DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114 was filed in this application after a decision by the Patent Trial and Appeal Board, but before the filing of a Notice of Appeal to the Court of Appeals for the Federal Circuit or the commencement of a civil action. Since this application is eligible for continued examination under 37 CFR  1.114 and the fee set forth in 37 CFR 1.17(e) has been timely paid, the appeal has been withdrawn pursuant to 37 CFR 1.114 and prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant’s submission filed on 3 May 2021 has been entered.


Response to Amendment / Arguments 
The independent claims were each amended to add: wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values.  The examiner is not convinced that this is not taught by the prior art (i.e. regarding heat maps).  In addition, these newly added features render claim 4 as rejected under 112(d).  The features of claim 4 are now moved into claim 4, rendering claim 4 redundant.  Please see remainder of this official action for more details. 



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 4 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  The features of claim 4 are now present in claim 1. Claim 4 should be cancelled.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-5, 9, 10, 12-14, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over: Carasso, D. (2012), “Exploring Splunk”, published by CITO Research, New York, USA, ISBN, 978-0 (pp. i-iii and 3-154) and Perez (U.S. Patent Application Publication No. 2014/0340407 A1), and further in view of Garr (U.S. Patent Application Publication No. 2012/0262472 A1) (Carasso and Garr are both cited in Applicant's IDS of 9/6/2016; all citations to Carasso refer to the copy that was provided by the examiner in parent application 14/165,232). 

	Regarding claim 1: 
	Carasso teaches: a method (page 10, methods for using machine data) comprising: accessing a set of time stamped, searchable events from a set of raw data (pages 14-15, accessing raw data, whereby a timestamp is assigned to all raw , 
	each event in the set of time stamped, searchable events includes a portion of the set of raw data from which the time stamped, searchable event was derived (page 15, which teaches that each event from raw machine data is assigned a time. This corresponds to a teaching that each event includes a portion of the set of raw data (machine data) from which the time stamped, searchable event was derived), 
	the set of raw data related to security or performance aspects of one or more information technology systems (page 126, the machine data can be IT performance related data.  See also page 127, the data can be IT security related); and
	identifying a set of unique values included in a particular field that is present in one or more time stamped, searchable events in the set of time stamped, searchable events, the particular field being at a location, within one or more time stamped, searchable events, defined by an extraction rule (see page 19, “Table 2-1: Fields Splunk always indexes”. Indexing by source, (e.g. came from log scripts), corresponds to identifying a set of unique values in a particular field (in a source field) that is present in one or more time stamped, searchable events (see mapping above re: timestamping all data). Re: the particular field being at a location within one or more time stamped, searchable events defined by an extraction rule, see “Understanding How Splunk Indexes Data” beginning at page 18 and Fig. 2.5.  The functionality of the indexing pipeline corresponds to Applicant’s claimed extraction rule 
	Carasso does not proactively teach causing a display of rows, each row having one or more indicators, as per claim 1. 
	In analogous art, Perez teaches: causing display, via a graphic user interface, ([0024]) of a plurality of rows that each correspond to one unique value among the set of unique values (see [0026] to [0028] and Fig. 2, which illustrates a plurality of rows 1-12, each row corresponding to a resource 105, where the resources 105 here are individually monitored servers. Each row is for a single resource),  
	each row having a plurality of indicators (Fig. 2, each row has indicators such as number of messages, or severity of messages, such as the indicators of column 204. There are at least 4 possible indicators in this example here: (1) total number of messages; (2) total messages of severity color code 1; (3) total messages of severity of color code 2; and (4) total messages of severity color code 3; see also paras. 26-32), 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events (Fig. 2 and paras. 26-32, the indicators can indicate total number of messages, or messages of a certain severity), 
	wherein the method is performed by one or more computing devices (claim 1 and [0059], method is performed on a computer). 
	It would have been obvious for one of ordinary skill in the art to have combined and modified Carasso, in view of Perez, to have included the above, and further modified the applied references such that server messages, as taught by Perez, are included in the raw data that is time stamped/indexed by Carasso.  Such a modification 
	The prior art included each element recited in the above portion of claim 1, although not necessarily in a single embodiment, with the only difference being between the claimed element and the prior art being the lack of actual combination of certain elements in a single prior art embodiment, as described above. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  
*   *   *  *   *
	Regarding the remaining features of claim 1, it would have been obvious for one of ordinary skill in the art to have combined and modified the applied references, in view of same, to have included: 
	each row having a plurality of indicators displayed along a timeline, 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events in that have the one unique value in the particular field among the set of time stamped, searchable events, and a time stamp corresponding with a certain time period,…
	wherein each indicator of the plurality of indicators is positioned along the timeline according to the certain time period, 
	wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).  
Garr teaches that it is known to display rows having indicators displayed along a timeline (see Garr, Fig. 2: 41). Perez teaches indicators indicating a number of events, such as messages, as mapped above (see Fig. 2 of Perez and related description of indicators of messages and message severities).  
Re: each indicator indicating a number of time stamped, searchable events that includes the unique value in the particular field among the set of time stamped, searchable events, and a time stamp corresponding with a certain time period, there are at least two ways to interpret this claim feature. Both interpretations are taught and obvious over the prior art.  
First interpretation: having each indicator to be within a certain time period can be done by filtering the dataset to a certain time period. This is taught by Carasso (see Chapter 4: SPL Search Processing Language, beginning at page 33).  Recall, Carasso also teaches time stamped data, so data with a time stamp, filtered to a time period, teaches a time stamp corresponding with a certain time period. 
Second interpretation: having each indicator to be within a certain time period can be done by having the indicators be time-stamped data that is specific or related to the unique value in the particular field.  Perez teaches indicators that includes the unique value in the particular field; modifying Perez to include time stamped data (i.e. server data) would have been obvious and predictable to one of ordinary skill.  By 
Accordingly, positioning each indicator (as taught by Perez) that includes the unique value in the particular field and a time stamp corresponding to a particular time period, per Carasso, along the timeline (per Garr) is all taught/suggested by the prior art, and would have been obvious and predictable to one of ordinary skill.  
	Finally, re: wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values, this is taught by Garr.  Garr further teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also paras. 21-46 and Figs. 4, 8 and 10. For categories of values, this can be done by assigning colors to groups of values, or designated groupings, as per Garr. See Fig. 4.  Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods). Users can select the colors/shades for different categories of values (see also paras. 15-57). Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).   Modifying the applied references, in view of Garr and Perez, to have included the above re: heat map features as per Garr and displayed images per both, is all of taught, suggested and obvious and predictable to one of ordinary skill in the art. 



