DETAILED ACTION
This Office Action is in response for Applicant’s amendments and arguments submitted on January 27, 2021 for Application # 16/193,388 filed on November 16, 2020 in which claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of claims
Claims 1-20 are pending, of which claims 1-20 are rejected under 35 U.S.C. 103.

Claims 1, 5, 9, 10, 14, 18 and 19 are amended.
No Claims are canceled.
No claims are newly added.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Petersen et al US 2012/0005542 A1 (hereinafter ‘Petersen’) in view of Schneider et al. US 2018/0183821 A1 (hereinafter ‘Schneider’) as applied, and further in view of Sisk et al. US 2015/0213065 A1 (hereinafter ‘Sisk’).

As per claim 1, Petersen disclose, A method for cloud-based log management (Petersen: paragraph 0003: disclose “cloud” environments technology can be used for modern business operations and such technologies report their health and status by writing log files ‘log management’ and also the cloud environment is also discussed in secondary art below), comprising: 
retrieving (Petersen: paragraph 0091: disclose extraction ‘retrieving’ information from the logs), by a log manager of a computing device (Petersen: paragraph 0091: disclose provides for a log manager and log manager communicating with a computer network), a plurality of logs (Petersen: paragraph 0091: disclose 101, 102, 103 and 10M computers provides logs to the log manages that is communicatively couples to the various computers. Examiner considered receiving logs from multiple computer as plurality of logs); 
5 transmitting, by the log manager to a log aggregator (Petersen: paragraph 0092: disclose the log manager aggregate the log data into a manageable format that summarizes and examiner believes the log manager has a function of log aggregator), the first portion of the first subset of the plurality of logs, responsive to the classification of the first subset (Petersen: paragraph 0006: disclosed classification of the first subset of the received logs) of the plurality of logs as to be indexed (Petersen: paragraph 0215: disclose “global log processing rule manage’ in addition to classification of the log message and which logs are to be indexed);
 transmitting, by the log manager to a storage device of the log aggregator (Petersen; paragraph 0011; disclose aggregation of the logs), the second portion of the first subset of the plurality of logs (Petersen: paragraph 0011: disclose forwarding the logs to a data warehouse, where examiner argues that data warehouse is a storage device and also argues that the logs have second portion).

cloud-based log management;
classifying, by the log manager, the first subset of the plurality of logs as to be indexed as recited in claim 1.
On the other hand, Schneider achieved the aforementioned limitations by providing mechanisms of
cloud-based log management (Schneider: paragraph 0046: disclose cloud computing environment);
classifying, by the log manager, the first subset of the plurality of logs as to be indexed (Schneider: paragraph 0138: disclose indexing the log based on the type of log, which examiner interprets as classifying the log and paragraph 0212: disclose classifying the clusters, where the logs are clustered. Examiner believes the primary reference teaches this limitation. However, examiner used the secondary reference to emphasis on the classification teachings).
The motivation for doing so would have been to provide a network security monitor that can use partial information to detect upcoming threatful behaviors that can affect network infrastructure or network elements (Schneider: Paragraph 0005).
It is noted, however, neither Petersen nor Schneider specifically detail the aspects of
selecting, by the log manager, a first subset of the plurality of logs responsive to each of the logs of the first subset lacking an identifier of whether each of the logs should be indexed or not;

On the other hand, Sisk achieved the aforementioned limitations by providing mechanisms of
selecting (Sisk: paragraph 0007: disclose retrieving a usage logs), by the log manager (Sisk: paragraph 0007: disclose Log analyzer which examiner equates to log manager), a first subset of the plurality of logs responsive to each of the logs of the first subset (Sisk: paragraph 0058: disclose the log analyzer receive usage logs, examiner equates these usage logs as first subset) lacking an identifier of whether each of the logs (Sisk: Fig. 3 and paragraph 0074: disclose usage logs that do not have an identifier but log entries consists of various information) should be indexed or not (Sisk: paragraph 0054: disclose usage log analyzer to process a set of usage to cleanse automated robotic traffic from the set of usage logs. Examiner equates of cleanse automated robotic traffic as logs that are not indexed and human traffic as logs being indexed);
classifying, by the log manager, a second portion of the first subset of the plurality of logs as not to be indexed (Sisk: paragraph 0054: disclose usage log analyzer will cleanse automated robotic traffic ‘second portion’ from the set ‘first subset’ of user logs, which examiner equates cleanse as logs as not to be indexed because the logs are cleanse).
The motivation for doing so would have been to determine relationships between events and the usage logs can be classified based on the relationships as either Sisk: Abstract)
Petersen, Sisk and Schneider are analogous art because they are from the “same field of endeavor” and both from the same “problem-solving area”. Namely, they are both from the field of “Logs Management System”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the systems of Petersen, Sisk and Schneider because they are both directed to logs management system and both are from the same field of endeavor. The skilled person would therefore regard it as a normal option to include the restriction features of Schneider and Sisk with the method described by Petersen in order to solve the problem posed.
Therefore, it would have been obvious to combine Schneider and Sisk with Petersen to obtain the invention as specified in instant claim 1.

As per claim 2, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, wherein retrieving the plurality of logs further comprises retrieving, by the log manager from a plurality of additional computing devices, the plurality of logs (Petersen: paragraph 0004: disclose networks are often augmented and upgraded with additional systems ‘computing devices’ that provide even more logs).

As per claim 3, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, wherein classifying the first Petersen: paragraph 0214 and Fig. 4: disclose adding ‘appending’ meta-data ‘control identifier’ to each log such as MsgClassID, CommonEventID and MPERuleID).

