Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 4-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shultz (How to use custom views in Windows 10's Event Viewer) in view of Togawa (WO2015045262A1).

Shultz discloses: 
[Claim 1] (Original) A log analysis method comprising: 
inputting first logs as an analysis target log; (p 2: Event Viewer)

determining first order that is occurrence order of first partial logs having an identifier (a range of IDs) indicating being associated with each other out of logs included in the first logs; (p 2: Create Custom View feature; p 10: If you want to include a range of IDs, separate the first number from the last with a dash (-).)

determining second order that is occurrence order of logs not having the identifier out of logs included in second logs obtained by removing the first partial logs (precede those event IDs with a minus sign) from the first logs; and (p 2: Create Custom View feature; p 10: If you want to exclude certain event IDs, precede those event IDs with a minus sign.)

using the first order and the second order. (p 2: Create Custom View feature; p 14) [examiner’s note: Combining first partial logs and second logs obtained by removing the first partial logs from the first logs is, basically, the first logs.]

However, Shultz does not explicitly disclose, while Togawa teaches:
wherein the determining of the second order includes determining order of log groups in which a transition probability is higher than a predetermined threshold (2 or more) as the second order, the transition probability being a probability of a second type log (parent pattern ABCX) occurring next to a first type log (child pattern ABC) in the logs not having the identifier (abnormal/nonsense/meaningless/unusual pattern). (p 4: log records of a series of events; p 5: The selection unit 130 calculates the ratio of the frequency of the child pattern to the frequency of the parent pattern. In the example shown in FIG. 5, the frequency of the parent pattern “ABCX” is 17, and the frequency of the child pattern “ABC” is 43. Therefore, the frequency ratio is 43/17 = 2.5. Here, “/” is a symbol representing division. Here, if the ratio is a relatively large value (for example, 2 or more), it is highly likely that the parent pattern is a “nonsense pattern”. This is because such a parent pattern is considered to be a pattern in which an event is simply added to a child pattern.)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine event logs of Shultz with log records of a series of events of Togawa. One of ordinary skill in the art would have been motivated to do so in order to “detect a message that appears from the analysis target log at a frequency different from that during normal operation.” (Togawa: p 2)

Modified Shultz discloses: 
 [Claim 2] (Original) The log analysis method according to claim 1, wherein the determining of the second order includes determining the second order (figure G: Excludes Event IDs) based on a time series (figure C; figure G: Logged: Any time) correlation between the logs not having the identifier. (p 2: 

[Claim 4] (Currently Amended) The log analysis method according to claim 1, wherein the determining of the first order includes determining order of log groups having a common identifier (figure G: Event IDs such as 1, 3, 5-99) in the first partial logs as the first order. (p 10)

5. (Previously Presented): The log analysis method according to claim 1, 
However, Shultz does not explicitly disclose, while Togawa teaches:
wherein the outputting of the third order includes outputting the third order (“ABC” and “XY”) from third logs (significant patterns) generated by inserting information indicating positions of logs corresponding to the first order (example 2-4: significant patterns) and the second order (example 1: nonsense pattern) into the analysis target log after removing logs corresponding the first order and the second order from the analysis target log. (p 5: The selection unit 130 analyzes the parent-child relationship for each of the patterns extracted by the extraction unit 120. FIG. 6 is a diagram illustrating a state where the selection unit 130 analyzes the parent-child relationship for the pattern “ABCD”. As illustrated in FIG. 6, the selection unit 130 collects patterns having a common event order into the same classification set. Then, the selection unit 130 analyzes the parent-child relationship of the pattern based on the number of events (number of elements) included in the pattern. Hereinafter, specific examples 1 to 4 will be described as operations of the selection unit 130; p 6: The selection unit 130 selects “ABC” and “XY” as “significant patterns” among the patterns extracted by the extraction unit 120 by the operation shown in the specific example described above. The selection unit 130 outputs the selected pattern to the normal pattern extraction unit 140.)

[Claim 6] (Currently Amended) The log analysis method according to claim 1, wherein the inputting of the analysis target log includes inputting a first analysis target log and a second analysis target log (p 2: Event Viewer; figure A), wherein the determining of the first order includes independently determining the first order for each of the first analysis target log and the second analysis target log (p 10: 

7. (Previously Presented): The log analysis method according to claim 1, 
However, Shultz does not explicitly disclose, while Togawa teaches:
further comprising determining which of a plurality of predetermined forms (predetermined number of log records, predetermined time intervals, predetermined rule, predetermined order, predetermined threshold, predetermined chronological order; ratio (lift value); frequency ratio) each log included in the analysis target log matches, the plurality of predetermined forms including a variable part that varies (p 6: predetermined time intervals) and a constant part that does not vary (p 2: predetermined chronological order), wherein the determining of the first order and the determining of the second order include determining the first order (p 6: ratio (lift value) for significant pattern) and determining the second order (p 5:  frequency ratio > 2 for nonsense pattern) by using each of the forms of each log included in the analysis target log, respectively.

[Claim 8] (Currently Amended) The log analysis method according to claim 1, wherein the first order, the second order, and the third order are a permutation or a combination (p 2: Event Viewer) of the logs. [examiner’s note: Combining first partial logs and second logs obtained by removing the first partial logs from the first logs is, basically, the first logs.]

Claim(s) 9 is/are rejected as being the medium implemented by the method of claim(s) 1, and is/are rejected on the same grounds.



Response to Remarks
The amendments overcome the rejections to the claims under 101.
Regarding the claim interpretation under 35 U.S.C. 112(f), the amendments overcome the interpretation.

Regarding the prior art rejection under 35 USC 102, the Remarks state, “Applicant amends claims 1, 9 and 10 to include the features of claim 3, which is indicated as being allowable in the Office Action.” However, the examiner respectfully disagrees. The amended claims 1, 9-10 does not include elements of intervening claim 2. Furthermore, the inventor discloses the amended limitations in prior art, WO2015045262A1.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KATHERINE LIN whose telephone number is (571)431-0706.  The examiner can normally be reached on Monday-Friday; 8 a.m. - 5 p.m. EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on (571) 272-3655.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KATHERINE LIN/Primary Examiner, Art Unit 2113