	Regarding claim 2: 
	Carasso further teaches: the method of claim 1, wherein the raw data is machine data (page 13, last paragraph; and page 15). 


	Regarding claim 3: 
	Carasso further teaches: the method of claim 1, wherein the time stamped, searchable events are derived at least in part from log files generated by one or more servers (page 13, “Machine Data Basics”, the data can come from log files generated by web server systems. See also page 14, middle of page). 


	Regarding claim 4: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Carasso teaches data that includes time stamped, searchable events (see e.g. pages 13-15 and Chapter 4).  Perez teaches indicators that are an absolute indication of the number of time stamped, searchable events (see Fig. 2: 205, an absolute indication of a number of messages, and/or relative indication based on color code severity of messages. See also paras. 26-29). Perez also teaches a relative indication of the number of time stamped, searchable events (Fig. 2: 220, a horizontal bar of different patterns providing a relative indication of number of events). Re: displaying using a color or shade, Perez teaches that using color to designate relative indications (see claim 2).  Alternatively, Garr also teaches using color or shade to provide indications (see claim 1 and [0023] to [0029]).
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  

	
	Regarding claim 5: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, 
	the color or shade is applied to each intersection of a row and a time period according to a linear scale, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Garr further teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also [0032] and Fig. 4: 75, which shows a color bar that corresponds to a linear color scale, ranging from -1.0 to + 1.0, with associated variations in color. Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods). 
	Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).  Modifying the indicators of Perez to be displayed using a color or shade applied to each intersection according to a linear scale, per Garr and/or Perez, would have been obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 9: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, 
	the color or shade is applied to each intersection of a row and a time period according to a linear scale, 
	the color or shade is applied to each intersection using a scale based on a maximum event count and a minimum event count determined from 
	(i) intersections within a row including the intersection for which the color or shade is being applied, 
	(ii) intersections within a column including the intersection for which the color or shade is being applied, or 
	(iii) all displayed intersections, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Garr further teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also [0032] and Fig. 4: 75, which shows a color bar that corresponds to a linear color scale, ranging from -1.0 to + 1.0, 
	Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods).
	Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).  Modifying the indicators of Perez to be displayed (see Fig. 2) to be displayed using a color or shade applied to each intersection according to a linear scale where the color or shade is applied to each intersection using a scale based on a maximum event count and a minimum event count determined from all displayed intersections, as per Garr, would have been obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 10: 
the method of claim 1, further comprising: 
	receiving user input that specifies a time granularity; and 
	determining at least a start time covered by each of a plurality of time periods based on the time granularity, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Carasso teaches that specifying time granularities within data sets is known (see page 88, which describes telling the system to show details down to 5-minute granularities, for example).  This corresponds to a teaching of receiving user input that specifies a time granularity, and determining at least a start time covered by each of a plurality of time periods based on the time granularity. 
	Modifying the timeline/time period display of Garr (see Fig. 2 for example, which has hour long granularities), to be adjusted based on specified time granularities, as per Carasso, would have been obvious and predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 12: 
Carasso further teaches: the method of claim 1, further comprising: receiving user input indicating a particular time period to be used for sorting the plurality of rows (see page 35, a user can filter a dataset, in combination with page 19, a field can be a time period. Filtering the dataset to a particular time period is taught/suggested by Carasso); and sorting the plurality of rows (pages 33-34, data can be sorted), 
	wherein each row is positioned in ascending or descending order based on a number of events corresponding to an intersection of that row with the particular time period (see page 34, rows can be sorted in ascending or descending order based on selected fields. Recall, Perez teaches rows of servers, where one of the column data corresponds to messages and number of messages (see Fig. 2)).  Sorting the data based on a number of events, such as a number of messages, per Perez, corresponding to the intersection of that row with the particular time period (corresponding to the filtered time period, per Carasso) would have been obvious and predictable to one of ordinary skill as of the effective filing date. See MPEP 2143(A). 
	 One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  
	Claim interpretation - Please note: for the purposes of examination, the examiner is interpreting “the intersection of that row with the particular time period” as a relationship between that row and the time period that was indicated by user input to be used for sorting.  If Applicant intended for this claim to be a sort by time period, and sort 


	Regarding claim 13: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, further comprising: receiving user input selecting an intersection of a row and a time period; and 
	causing display of information pertaining to an intersection that includes any of: a corresponding field value, a count value indicating a number of events associated with the intersection, or a time period associated with the intersection, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Perez teaches receiving a user input selecting an intersection of a row and a column, and causing display of information pertaining to the intersection that includes a corresponding field value, a count value indicating a number of events associated with the intersection, or a time period (see Fig. 2: 235, user input selecting an intersection displays a corresponding field value or count value indicating a number of events associated with that intersection. See also Fig. 5: 505).  Garr teaches that graphical representations of rows that intersect with time periods is known (see Fig. 2).  Modifying the display of Perez to have included time periods as columns, per Garr, with the user 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 14: 
	Carasso further teaches: the method of claim 1, further comprising displaying a statistic for each unique value in the set of unique values for the particular field, 
	wherein the statistic for a given unique value includes any combination of: 
	a minimum event count corresponding to intersections in the row corresponding to the given unique value with time periods, 
	a maximum event count corresponding to the intersections, 
	an average of event counts corresponding to the intersections, 
	a total count of events in multiple intersections, or 
	a percentage of the set of time stamped, searchable events that correspond to multiple intersections (see, beginning at 43, the “stats” command for statistical calculations.  Depending on what command is used, the display can be modified to return an average, a min or a max (see Table 4-8 and Table 4-9). These can be displayed as a chart (see page 45 and Table 4-10) See also table 4-11.  

	The motivation would be to better understand and analyze the impact of data using statistical calculations. 


