DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Jordan Becker on 2/9/21.

The application has been amended as follows: 
1.  	(Currently amended) A computer-implemented method comprising:
obtaining, by a query converter, a structured query generated by an application in a structured query language, the structured query representing a requested search of raw machine data, the raw machine data being stored in an unstructured data store as unstructured raw machine data that has been segmented and timestamped;
identifying, by the query converter, a first set of fields in the unstructured data to obtain field identification data from the unstructured data, the unstructured data including text records, each of the fields in the first set of fields corresponding to a portion of text extracted from a portion of at least one of the text records; 
caching the identified first set of fields;
generating, by the query converter, an unstructured query in a second query language associated with the unstructured data store, based on the structured query, wherein generating the unstructured query in the second query language includes using the identified first set of fields to generate the unstructured query;
causing execution of the unstructured query against the unstructured data stored in the unstructured data store;
receiving a result of execution of the unstructured query against the unstructured data stored in the unstructured data store; and
causing an indication of the result to be provided to the application, wherein the indication of the result is provided to the application as a direct response to the structured query without requiring any additional query from the application. 

2.	(Original) The computer-implemented method of claim 1, wherein the unstructured raw machine data has been segmented into a plurality of events prior to said receiving the structured query;
	the method further comprising:
	identifying a value of a field in an event stored in the unstructured data store, based on an extraction rule that specifies where to find a subportion of text within an event.


	the method further comprising:
	identifying a field in an event stored in the unstructured data store;
	wherein generating the unstructured query in the second query language associated with the unstructured data store is based on an identification of the field.

4.		(Canceled)

5.	(Previously presented)  The computer-implemented method of claim 1, wherein the unstructured query causes one or more values for one or more fields included in the unstructured query to be extracted as a function of a format of the unstructured data.

6.	(Original) The computer-implemented method as recited in claim 1, further comprising:
	applying a schema to the raw machine data in the unstructured data store after the raw machine data has been stored in the unstructured data store, to impose a structure on the raw machine data.

7.	(Canceled)




9.	(Currently amended)  The computer-implemented method of claim 1, 


10.	(Original) The computer-implemented method of claim 1, wherein the structured query comprises a Structured Query Language (“SQL”) query.

11.	(Original)  The computer-implemented method as recited in claim 1, wherein at least some of the unstructured data is stored in the unstructured data store in a JSON format or a JSON-based format.

12.	(Previously presented) The computer-implemented method as recited in claim 1, further comprising:


13.	(Original)  The computer-implemented method as recited in claim 1, wherein the raw machine data includes data indicative of performance or operation of one or more components of an information technology environment.

14.  	(Original)  The computer-implemented method as recited in claim 1, wherein the raw machine data includes data indicative of performance or operation of one or more components of an information technology environment, including log data.

15.	(Original) The computer-implemented method as recited in claim 1, further comprising:
	transmitting a pilot query to the unstructured data store;
	responsive to the pilot query, receiving a plurality of records generated by execution of the pilot query against the unstructured raw machine data in the unstructured data store, each record including one or more pairs of field names and values;
	automatically identifying field names from the pairs in the plurality of records generated by execution of the pilot query against the unstructured data store; and


16.	(Original) The computer-implemented method as recited in claim 1, further comprising:
	transmitting a pilot query to the unstructured data store;
	responsive to the pilot query, receiving a plurality of records generated by execution of the pilot query against the unstructured raw machine data in the unstructured data store, each record including one or more pairs of field names and values;
	automatically identifying field names and data types from the pairs in the plurality of records generated by execution of the pilot query against the unstructured data store; and
	defining a first set of fields that corresponds to the identified field names and data types.

17.	(Currently amended) A non-transitory machine-readable storage medium having computer-executable instructions stored therein which, when executed by a computer, cause the computer to perform operations comprising:
obtain a structured query generated by an application in a structured query language, the structured query representing a requested search of raw machine data, the raw machine data being stored in an unstructured data store as unstructured raw machine data that has been segmented and timestamped;
identify a first set of fields in the unstructured data to obtain field identification data from the unstructured data, the unstructured data including text records, each of the fields in the first set of fields corresponding to a portion of text extracted from a portion of at least one of the text records;
cache the identified first set of fields;
generate an unstructured query in a second query language associated with the unstructured data store, based on the structured query, wherein generating the unstructured query in the second query language includes using the identified first set of fields to generate the unstructured query;
cause execution of the unstructured query against the unstructured data stored in the unstructured data store;
receive a result of execution of the unstructured query against the unstructured data stored in the unstructured data store; and
cause an indication of the result to be provided to the application, wherein the indication of the result is provided to the application as a direct response to the structured query without requiring any additional query from the application. 

