Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
Response to Amendment
This Action is responsive to the Applicant’s Amendment/Remarks filed on 12/16/2020.   
As to Arguments and Remarks filed in the Amendment, please see Examiner’s responses shown after Rejections - 35 U.S.C § 103.
Please note claims 1-30 are pending.

Terminal Disclaimer
The Terminal Disclaimer filed on 12/16/2020 has been acknowledged and has been approved.
 

Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
 
Claims 1-30 are rejected under 35 U.S.C. 103 as being unpatentable over Bammi et al. (US PGPUB 2007/0073743, hereinafter Bammi), in view of Hosono et al. (US PGPUB 2009/0204588, hereinafter Hosono), and further in view of Zaydman et al. (US PGPUB 2011/0040745, hereinafter Zaydman).
As per as claim 1, Bammi discloses:
A method comprising:
 	providing a field searchable data store comprising a plurality of field searchable time stamped event records, wherein each event record comprises a time-stamped portion of raw machine data (Bammi, e.g., figs. 17 and 18 with texts 
 	receiving, at a search head, a collection query that references a field name that identifies portions of one or more event records to be summarized (Bammi, e.g., [0040-0041] and [0137-0138], “…searchable archives of data that facilitate fraud investigation. The analyst attempts to investigate and identify fraudulent usage scenarios… "Employee A opens Client B's account record" and "Employee A prints Client B's account record" are each process steps, and "Employee A opens Client B's account record and then prints Client B's account record" is a usage…”) (the examiner asserts search for employee A, B is equivalent search head) ;
 	determining if the collection query can be concurrently executed on a first plurality of indexers, wherein the search head is configured to communicate with the first plurality of indexers, and wherein each indexer of the first plurality of indexers comprises one or more field searchable time stamped event records (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0134], “…The multiple archives can each index different types of data…”);;
 	responsive to a determination that the collection query can be concurrently executed on the first plurality of indexers, determining a second plurality of indexers relevant to the collection query (Bammi, e.g., [0048-0058], “…user may interact with the dynamic tabular view that is embedded in a search result page is illustrated in FIG. 10. The search page presented to the user has a text input box control for entering a search request and a button control for submitting the search request to the search engine. Another button control is provided for enabling the user to display a dynamic report of the search results in the form of a dynamic table…”);
 executing the collection query to generate a respective summarization table at each indexer of the second plurality of indexers (Bammi, e.g., figs. 9D and 10C associating with texts description, [0084-0089]) by:
 	determining an extraction rule associated with the field name (Bammi, e.g., [0006], [0040-0041], [0045], [0050], [0135], [claim 3], “…identifying a location of a data field within the data, and including the data field…”); 
  	extracting a field value corresponding to the field name from the one or more event records using the extraction rule (Bammi, e.g., [0006], [0040-0041], [0045], [0050], [0134-0135], [0137], “…documents are partitioned into indexes. An index is a collections of documents included in a logical folder. Each folder contains documents associated with process steps or software events taking place within a prescribed interval of time…the folders can be created daily, with each folder including data associated with that day's uses…”) and [claim 3], “…identifying a location of a data field within the data, and including the data field…”); and
 	populating entries of the summarization table responsive to each extracted field value, wherein each entry comprises the field name, and the corresponding field value (Bammi, e.g., figs. 10A-10C, [0087-0089], disclose summary table to each extracted field , “…report containing customers 1041 affected by activity indicative of escheat fraud, corresponding amounts transferred 1042 from their accounts, last account access dates 1043, and identities of tellers 1044 who manipulated the customers' accounts…) and further see (Bammi, e.g., [0134-0138] for extracted fields). 
	To make recorder clearer regarding to the language of “extraction rule”.
However Hosono, in an analogous art, discloses “extraction rule” (Hosono, e.g., [0125], [0144], [0170] and [0186], “predetermined policy…selection may rely on how many search keywords are identical with the specified keyword. Some search keywords extracted from a matching attribute item may be identical with the specified keyword… record search depends on the variety of search keywords (i.e., the variety of extracted text strings). Thus, it would have been obvious to one of ordinary skill in the art BEFORE the effective filling date of the claimed invention to combine the teaching of Hosono and Bammi to allows the user to extract a word or phrase from actual text data records for use as a key attribute by apply rule/parameter to archiving in retrieve the most relevant information (Hosono, e.g., [0008-0012]).
	The combination of Hosono and Bammi disclose search field table (Hosono, e.g., 0089-0096], but to clarify the language of “providing a field searchable data store” (although as stated above Hosono and Bammi disclose the functional of searchable data store in plurality field)
	However Zaydman, in an analogous art, discloses “providing a field searchable data store” (Zaydman, e.g., [abstract], [0023-0024], [0031] and [0034-0038], “will be described in further details below. For example, searchable data fields Zaydman, Hosono and Bammi to identify on which tables and on which data fields of the tables to perform the search which can improve search efficiency and retrieve the most relevant information (Hosono, e.g., [0003-0005]).