	Regarding claim 16: 
	Perez teaches: a non-transitory computer readable storage medium ([0069], one or more computer readable mediums), storing instructions ([0069], storing program code) that, when executed by one or more processors ([0073], executed by a computer), cause performance of.
 	However, Perez does not teach features relating to creating a set of time stamped, searchable events and related features. 
	In analogous art, Carasso teaches: accessing a set of time stamped, searchable events from a set of raw data (pages 14-15, accessing a set of raw data, whereby a timestamp is assigned to all raw data (quoting page 15: “If the raw data does not have an explicit timestamp, Splunk assigns the time at which the event was indexed by Splunk to the events in the data or uses other approximations, such as the time the file was last modified or the timestamp of previous events”)), 
	each event in the set of time stamped, searchable events includes a portion of the set of raw data from which the time stamped, searchable event was derived , 
	the set of raw data related to security or performance aspects of one or more information technology systems (page 126, the machine data can be IT performance related data.  See also page 127, the data can be IT security related); and
	identifying a set of unique values included in a particular field that is present in one or more time stamped, searchable events in the set of time stamped, searchable events, the particular field being at a location, within the one or more time stamped, searchable events, defined by an extraction rule (see page 19, “Table 2-1: Fields Splunk always indexes”. Indexing by source, (e.g. came from log scripts), corresponds to identifying a set of unique values in a particular field (in a source field) that is present in one or more time stamped, searchable events (see mapping above re: timestamping all data). Re: the particular field being at a location within one or more time stamped, searchable events defined by an extraction rule, see “Understanding How Splunk Indexes Data” beginning at page 18 and Fig. 2.5.  The functionality of the indexing pipeline corresponds to Applicant’s claimed extraction rule and the field being at a particular location (i.e. in the dataset) within one or more time stamped, searchable events. See also pages 22-29).  
	It would have been obvious for one of ordinary skill as of the effective filing date of Applicant’s claims in the art to have combined and modified Perez in view of Carasso, to have obtained the above.
	The motivation would be to process large amounts of data and make said data useful (Carasso, page 13).  

