Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
It is noted that the amendment filed 12 January 2021 appears to have unmarked amendments in at least claim 6 (wherein the generating and storing limitations from claim 4 are not properly indicated with underline markings as being added to claim 6).

Allowable Subject Matter
Claims 6, 8, 10, 14-19 are allowed.

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

The application has been amended as follows: 

Amend claims 6, 16 and 18 as follows:

6. A log-file analysis subsystem within a computer system having one or more processors, one or more memories, and computer instructions, stored in one or more of the one or more memories that, when executed by one or more of the one or more processors, control the log-file analysis system to monitor a state of the computer system by repeatedly:
generating, for one or more log files, each having multiple entries that are each associated with an event type, a probability distribution of all or a subset of the event types in the one or more log files for a time interval to represent the state of a monitored computer system for the time interval;
storing the generated probability distribution in association with an indication of the time interval; and
after generating and storing each probability distribution following generation and storing of an initial set of probability distributions,
computing a divergence metric from the two most recently generated and stored probability distributions; distributions, and
when the divergence metric is greater than a threshold value, raising an alarm to indicate, or displaying an indication [of;] of, a significant system-state change.

16. The method of claim [12] 14 further including:
using the stored probability distributions collected over a first time interval spanning multiple shorter, secondary time intervals to generate a typical probability 
at subsequent secondary time intervals,
generating a probability distribution for the event types of log entries selected from the most recently completed secondary time interval,
computing a divergence metric for the probability distribution generated from the most recently completed secondary time interval and the typical probability distribution for the most recently completed secondary time interval, and
when the divergence metric is greater than a threshold value, raising an alarm to indicate, or displaying an indication of, a system-state change.

18. The method of claim [12] 14 further including:
for each of a number of different subsets of the event types for which the log-file analysis subsystem has generated and stored probability distributions for different time intervals,
computing a divergence metric for the probability distributions for different pairs of time intervals, and
computing a measure of the variance of the divergence metrics computed for the probability distributions for different pairs of the time intervals; and
selecting, as a basis for a monitoring fingerprint, a subset of the event types having the greatest computed variance.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY G TODD whose telephone number is (303)297-4763.  The examiner can normally be reached on 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571)272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GREGORY G TODD/           Primary Examiner, Art Unit 2457