As per as claim 2, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein each entry of the summarization table further comprises a reference value identifying a location in the field searchable data store where an associated event record is stored (Bammi, e.g., [0135] and [claim 3], “…various fields associated with the process step data (i.e., type of action or process step, person responsible, timestamp, client account involved) are included in an inverted index. For each of these fields, the index includes an entry which specifies the contents of the field, and location information specifying where data associated with that field's contents can be found within the data…”), and  (Hosono, e.g., [0053-0054]).

As per as claim 3, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the determining the second plurality of indexers relevant to the collection query comprises:
 	searching a catalog maintained for the first plurality of indexers to determine which of the first plurality of indexers comprise data relevant to the collection query (Bammi, e.g., [0133-0135], “…various fields associated with the process step data (i.e., type of action or process step, person responsible, timestamp, client account involved) are included in an inverted index. For each of these fields, the index includes an entry which specifies the contents of the field, and location information specifying where data associated with that field's contents can be found within the data…”)

As per as claim 4, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the determining the second plurality of indexers relevant to the collection query comprises:
 	forwarding the collection query to each of the first plurality of indexers, wherein each indexer of the first plurality of indexers independently determines if it has data relevant to the collection query (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0135], “…The multiple archives can each index different types of data…”);.

As per as claim 5, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, further comprising:
responsive to a determination that the collection query cannot be concurrently executed on the first plurality of indexers, executing the collection query at the search head to generate a summarization table by:
 	retrieving field searchable time stamped event records from one or more of the first plurality of indexers (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…The raw data is stored in logs 2030a, 2030b, and 2030c… the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0135]) and further see (Zaydman, e.g., [abstract], [0023-0024], [0031] and [0034-0038]);
 	determining an extraction rule associated with the field name (Hosono, e.g., [0125], [0144], [0170] and [0186], “predetermined policy…selection may rely on how many search keywords are identical with the specified keyword. Some search keywords extracted from a matching attribute item may be identical with the specified keyword… record search depends on the variety of search keywords (i.e., the variety of extracted text strings) and (Zaydman, e.g.,[00706], [0081-0082]);
 	extracting a field value corresponding to the field name from the retrieved field searchable time stamped event records (Zaydman, e.g., [0027], [0053-0060]); and
 	populating the summarization table responsive to each extracted field value, wherein each entry comprises the field name, and the corresponding field value (Bammi, e.g., figs. 10A-10C, [0087-0089], disclose summary table to each 

