DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
	
This action is responsive to communications through the applicant’s application filed on 07/23/2019.			

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.


Claims 1-9, 11-19, 21-29 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Botros et al. (US 2011/0191373).
With respect to claim 1, Botros discloses a method for searching data, the method comprising: 
providing an inverted index that comprises at least one record comprising at least one field name and a corresponding at least one field value extracted from time-stamped searchable events
(para.[0021], [0025]: inverted index with attribute (≈ field name) and value (≈ field value) of the persistent storage , 
the time-stamped searchable events comprising portions of raw machine data and stored in a field searchable datastore 
(para.[0017]: the persistent storage 106 comprises raw log information), 
wherein the at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored
(fig.2A, para.[0030]: ref11 as id1, id2, id3 as location on event data in log files); 
receiving an incoming search query that references a field name
(para.[0040]: the attributes (≈ field names)represented by the query); 
evaluating the incoming search query
(para.[0040]: retrieving indexes corresponding to attributes); and 
responsive to the evaluating, determining results for the incoming search query using: (i) the field searchable datastore; or (ii) the inverted index
(para.[0040]: retrieving indexes corresponding to attributes to satisfy user query). 
Claim 2 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches indexing the time-stamped searchable events to generate 
indexed time-stamped searchable events to determine the results for the incoming search query
indexed time-stamped searchable events to determine results for the incoming search query
 (para.[0021], [0025], [0040]: using attribute of query to retrieve index, using index identify location of attribute values in database, para.[0018], [0030]: record having timestamp). 
Claim 3 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the incoming search query comprises keywords and the field name (para.[0019], [0024],[0040]: the query for failed login attempt wherein login as field name, fail as keyword). 
Claim 4 is rejected for the reasons set forth hereinabove for claim 3 and furthermore Botros teaches a search for the keywords is serviced using the field searchable data store (para.[0019], [0024]: search in raw log). 
Claim 5 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the incoming search query comprises functions that generate statistics concerning portions of the field searchable datastore (para. [0021], [0024], [0041]: regular expressions, wildcard character search). 
Claim 6 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the field searchable data store comprises a value for a field referred to by the field name in at least one of the time-stamped searchable events (para.[0019]: user-id as field name, Matt as value). 
Claim 7 is rejected for the reasons set forth hereinabove for claim 6 and furthermore Botros teaches the field searchable data store can be searched using the field name, and further comprising: responsive to the incoming search query, retrieving at least one of the time-stamped searchable events comprising values associated with the field name (para.[0024] search for email event data from the persistent storage 106). 
Claim 8 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the field name in the incoming search query is defined by a regular expression rule, wherein the regular expression rule comprises instructions for parsing a value associated with the field name out of at least one of the time-stamped searchable events (para.[0022]: access the database 110 to aid in executing standard text searches using regular expressions). 
Claim 9 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the field name in the incoming search query is defined in a configuration file, wherein the configuration file comprises regular expression rules for parsing a value associated with the field name out of the time-stamped searchable events (para.[0022]: the attribute/value generation is done through regular expression rules). 
With respect to claim 11, Botros discloses a network device that is operative for searching data, the network device comprising: 
a memory that is operative to store at least one instruction; and 
a processor device that is operative to execute instructions that enable actions, the actions comprising: 
providing an inverted index that comprises at least one record comprising at least one field name and a corresponding at least one field value extracted from time-stamped searchable events
(para.[0021], [0025]: inverted index with attribute (≈ field name) and value (≈ field value) of the persistent storage 106, [0018], [0030]: entry in persistent storage includes timestamp), 
wherein the time-stamped searchable events comprise portions of raw machine data and are stored in a field searchable datastore
(para.[0017]: the persistent storage 106 comprises raw log information), 
wherein said at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored
(fig.2A, para.[0030]: ref11 as id1, id2, id3 as location on event data in log files); 
receiving an incoming search query that references a field name
; 
evaluating the incoming search query
(para.[0040]: retrieving indexes corresponding to attributes); and 
responsive to the evaluating, determining results for the incoming search query using: (i) the field searchable datastore; or (ii) the inverted index
(para.[0040]: retrieving indexes corresponding to attributes to satisfy user query). 
Claim 12 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches indexing the time-stamped searchable events to generate indexed time-stamped searchable events; and wherein the determining results for the incoming search query using the field searchable datastore comprises searching the indexed time-stamped searchable events to determine results for the incoming search query (para.[0021], [0025], [0040]: using attribute of query to retrieve index, using index identify location of attribute values in database, para.[0018], [0030]: record having timestamp). 
Claim 13 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the incoming search query comprises keywords and the field name (para.[0019], [0024],[0040]: the query for failed login attempt wherein login as field name, fail as keyword). 
Claim 14 is rejected for the reasons set forth hereinabove for claim 13 and furthermore Botros teaches a search for the keywords is serviced using the field searchable data store (para.[0019], [0024]: search in raw log). 
Claim 15 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the incoming search query comprises functions that generate statistics concerning portions of the field searchable datastore (para. [0021], [0024], [0041]: regular expressions, wildcard character search). 
Claim 16 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the field searchable data store comprises a value for a field referred to by the field name in at least one of the time-stamped searchable events (para.[0019]: user-id as field name, Matt as value). 
Claim 17 is rejected for the reasons set forth hereinabove for claim 16 and furthermore Botros teaches the field searchable data store can be searched using the field name, and wherein the actions further comprise: responsive to the incoming search query, retrieving at least one of the time-stamped searchable events comprising values associated with the field name (para.[0024] search for email event data from the persistent storage 106). 
Claim 18 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the field name in the incoming search query is defined by a regular expression rule, wherein the regular expression rule comprises instructions for parsing a value associated with the field name out of at least one of the time-stamped (para.[0022]: access the database 110 to aid in executing standard text searches using regular expressions). 
Claim 19 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the field name in the incoming search query is defined in a configuration file, wherein the configuration file comprises regular expression rules for parsing a value associated with the field name out of the time-stamped searchable events (para.[0022]: the attribute/value generation is done through regular expression rules). 
With respect to claim 21, Botros discloses a processor readable non-transitive storage media that includes instructions wherein execution of the instructions by a processor device enables actions, wherein the actions comprise: 
providing an inverted index that comprises at least one record comprising at least one field name and a corresponding at least one field value extracted from time-stamped searchable events
(para.[0021], [0025]: inverted index with attribute (≈ field name) and value (≈ field value) of the persistent storage 106, [0018], [0030]: entry in persistent storage includes timestamp), 
the time-stamped searchable events comprising portions of raw machine data and stored in a field searchable datastore
(para.[0017]: the persistent storage 106 comprises raw log information), 