	Carasso does not proactively teach causing a display of rows, each row having one or more indicators, as per claim 16.
	In analogous art, Perez teaches: causing display, via a graphic user interface, ([0024]) of a plurality of rows, that each correspond to one unique value among the set of unique values (see [0026] to [0028] and Fig. 2, which illustrates a plurality of rows 1-12, each row corresponding to a resource 105, where the resources 105 here are individually monitored servers. Each row is for a single resource),  
	each row having a plurality of indicators (Fig. 2, each row has indicators such as number of messages, or severity of messages, such as the indicators of column 204. There are at least 4 possible indicators in this example here: (1) total number of messages; (2) total messages of severity color code 1; (3) total messages of severity of color code 2; and (4) total messages of severity color code 3; see also paras. 26-32), 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events (Fig. 2 and paras. 26-32, the indicators can indicate total number of messages, or messages of a certain severity), 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of Perez, to have included the above such that server messages, as taught by Perez, are included in the raw data that is time stamped/indexed by Carasso.  Such a modification would have been obvious and predictable to one of ordinary skill in the art as of the effective filing date. See MPEP §2143(A).  
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same 
*   *   *  *   *
	Regarding the remaining features of claim 16, it would have been obvious for one of ordinary skill in the art to have combined and modified the applied references, in view of same, to have included: 
	each row having a plurality of indicators displayed along a timeline, 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events that have: the one unique value in the particular field among the set of time stamped, searchable events, and a time stamp corresponding with a certain time period,  
	wherein each indicator of the plurality of indicators is positioned along the timeline according to the certain time period, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values and the results of the modification would have been predictable to one of ordinary skill in the art.  See MPEP §2143(A).  
Garr teaches that it is known to display rows having indicators displayed along a timeline (see Garr, Fig. 2: 41). Perez teaches indicators indicating a number of events, as mapped above (see Fig. 2 of Perez).  
Re: each indicator indicating a number of time stamped, searchable events …that have the one unique value in the particular field among the set of time stamped, searchable events and a time stamp corresponding with a certain time period, there are at least two ways to interpret this claim feature. Both interpretations are taught and obvious over the prior art.  
First interpretation: having each indicator to be within a certain time period can be done by filtering the dataset to a certain time period. This is taught by Carasso (see Chapter 4: SPL Search Processing Language, beginning at page 33).  Recall, Carasso also teaches time stamped data, so data with a time stamp, filtered to a time period, teaches a time stamp corresponding with a certain time period. 
Second interpretation: having each indicator to be within a certain time period can be done by having the indicators be time-stamped data that is specific or related to the unique value in the particular field.  Perez teaches indicators that includes the unique value in the particular field; modifying Perez to include time stamped data (i.e. server data) would have been obvious and predictable to one of ordinary skill.  By definition, a time stamped data corresponds to a certain time period (i.e. data time stamped for 5:00 PM corresponds to an evening time period, a time period of  5 to 6 PM, a time period of one day, of one year, etc.  Applicant should consider clarifying the claim language here. 
Accordingly, positioning each indicator (as taught by Perez) that includes the unique value in the particular field and a time stamp corresponding to a particular time period, per Carasso, along the timeline (per Garr) is all taught/suggested by the prior art, and would have been obvious and predictable to one of ordinary skill as of the effective filing date of Applicant’s claims.  
	Finally, re: wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values, this is taught by Garr.  Garr further teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also paras. 21-46 and Figs. 4, 8 and 10. For categories of values, this can be done by assigning colors to groups of values, or designated groupings, as per Garr. See Fig. 4.  Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods). Users can select the colors/shades for different categories of values (see also paras. 15-57). Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).   Modifying the applied references, in view of Garr and Perez, to have included the above re: heat map features as per Garr and displayed images per both, is all of taught, suggested and obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 18: 
	Perez teaches: a system ([0074], system) comprising: 
	a memory having processor-readable instructions stored therein ([0069], machine readable medium storing program code); and 
	a processor ([0073], computer) configured to access the memory and execute the processor-readable instructions ([0073], computer executes the code or software), which when executed by the processor, configures the processor to perform a plurality of functions ([0073], code is for carrying out instructions or functions), including functions to: 
	However, Perez does not teach features relating to creating a set of time stamped, searchable events and related features. 
	In analogous art, Carasso teaches: access a set of time stamped, searchable events from a set of raw data (pages 14-15, access set of data, whereby a timestamp is assigned to all raw data (quoting page 15: “If the raw data does not have an explicit timestamp, Splunk assigns the time at which the event was indexed by Splunk to the events in the data or uses other approximations, such as the time the file was last modified or the timestamp of previous events”)), 