As per as claim 6, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, further comprising:
 responsive to a determination that the collection query cannot be concurrently executed on the plurality of indexers, executing the collection query at the search head to generate a summarization table by:
 	retrieving field searchable time stamped event records from one or more of the first plurality of indexers (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…The raw data is stored in logs 2030a, 2030b, and 2030c… the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0135]) and further see (Zaydman, e.g., [abstract], [0023-0024], [0031] and [0034-0038]);
 	determining an extraction rule associated with the field name (Hosono, e.g., [0125], [0144], [0170] and [0186], “predetermined policy…selection may rely on how many search keywords are identical with the specified keyword. Some search keywords extracted from a matching attribute item may be identical with the specified keyword… record search depends on the variety of search keywords (i.e., the variety of extracted text strings) and (Zaydman, e.g.,[00706], [0081-0082]);
 	extracting a field value corresponding to the field name from the retrieved field searchable, time stamped event records (Zaydman, e.g., [0027], [0053-0060]); and
 	populating entries of the summarization table responsive to each extracted field value, wherein each entry comprises the field name, and the corresponding field value (Bammi, e.g., figs. 10A-10C, [0087-0089], disclose summary table to each extracted field , “…report containing customers 1041 affected by activity indicative of escheat fraud, corresponding amounts transferred 1042 from their accounts, last account access dates 1043, and identities of tellers 1044 who manipulated the customers' accounts…) and further see (Bammi, e.g., [0134-0138], for extracted fields),
 	wherein the determining, the extracting and the populating are performed as the field searchable time stamped event records are received from the one or more of the first plurality of indexers by tracking a time value corresponding to the field searchable time stamped event records as they are received (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0135], “…The multiple archives can each index different types of data…”) and (Zaydman, e.g., [0027], [0053-0060]).

As per as claim 7, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the receiving the collection query comprises receiving the collection query from a user via a user-interface (Bammi, e.g., [0085], [0088-0089]) and (Zaydman, e.g.,[0020] and [0035]).

As per as claim 8, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the receiving the collection query comprises receiving the collection query through an application programming interface (Zaydman, e.g.,[0020] and [0035], “application-programming interface (API)”) and (Bammi, e.g., [0085], [0088-0089]).

As per as claim 9, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the collection query is scheduled to execute upon the occurrence of a condition (Bammi, e.g., [0052], [0065], [0070] and [0072]).

As per as claim 10, the combination of Zaydman, Hosono and Bammi disclose:
The method of Claim 1, wherein the collection query comprises terms used to identify portions of the field searchable, time stamped event records, wherein the terms are selected from a group consisting of: time ranges, patterns, and data ranges (Bammi, e.g., [0052], [0065], [0070] and [0072], (time window)).

Claims 11-20 are  essentially the same as claims 1-10 except that they set forth the claimed invention as computer readable medium rather a method, respectively and 

Claims 21-30 are essentially the same as claims 1-10 except that they set forth the claimed invention as a system rather a method, respectively and correspondingly, therefore is rejected under the same reasons set forth in rejections of claims 1-10.


Response to Arguments
The Examiner respectfully reminds applicant of the broadest reasonable interpretation standard (See MPEP 2111), "During examination, the claims must be interpreted as broadly as their terms reasonably allow." In re American Academy of Science Tech Center, 367 F.3d 1359, 1369, 70 USPQ2d 1827, 1834 (Fed. Cir. 2004) (The USPTO uses a different standard for construing claims than that used by district courts; during examination the USPTO must give claims their broadest reasonable interpretation.) In Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005), the court further elaborated on the “broadest reasonable interpretation" standard and recognized that “The Patent and Trademark Office (“PTO") determines the scope of claims in patent applications not solely on the basis of the claim language, but upon giving claims their broadest reasonable construction."  Thus, when interpreting claims, the courts have held that Examiners should (1) interpret claim terms as broadly as their terms reasonably allows and 
Applicant's arguments filed 11/16/2020 with respect to claims 1-30 have been fully considered but they are not persuasive.  Examiner respectfully maintains the rejection for the following reasons:
Issue I:  Applicant argued on pages 7-8 regarding to claims 1, 11 and 21 (Remarks/Argument) that the combination of Bammi, Hosono and Zaydman fail to  disclose “receiving, at a search head, a collection query that references a field name that identifies portions of one or more event records to be summarized”.
Response I:  The examiner respectfully disagrees  and submits (Bammi, e.g., [0040-0041] and [0137-0138], “…searchable archives of data … "Employee A opens Client B's account record" and "Employee A prints Client B's account record" are each process steps, and "Employee A opens Client B's account record and then prints Client B's account record" is a usage…”) (the examiner asserts search for employee A, B is equivalent search head), applicant can further see [133-0135] disclose event records such as type data and fields of data, “predefined times, event fields can be defined and indexed”.  The examiner further asserts that risk data/records = data/file which includes field, time and metadata).