As per claim 4, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, wherein classifying the first subset of the plurality of logs as to be 20indexed further comprises further comprises classifying the first subset of the plurality of logs as critical or high priority (Petersen: paragraph 0155 and Fig. 4: disclose a priority ranking of the events and PRORITY of the logs and priority inherently have high or low status).

As per claim 5, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, wherein the log aggregator stores the second portion of the first subset of the plurality of logs without indexing responsive to the second portion of the first subset of the plurality of logs not being 25classified as to be indexed (Petersen: paragraph 0215: disclose the global log processing rule manger provides a way to apply data management settings such as deciding which logs to store in raw form that meet specific criteria).

As per claim 6, most of the limitations of this claim have been noted in the rejection of claim 1 above. 

wherein selecting the first subset of the plurality of logs further comprises: 
selecting a log of the plurality of logs, by a machine learning system of the computing 30device; and 
adding the log to the first subset, by the machine learning system, responsive to the log having characteristics matching characteristics of logs previously requested for review as recited in claim 6.
On the other hand, Schneider achieved the aforementioned limitations by providing mechanisms of
wherein selecting the first subset of the plurality of logs further comprises: 
selecting a log of the plurality of logs, by a machine learning system of the computing 30device (Schneider: paragraph 0143: disclose machine learning technique to output weight); and 
adding the log to the first subset, by the machine learning system, responsive to the log having characteristics matching characteristics of logs previously requested for review (Schneider: paragraph 0144: disclose generate a plurality of cluster from the plurality of records using the weighted logs and using the matching process and paragraph 0143: disclose a machine learning techniques).

As per claim 7, most of the limitations of this claim have been noted in the rejection of claims 1 and 6 above. 
It is noted, however, Petersen did not specifically detail the aspects of

On the other hand, Schneider achieved the aforementioned limitations by providing mechanisms of
wherein the characteristics comprise routines that generated the logs 5previously requested for review, computing devices corresponding to the logs previously requested for review, generation times of logs previously requested for review, or types of logs previously requested for review (Schneider: paragraph 0133: disclose monitoring agent create one or more types of logs requested like network security logs and intrusion prevention system logs. Examiner believes only one limitation need to be taught due to the word “or” in the claim limitation).

As per claim 8, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, wherein selecting the first subset of the plurality of logs further 10comprises: for each log of the first subset of the plurality of logs: identifying, by the log manager, a routine that generated the log, the routine comprising an indexing command, and adding the log to the first subset, by the log manager, responsive to the identified 15routine comprising the indexing command (Petersen: paragraph 0215: disclose “global log processing rule manage’ in addition to classification of the log message and which logs are to be indexed. Examiner interprets this limitation as log manager command to index the logs).

As per claim 9, most of the limitations of this claim have been noted in the rejection of claim 1 above. In addition, Petersen disclose, further comprising transmitting, by the log manager to the log aggregator, a request to index at least one log of the second portion of the first subset of the plurality of logs, the 20log aggregator indexing the at least one log of the second portion of the first subset of the plurality of logs responsive to receipt of the request (Petersen: paragraph 0092: disclose the log manager aggregate the log data into a manageable format that summarizes and examiner believes the log manager has a function of log aggregator).

As per claim 10, Petersen disclose, A system for cloud-based log management, comprising: a computing device comprising a network interface (Petersen: paragraph 0088: disclose computers with in a computer networks) and a processor executing a log 25manager; wherein the log manager is configured to: remaining limitations are similar to claim 1. Therefore, examiner rejects these limitations under the same rationale as claim 1. 

As per claim 11, most the remaining limitations are similar to claim 2. Therefore, examiner rejects these limitations under the same rationale as claim 2.

As per claim 12, most the remaining limitations are similar to claim 3. Therefore, examiner rejects these limitations under the same rationale as claim 3.



As per claim 14, most the remaining limitations are similar to claim 5. Therefore, examiner rejects these limitations under the same rationale as claim 5.

As per claim 15, most the remaining limitations are similar to claim 6. Therefore, examiner rejects these limitations under the same rationale as claim 6.

As per claim 16, most the remaining limitations are similar to claim 7. Therefore, examiner rejects these limitations under the same rationale as claim 7.

As per claim 17, most the remaining limitations are similar to claim 8. Therefore, examiner rejects these limitations under the same rationale as claim 8.

As per claim 18, most the remaining limitations are similar to claim 9. Therefore, examiner rejects these limitations under the same rationale as claim 9.

As per claim 19, Petersen disclose, A tangible computer-readable storage medium (Petersen: paragraph 0006: disclose storage module such as hard drive) comprising instructions that, when executed 10by the processor of a computing device, cause the processor to: remaining limitations are similar to claim 1. Therefore, examiner rejects these limitations under the same rationale as claim 1. 

As per claim 20, most the remaining limitations are similar to claim 3. Therefore, examiner rejects these limitations under the same rationale as claim 3.

Conclusion
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 US Publication US 20170011079 A1 disclose SYSTEMS AND METHODS FOR TRACKING AND AUDITING CHANGES IN A MULTI-TENANT CLOUD SYSTEM.
US Publication US 20110314148 A1 disclose LOG COLLECTION, STRUCTURING AND PROCESSING
US Publication US 20120246303 A1 disclose LOG COLLECTION, STRUCTURING AND PROCESSING
US Publication US 20150095338 A1 disclose SYSTEMS AND METHODS FOR CATEGORIZING EXCEPTIONS AND LOGS.
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to PAVAN MAMILLAPALLI whose telephone number is (571)270-3836.  The examiner can normally be reached on M-F. 8am - 4pm, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D Reyes can be reached on 571-270-1006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 

/PAVAN MAMILLAPALLI/
Primary Examiner, Art Unit 2159