Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-7, 10-21, 23-28 and 30 are pending in this application.


EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

The application has been amended as follows: 

1.    (Currently Amended) A method, comprising:
in response to executing a query that includes first filter criteria and categorization criteria, causing display of a plurality of interactive, categorized groupings based on the first filter criteria and the categorization criteria, wherein the first filter criteria identifies a set of data processed as part of the query and the categorization criteria identifies a manner of categorizing the set of data as part of the query, wherein each of the plurality of groupings includes a plurality of 
in response to an interaction with a display object associated with a particular grouping of the plurality of groupings, reviewing a plurality of inverted indexes to identify event references corresponding to events that satisfy the first filter criteria and categorization criteria, wherein the categorization criteria is based on the particular grouping, and wherein the event references correspond to a subset of the set of data processed as part of the query;
identifying a subset of events of the events corresponding to a subset of the event references for processing;
accessing the subset of events; 
processing the subset of events; and
providing results of the processing of the subset of events for display to a user.

2.    (Previously Presented) The method of claim 1,
wherein identifying the subset of events comprises identifying a-the subset of the event references based on a sampling criteria, wherein the subset of events are identified and accessed based on the subset of the event references.


wherein accessing the subset of events comprises identifying the location of the subset of events using the plurality of event reference arrays and accessing the subset of events based on the identified location.

4.    (Currently Amended) The method of claim 1, wherein each of the plurality of inverted indexes comprise a plurality of entries, each entry comprising:
a token or a field-value pair, and
one or more event references, each event reference of the one or more event references corresponding to an event that includes the token or field-value corresponding to the field-value pair,
wherein identifying a particular event of the events that satisfy the first filter criteria and the categorization criteria comprises identifying a particular event reference located in each entry of the plurality of entries identified by the first filter criteria and the categorization criteria.

5.    (Currently Amended) The method of claim 1, wherein each of the plurality of inverted indexes comprise:
a plurality of entries, each entry comprising: 

one or more event references, each event reference of the one or more event references corresponding to an event that includes the token or field-value corresponding to the field-value pair, and
an event reference array comprising a timestamp and information location of a plurality of events corresponding to a plurality of event references located in the respective inverted index,
wherein for a particular inverted index of the plurality of inverted indexes, to identify the event references corresponding to the events that satisfy the first filter criteria and the categorization criteria, the method further comprises identifying a group of event references located in each entry of the plurality of entries identified by the first filter criteria and the categorization criteria,
wherein for the particular inverted index of the plurality of inverted indexes, identifying a portion of the subset of events comprises identifying a subset of the group of event references, the portion of the subset of events corresponding to the subset of the group of event references, and
wherein for the particular inverted index of the plurality of inverted indexes, accessing the portion of the subset of events comprises identifying a location of the subset of events using the event reference array and accessing the portion of the subset of events based on the identified location.


a plurality of entries, each entry comprising: 
a token or a field-value pair, and
one or more event references, each event reference of the one or more event references corresponding to an event that includes the token or field-value corresponding to the field-value pair, and
wherein for a particular inverted index of the plurality of inverted indexes, to identify the event references corresponding to the events that satisfy the first filter criteria and the categorization criteria, the method further comprises identifying a group of event references located in each entry of the plurality of entries identified by the first filter criteria and the categorization criteria,
wherein for the particular inverted index of the plurality of inverted indexes, identifying a portion of the subset of events comprises identifying a subset of the group of event references, and
wherein for the particular inverted index of the plurality of inverted indexes, accessing the portion of the subset of events comprises identifying location information for a set of events that correspond to the subset of the group of event references and accessing the set of events that correspond to the subset of the group of event references using the location information.



8.    (Canceled)

9.    (Canceled)

10.    (Previously Presented) The method of claim 1, wherein each of the plurality of inverted indexes comprises a plurality of entries, each entry comprising:
a token or a field-value pair, and
one or more event references, each event reference of the one or more event references indicative of an event that includes the token or field-value corresponding to the field-value pair.

11.    (Previously Presented) The method of claim 1, wherein the each of the plurality of groupings corresponds to a unique combination of categorization criteria-value pairs.

12.    (Currently Amended) The method of claim 1, further comprising identifying the plurality of inverted indexes from a second plurality of inverted indexes based on the first filter criteria and the categorization criteria.

categorization criteria comprise a field value and wherein the events that satisfy the first filter criteria and the categorization criteria are identified based on a comparison of the field value with a plurality of field-value pair entries of the plurality of inverted indexes.

14.    (Currently Amended) The method of claim 1, wherein at least one of the first filter criteria and the categorization criteria comprises a token and wherein the events that satisfy the first filter criteria and the categorization criteria are identified based on a comparison of the token with a plurality of token entries of the plurality of inverted indexes.

15.    (Currently Amended) The method of claim 1, wherein at least one of the first filter criteria or the categorization criteria comprise a partition identifier and the plurality of inverted indexes are located in a directory corresponding to a partition identified by the partition identifier.