Issue II:  Applicant argued on pages 7-9 (Remarks/Argument) that the combination of Bammi, Hosono and Zaydman fail to  disclose “determining if the collection query can be concurrently executed on a first plurality of indexers, wherein the search head is configured to communicate with the first plurality of indexers, and wherein each indexer of the first plurality of indexers comprises one or more field searchable time stamped event records”.
Response II:   After review and consideration, the examiner respectfully disagrees, unless applicant provide each implement steps that different with the combination of Bammi, Hosono and Zaydman, otherwise Bammi efficient read on what being claimed, (Bammi, e.g., figs. 17 and 18 with texts description, [0124-0129], “…the logged raw data can include an identifier of a person that performed the process step, a timestamp indicating when the process step was performed, a duration of time during which the process step was performed…” and [0133-0135], “…The multiple archives can each index different types of data…durations of time include one hour, one day, and one week…For each of these fields, the index includes an entry which specifies the contents of the field, and location information specifying where data associated with that field's contents can be found within the data...”) (for the purpose of index the data into folder, field …etc. which allow user to search and retrieve data at the time range, field or specific data) .

Issue III:  Applicant argued on pages 9-10 (Remarks/Argument) that the combination of Bammi, Hosono and Zaydman fail to  disclose “responsive to a determination that the collection query can be concurrently executed on the first plurality of indexers, determining a second plurality of indexers relevant to the collection query”.
Response III:   Unless applicant clarify the features of responsive to a determination that the collection query can be concurrently executed on the first and second plurality of indexers relevant to the collection query, therefore Bammi efficient disclose the claim language, (Bammi, e.g., [0048-0058], “…user may interact with the dynamic tabular view that is embedded in a search result page is illustrated in FIG. 10. The search page presented to the user has a text input box control for entering a search request and a button control for submitting the search request to the search engine. Another button control is provided for enabling the user to display a dynamic report of the search results in the form of a dynamic table…”) (the examiner asserts, the search engine concurrently execute and retrieves multiple fields/files and present to the user).

Issue IV: Applicant continue to argue on pages10-11 (Remarks/Argument) that the combination of Bammi, Hosono and Zaydman fail to  disclose “determining an extraction rule associated with the field name”.
Response IV:  The examiner respectfully disagrees and submits (Hosono, e.g., [0125], [0144], [0170] and [0186], “predetermined policy…selection may rely on how many search keywords are identical with the specified keyword. Some search keywords extracted from a matching attribute item may be identical with the specified keyword… record search depends on the variety of search keywords (i.e., the variety of extracted text strings) and further see (Bammi, e.g., [0006], [0040-0041], [0045], [0050], [0135], [claim 3], “…identifying a location of a data field within the data, and including the data field…”) (note that, applicant do 

Issue V:  Applicant further argued on pages 11-12 (Remarks/Argument) that the combination of Bammi, Hosono and Zaydman fail to  disclose “populating entries of the summarization table responsive to each extracted field value, wherein each entry comprises the field name, and the corresponding field value”.
Response V:  The Examiner respectfully disagree and submits  (Bammi, e.g., figs. 10A-10C, [0087-0089], disclose summary table to each extracted field , “…report containing customers 1041 affected by activity indicative of escheat fraud, corresponding amounts transferred 1042 from their accounts, last account access dates 1043, and identities of tellers 1044 who manipulated the customers' accounts…) and further see (Bammi, e.g., [0134-0138] for searching and extracted field value).
As per pending dependent claims 2-10, 12-20 and 22-30 depend from independent claims 1, 11 and 21, and are thus rejected along the same reasons as that claim 11, 11 and 21 is rejected.

For the above reasons the rejection is maintains.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record, listed on form PTO-892, and not relied upon, if any, is considered pertinent to applicant's disclosure. 
If a reference indicated as being mailed on PTO-FORM 892 has not been enclosed in this action, please contact Lisa Craney whose telephone number is 571-272-3574 for faster service.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TUAN A PHAM whose telephone number is (571)270-3173.  The examiner can normally be reached on M-F 7:45 AM - 6:30 PM
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached on 571-272-4078.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 
/TUAN A PHAM/
Primary Examiner, Art Unit 2163