	each event in the set of time stamped, searchable events includes a portion of the set of raw data from which the time stamped, searchable event was derived (page 15, which teaches that each event from raw machine data is assigned a time. This corresponds to a teaching that each event includes a portion of the set of raw data (machine data) from which the time stamped, searchable event was derived), 
	the set of raw data related to security or performance aspects of one or more information technology systems (page 126, the machine data can be IT performance related data.  See also page 127, the data can be IT security related); and
	identify a set of unique values included in a particular field that is present in one or more time stamped, searchable events in the set of time stamped, searchable events, the particular field being at a location, within the one or more time stamped, searchable events, defined by an extraction rule (see page 19, “Table 2-1: Fields Splunk always indexes”. Indexing by source, (e.g. came from log 
	It would have been obvious for one of ordinary skill in the art to have combined and modified Perez in view of Carasso, to have obtained the above.
	The motivation would be to process large amounts of data and make said data useful (Carasso, page 13).  
*   *   *   *   *
	  Carasso does not proactively teach causing a display of rows, each row having one or more indicators, as per claim 18.
	In analogous art, Perez teaches: cause display, via a graphic user interface, ([0024]) of a plurality of rows, each row corresponding to one unique value among the set of unique values (see [0026] to [0028] and Fig. 2, which illustrates a plurality of rows 1-12, each row corresponding to a resource 105, where the resources 105 here are individually monitored servers. Each row is for a single resource),  
	each row having a plurality of indicators (Fig. 2, each row has indicators such as number of messages, or severity of messages, such as the indicators of column 204. There are at least 4 possible indicators in this example here: (1) total number of , 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events (Fig. 2 and paras. 26-32, the indicators can indicate total number of messages, or messages of a certain severity), 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of Perez, to have included the above such that server messages, as taught by Perez, are included in the raw data that is time stamped/indexed by Carasso.  Such a modification would have been obvious and predictable to one of ordinary skill in the art as of the effective filing date of Applicant’s claims. See MPEP §2143(A).  
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.   
*   *   *  *   *
	Regarding the remaining features of claim 18, it would have been obvious for one of ordinary skill in the art to have combined and modified the applied references, in view of same, to have included: 
	each row having a plurality of indicators displayed along a timeline, 
	each indicator among the plurality of indicators indicating a number of time stamped, searchable events that have: the one unique value in the particular field among the set of time stamped, searchable events…, 
	wherein each indicator of the one or more indicators is positioned along the timeline according to the certain time period, and 
	wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values, and the results of the modification would have been predictable to one of ordinary skill in the art.  See MPEP §2143(A).  
Garr teaches that it is known to display rows having indicators displayed along a timeline (see Garr, Fig. 2: 41). Perez teaches indicators indicating a number of events, as mapped above (see Fig. 2 of Perez).  
Re: each indicator indicating a number of time stamped, searchable events… that have: the one unique value in the particular field  among the set of time stamped, searchable events, and a time stamp corresponding with a certain time period, there are at least two ways to interpret this claim feature. Both interpretations are taught and obvious over the prior art.  
First interpretation: having each indicator to be within a certain time period can be done by filtering the dataset to a certain time period. This is taught by Carasso (see Chapter 4: SPL Search Processing Language, beginning at page 33).  Recall, Carasso also teaches time stamped data, so data with a time stamp, filtered to a time period, teaches a time stamp corresponding with a certain time period. 
Second interpretation: having each indicator to be within a certain time period can be done by having the indicators be time-stamped data that is specific or related to the unique value in the particular field.  Perez teaches indicators that includes the unique value in the particular field; modifying Perez to include time stamped data (i.e. server data) would have been obvious and predictable to one of ordinary skill.  By definition, a time stamped data corresponds to a certain time period (i.e. data time stamped for 5:00 PM corresponds to an evening time period, a time period of  5 to 6 
Accordingly, positioning each indicator (as taught by Perez) that includes the unique value in the particular field and a time stamp corresponding to a particular time period, per Carasso, along the timeline (per Garr) s all taught/suggested by the prior art, and would have been obvious and predictable to one of ordinary skill.  
	Finally, re: wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade that is selected from a set of user-designated colors or shades specified for different categories of values, this is taught by Garr.  Garr further teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also paras. 21-46 and Figs. 4, 8 and 10. For categories of values, this can be done by assigning colors to groups of values, or designated groupings, as per Garr. See Fig. 4.  Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods). Users can select the colors/shades for different categories of values (see also paras. 15-57). Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).   Modifying the applied references, in view of Garr and Perez, to have included the above re: heat map features as per Garr and displayed images per both, is all of taught, suggested and obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 20: please see above regarding claim 14. 
	Claim 20 recites features, which are substantially similar to those of claim 14. Thus, the above rationale for rejecting claim 14 equally applies to claim 20. 


