorical values of the one or more log messages, a corrective action to be performed on the selected host device; and 
transmitting, to the selected host device, one or more programmable instructions that represent  the corrective action, wherein the one or more programmable instructions are executed by the selected host device.

Claim 10. A computer-program product tangibly embodied in a non- transitory machine-readable storage medium, including instructions configured to cause one or more data processors to perform actions including: 
receiving a plurality of log messages, wherein each log message of the plurality of log messages was generated by a host device of a [set]plurality of host devices; 

identifying, from the plurality of log messages, a set of underlying fields for generating a new categorical field, wherein the set of underlying fields indicate one or more data fields that are processed to generate a categorical value of the new categorical field; 
identifying a space of potential values for the set of underlying fields; 
determining, based on decision logic, a plurality of value subspaces for the space of potential values; Page 7 of 20Appl. No. 15/699,529Attorney Docket No.: 088325-1051797 Amdt. dated January 4, 2021 Response to Office Action of September 4, 2020 
defining a specification for each value subspace of the plurality of value subspaces to include a category name that identifies an operational characteristic corresponding to the [set]plurality of host devices, the space of potential values including the plurality of value subspaces; 

generating the new categorical field based on the set of underlying fields; 
generating a definition for the new categorical field, the definition indicating how a categorical value of the new categorical field depends on one or more values of the set of underlying fields, the new categorical field being configured to be associated with any of a set of values specified for the new categorical field, each value of the set of values corresponding to a particular category name associated with a value subspace of the plurality of value subspaces; 

for each log message of the plurality of log messages: 

extracting the one or more values from the log message; 
determining a categorical value for the new categorical field based on the definition and the extracted one or more values, the categorical value being one of the set of values; and storing the categorical value in association with an identifier of the log message; 

generating a presentation that represents, for each of at least some of the plurality of log messages, the particular category name corresponding to the categorical value determined for the log message;

facilitating a display of the presentation on a user device; 
identifying, from the plurality of log messages, one or more log messages, wherein each of the one or more log messages corresponds to a particular category name associated with the new categorical field; 
selecting, from the [set]plurality of host devices, a host device that corresponds to the one or more log messages; 
identifying, for each of the one or more log messages, a corresponding categorical value of the new categorical field  determining, based on the categorical values of the one or more log messages, a corrective action to be performed on the selected host device; and 


Claim 19.	A system comprising:
a plurality of host devices connected through a communication network, wherein the communication network includes one or more gateways;
a log analytics subsystem configured to communicate with the plurality of host devices via the one or more gateways, the log analytics subsystem comprising:
one or more data processors; and
a non-transitory computer readable storage medium containing instructions which when executed on the one or more data processors, cause the one or more data processors to perform actions including:
receiving a plurality of log messages, wherein each log message of the plurality of log messages was generated by a host device of the plurality of host devices;
identifying, from the plurality of log messages, a set of underlying fields for generating a new categorical field, wherein the set of underlying fields indicate one or more data fields that are processed to generate a categorical value of the new categorical field; 
identifying a space of potential values for the set of underlying fields;
determining, based on decision logic, a plurality of value subspaces for the space of potential values;
defining a specification for each value subspace of the plurality of value subspaces to include a category name that identifies an operational characteristic corresponding to the [set]plurality of host devices, the space of potential values including the plurality of value subspaces;
associating, for each value subspace of the plurality of value subspaces, the value subspace with a category name in accordance with a specification corresponding to the value subspace;
generating the new categorical field based on the set of underlying fields;

for each log message of the plurality of log messages:
extracting the one or more values from the log message;
determining a categorical value for the new categorical field based on the definition and the extracted one or more values, the categorical value being one of the set of values; and
storing the categorical value in association with an identifier of the log message;
generating a presentation that represents, for each of at least some of the plurality of log messages, the particular category name corresponding to the categorical value determined for the log message; 
facilitating a display of the presentation on a user device;
identifying, from the plurality of log messages, one or more log messages, wherein each of the one or more log messages corresponds to a particular category name associated with the new categorical field;
selecting, from the [set]plurality of host devices, a host device that corresponds to the one or more log messages;
identifying, for each of the one or more log messages, a corresponding categorical value of the new categorical field;
determining, based on the categorical values of the one or more log messages, a corrective action to be performed on the selected host device; and
transmitting, to the selected host device, one or more programmable instructions that represent the corrective action, wherein the one or more programmable instructions are executed by the selected host device.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The preface of the claim is “receiving a plurality of log messages, wherein each log message of the plurality of log messages was generated by a host device of a plurality of host devices.” (both styles of emphasis added).

The rest of the claim language can be met by generic machine learning concepts of feature selection (identifying…new categorical fields), machine learning analysis (identifying a space of potential values, determining a plurality of value subspaces, defining a specification of each value subspace) labeling (associating the value subspace with a category name, generating the new categorical field, generating a definition for the new categorical field, for each log message – various substeps), presentation of analysis (generating/facilitating a display), and applying some correction as the result (selecting a host device, identifying a corresponding categorical value of the new categorical field, determining…a corrective action, transmitting…one or programmable instructions that represent the corrective action.).

Sending information from an information source to a machine learner is known.  For example, multiple sensors may be used to feed into a set of observations that can be used to train, or which may be classified/predicted.  More to the case in point, it is known to use machine learning to detect the state of an entire network (e.g., Lewis, as discussed in the previous action).  What applicants have here is different, because it requires that each log message is from a host amongst a plurality of hosts.  If a log message that is from a different host is received by the 

Nor can the environment of a single host paired with a machine learning system meet the claim, because the host must be one of a plurality of host devices.  While there is plenty of prior art where observed data is preprocessed on a single computer and later, from said single computer, is sent to a remote machine learning system to train a model.   But using such a reference, without modification, to reject the claims does not give weight to the phrase “of a set of plurality of host devices.”  As such, to make such a rejection under the rubric of obviousness, the examiner would have to determine why one or ordinary skill, at the time of filing, would modify a single host and single server setup to include a plurality of other hosts but still have the server receive each log message from the single host.  The examiner does not believe that one of ordinary skill would be motivated to make such a modification.

Finally, during the interview, applicants noted that one reference introduced into the “hypothetical rejection,” Lewis, was inadvertently omitted from an 892.  This 892 included in this allowance repairs that inadvertent omissions.

Conclusion
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON G LIAO whose telephone number is (571)270-3775.  The examiner can normally be reached on M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tamara Kyle can be reached on 571-272-4241.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/JASON G LIAO/Primary Examiner, Art Unit 2156                                                                                                                                                                                                        10 Feb 21