16.    (Currently Amended) The method of claim 1, wherein at least one of the first filter criteria or the categorization criteria comprise one or more keywords.

17.    (Previously Presented) The method of claim 1, wherein the plurality of groupings are based at least in part on a number of different categorization 

18.    (Previously Presented) The method of claim 1, wherein the results of the processing comprise event data corresponding to at least one event of the subset of events.

19.    (Previously    Presented)    The method of claim    1, wherein the results    of the processing comprise one or more field values corresponding at least one event of the subset of events.

20.    (Previously    Presented)    The method of claim    1, wherein the results    of the processing comprise a timeline corresponding to the subset of events.

21.    (Previously Presented) The method of claim 1, wherein the first filter criteria comprises one or more categorization-criteria value pairs that uniquely identifies the particular grouping from the plurality of groupings.

22.    (Canceled)



24.    (Currently Amended) The method of claim 1, wherein the plurality of inverted indexes comprise an event reference array identifying a location of one or more events of the events that satisfy the first filter criteria and the categorization criteria.

25.    (Currently Amended) The method of claim 1, wherein the first filter criteria and the categorization criteria comprise a time range and the plurality of inverted indexes are associated with events that satisfy at least a portion of the time range.

26.    (Currently Amended) The method of claim 1, wherein the subset of events corresponds to a subset of the events that satisfy the first filter criteria and the categorization criteria.

27.    (Previously Presented) The method of claim 1, wherein each of the plurality of inverted indexes correspond to a distinct time series bucket storing events referenced by the plurality of inverted indexes.

28.    (Currently Amended) A system comprising: 

a processing device communicatively coupled with the memory and configured to:
in response to executing a query that includes first filter criteria and categorization criteria, cause display of a plurality of interactive, categorized groupings based on the first filter criteria and the categorization criteria, wherein the first filter criteria identifies a set of data processed as part of the query and the categorization criteria identifies a manner of categorizing the set of data as part of the query, wherein each of the plurality of groupings includes a plurality of events that share a common at least two of host, source, source type or partition of the categorization criteria, and wherein the plurality of events of each of the plurality of groupings satisfy first filter criteria;
in response to an interaction with a display object associated with a particular grouping of the plurality of groupings, review a plurality of inverted indexes to identify event references corresponding to events that satisfy the first filter criteria and categorization criteria, wherein the categorization criteria is based on the particular grouping, and wherein the event references correspond to a subset of the set of data processed as part of the query;
identify a subset of events of the events corresponding to a subset of the event references for processing;
access the subset of events; 
process the subset of events; and


29.    (Canceled)

30.    (Currently Amended) A non-transitory computer-readable medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the one or more processing devices to perform operations comprising:
in response to executing a query that includes first filter criteria and categorization criteria, causing display of a plurality of interactive, categorized groupings based on the first filter criteria and the categorization criteria, wherein the first filter criteria identifies a set of data processed as part of the query and the categorization criteria identifies a manner of categorizing the set of data as part of the query, wherein each of the plurality of groupings includes a plurality of events that share a common at least two of host, source, source type or partition of the categorization criteria, and wherein the plurality of events of each of the plurality of groupings satisfy first filter criteria;
in response to an interaction with a display object associated with a particular grouping of the plurality of groupings, reviewing a plurality of inverted indexes to identify event references corresponding to events that satisfy the first filter criteria and categorization criteria, wherein the categorization criteria is based on the particular groupings and wherein the event 
identifying a subset of events of the events corresponding to a subset of the event references for processing;
accessing the subset of events; 
processing the subset of events; and
providing results of the processing of the subset of events for display to a user.



Response to Arguments

Applicant’s amendments with respect to claims rejected under 35 U.S.C. 103 have been fully considered and are persuasive.  The 35 U.S.C. 103 rejection of claims 1-7, 10-21, 23-28 and 30 has been withdrawn. 



Allowable Subject Matter

Claims 1-7, 10-21, 23-28 and 30 are allowed over the prior art of record.





The prior art of record, alone or in combination with each other does not expressly teach a method, comprising: in response to executing a query that includes first filter criteria and categorization criteria, causing display of a plurality of interactive, categorized groupings based on the first filter criteria and the categorization criteria, wherein the first filter criteria identifies a set of data processed as part of the query and the categorization criteria identifies a manner of categorizing the set of data as part of the query, wherein each of the plurality categorization criteria, wherein the categorization criteria is based on the particular grouping, and wherein the event references correspond to a subset of the set of data processed as part of the query; identifying a subset of events of the events corresponding to a subset of the event references for processing; accessing the subset of events; processing the subset of events; and providing results of the processing of the subset of events for display to a user.



Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Carasso et al., US 2015/0234905.
Das et al., US 2004/0249810.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENSEN HU whose telephone number is (571)270-3803.  The examiner can normally be reached on Monday - Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 571-272-4046.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.