(fig.2A, para.[0030]: ref11 as id1, id2, id3 as location on event data in log files); 
receiving an incoming search query that references a field name
(para.[0040]: the attributes (≈ field names)represented by the query); 
evaluating the incoming search query
(para.[0040]: retrieving indexes corresponding to attributes); and 
responsive to the evaluating, determining results for the incoming search query using: (i) the field searchable datastore; or (ii) the inverted index
(para.[0040]: retrieving indexes corresponding to attributes to satisfy user query). 
Claim 22 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches indexing the time-stamped searchable events to generate indexed time-stamped searchable events; and wherein the determining results for the incoming search query using the field searchable datastore comprises searching the indexed time-stamped searchable events to determine results for the incoming search query (para.[0021], [0025], [0040]: using attribute of query to retrieve index, using index identify location of attribute . 
Claim 23 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the incoming search query comprises keywords and the field name (para.[0019], [0024],[0040]: the query for failed login attempt wherein login as field name, fail as keyword). 
Claim 24 is rejected for the reasons set forth hereinabove for claim 23 and furthermore Botros teaches a search for the keywords is serviced using the field searchable data store (para.[0019], [0024]: search in raw log). 
Claim 25 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the incoming search query comprises functions that generate statistics concerning portions of the field searchable datastore (para. [0021], [0024], [0041]: regular expressions, wildcard character search). 
Claim 26 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the field searchable data store comprises a value for a field referred to by the field name in at least one of the time-stamped searchable events (para.[0019]: user-id as field name, Matt as value). 
Claim 27 is rejected for the reasons set forth hereinabove for claim 26 and furthermore Botros teaches the field searchable data store can be searched using the field name, and wherein the actions further comprise: responsive to the incoming search query, retrieving at least one of the time-stamped searchable events comprising values (para.[0024] search for email event data from the persistent storage 106). 
Claim 28 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the field name in the incoming search query is defined by a regular expression rule, wherein the regular expression rule comprises instructions for parsing a value associated with the field name out of at least one of the time-stamped searchable events (para.[0022]: access the database 110 to aid in executing standard text searches using regular expressions). 
Claim 29 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the field name in the incoming search query is defined in a configuration file, wherein the configuration file comprises regular expression rules for parsing a value associated with the field name out of the time-stamped searchable events (para.[0022]: the attribute/value generation is done through regular expression rules). 