18.  	(Original)  The non-transitory machine-readable storage medium of claim 17, wherein the unstructured raw machine data has been segmented into a plurality of events prior to said receiving the structured query;
	said operations further comprising:


19.  	(Previously presented)  The non-transitory machine-readable storage medium of claim 17, wherein the unstructured raw machine data has been segmented into a plurality of events prior to said obtaining the structured query;
	said operations further comprising:
	identifying a field in an event stored in the unstructured data store;
	wherein generating the unstructured query in the second query language associated with the unstructured data store is based on an identification of the field.

20.		(Canceled)

21.	(Previously presented)  The non-transitory machine-readable storage medium of claim 17, wherein the unstructured query causes one or more values for one or more fields included in the unstructured query to be extracted as a function of a format of the unstructured data.

22.	(Original) The non-transitory machine-readable storage medium of claim 17, said operations further comprising:


23.	(Canceled)

24.		(Currently amended) A system comprising:
a processor; and
a memory storing instructions, execution of which by the processor cause the system to perform operations comprising:
obtaining, by a query converter in the system, a structured query generated by an application in a structured query language, the structured query representing a requested search of raw machine data, the raw machine data being stored in an unstructured data store as unstructured raw machine data that has been segmented and timestamped;
identifying, by the query converter, a first set of fields in the unstructured data to obtain field identification data from the unstructured data, the unstructured data including text records, each of the fields in the first set of fields corresponding to a portion of text extracted from a portion of at least one of the text records; 
caching the identified first set of fields;
generating, by the query converter, an unstructured query in a second query language associated with the unstructured data store, based on the structured query, wherein generating the unstructured query in the second query language includes using the identified first set of fields to generate the unstructured query;
causing execution of the unstructured query against the unstructured data stored in the unstructured data store;
receiving a result of execution of the unstructured query against the unstructured data stored in the unstructured data store; and
causing an indication of the result to be provided to the application, wherein the indication of the result is provided to the application as a direct response to the structured query without requiring any additional query from the application. 

25.  	(Original) The system of claim 24, wherein the unstructured raw machine data has been segmented into a plurality of events prior to said receiving the structured query;
	said operations further comprising:
	identifying a value of a field in an event stored in the unstructured data store, based on an extraction rule that specifies where to find a subportion of text within an event.

26.  	(Previously presented) A system of claim 24, wherein the unstructured raw machine data has been segmented into a plurality of events prior to said obtaining the structured query;
	said operations further comprising:
	identifying a field in an event stored in the unstructured data store;


27.		(Canceled)

28.	(Previously presented)  The system of claim 24, wherein the unstructured query causes one or more values for one or more fields included in the unstructured query to be extracted as a function of a format of the unstructured data.

29.	(Original) The system of claim 24, said operations further comprising:
	applying a schema to the raw machine data in the unstructured data store after the raw machine data has been stored in the unstructured data store, to impose a structure on the raw machine data.

30.	(Canceled)

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
With respect to claims 1, 17, and 24, the cited prior art references teach some of the limitations of the independent claims. The Li reference teaches receiving a structured query that is converted to search an unstructured data store. The Krinsky reference teaches simplifying a structured query into an unstructured query that the unstructured data stores can process. They do not explicitly recite the limitations amended herein. The Examiner was unable to find a prior art reference that teaches all 
With respect to claims 2, 3, 5, 6, 8-16, 18, 19, 21, 22, 25, 26, 28, and 29, the claims are allowed based upon their dependency on claims 1, 17, and 24 respectively.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KRIS E MACKES whose telephone number is (571)270-3554.  The examiner can normally be reached on Monday-Friday 9:00-4:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alford Kindred can be reached on 571-272-4037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  

/KRIS E MACKES/Primary Examiner, Art Unit 2153