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 10, 20, and 30 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Botros et al. (US 2011/0191373) further in view of Kusnitz et al. (US 2008/0228743).
Claim 10 is rejected for the reasons set forth hereinabove for claim 1 and furthermore Botros teaches the incoming search query, and further comprising: identifying at least one record in the inverted index corresponding to a field name; and determining a result for the incoming search query using the inverted index, wherein determining the result comprises a calculation using posting values associated with the at least one record (Fig. 2A, para.[0021], [0025], [0030], [0041]: inverted index with posting values as location to record in event log). 
Kusnitz teaches the incoming search query comprises at least one aggregate function, a field name that is associated with the aggregate function (para.[0021]-[0022]: Query language is extended with an AGGREGATION operator that allows processing of all the data fields for all postings for a given index term).
It would have been obvious to one having ordinary skill in the art at the time the invention was made having the teachings of Kusnitz and Botros before him/her to incorporate the method/system for multi-dimensional aggregation into the method/system for customized reporting and mining of event data for using aggregation operation that allow processing of all data fields for all postings for a given index term (para.[0022]). One of ordinary skill in the art would be motivated to make the aforementioned combination with reasonable expectation of success.
Claim 20 is rejected for the reasons set forth hereinabove for claim 11 and furthermore Botros teaches the incoming search query, and the actions further comprise: identifying at least one record in the inverted index corresponding to a field name; and determining a result for the incoming search query using the inverted index, wherein determining the result comprises a calculation using posting values associated with the at least one record (Fig. 2A, para.[0021], [0025], [0030], [0041]: inverted index with posting values as location to record in event log). 
Kusnitz teaches the incoming search query comprises at least one aggregate function, a field name that is associated with the aggregate function(para.[0021]-[0022]: Query language is extended with an AGGREGATION operator that allows processing of all the data fields for all postings for a given index term).
It would have been obvious to one having ordinary skill in the art at the time the invention was made having the teachings of Kusnitz and Botros before him/her to incorporate the method/system for multi-dimensional aggregation into the method/system for customized reporting and mining of event data for using aggregation operation that allow processing of all data fields for all postings for a given index term (para.[0022]). One of ordinary skill in the art would be motivated to make the aforementioned combination with reasonable expectation of success.
Claim 30 is rejected for the reasons set forth hereinabove for claim 21 and furthermore Botros teaches the incoming search query, and the actions further comprise: identifying at least one record in the inverted index corresponding to a field (Fig. 2A, para.[0021], [0025], [0030], [0041]: inverted index with posting values as location to record in event log). 
Kusnitz teaches the incoming search query comprises at least one aggregate function, a field name that is associated with the aggregate function (para.[0021]-[0022]: Query language is extended with an AGGREGATION operator that allows processing of all the data fields for all postings for a given index term).
It would have been obvious to one having ordinary skill in the art at the time the invention was made having the teachings of Kusnitz and Botros before him/her to incorporate the method/system for multi-dimensional aggregation into the method/system for customized reporting and mining of event data for using aggregation operation that allow processing of all data fields for all postings for a given index term (para.[0022]). One of ordinary skill in the art would be motivated to make the aforementioned combination with reasonable expectation of success.






Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THU NGUYET T LE whose telephone number is (571)270-1093.  The examiner can normally be reached on Monday-Friday 8-5 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Pierre Vital can be reached on 571-272-4215.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/THU NGUYET T LE/Primary Examiner, Art Unit 2162