Claims 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Carasso in view of Perez and Garr, and further in view of: Ingrassia (U.S. Patent Application Publication No. 2008/0091757 A1).

	Regarding claim 6: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, 
	the color or shade is applied to each intersection of a row and a time period according to a logarithmic scale, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Garr teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also [0032] and Fig. 4: 75, which shows a color bar that corresponds to a linear color scale, ranging from -1.0 to + 1.0, with associated variations in color. 
	Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods).  
Ingrassia teaches that, for heatmaps, a logarithmic color scale is known (see [0013], the kernel distance decay function for a heatmap (see e.g. [0008] and [00012], can be based on a logarithmic formula). 
	Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).  Modifying the indicators of Perez to be displayed) to be displayed using a color or shade applied to each intersection according to a scale, per Garr and/or Perez, with said scale being logarithmic, per Ingrassia, would have been obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  

	 
	Regarding claim 7: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, 
	the color or shade is applied to each intersection of a row and a time period according to an exponential scale, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Garr teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also [0032] and Fig. 4: 75, which shows a color bar that corresponds to a linear color scale, ranging from -1.0 to + 1.0, with associated variations in color. 
	Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods).
	However, Garr does not teach applying the color or shade according to an exponential scale. Ingrassia teaches that, for heatmaps, an exponential color scale is known (see [0013], the kernel distance decay function for a heatmap (see e.g. [0008] and [00012], can be based on an exponential formula). 
	Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).  Modifying the indicators of Perez to be displayed using a color or shade applied to each intersection according to a scale, per Garr and/or Perez, with said scale being exponential, per Ingrassia, would have been obvious and predictable to one of ordinary skill in the art. 
.  



Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Carasso in view of Perez and Garr, and further in view of: Dowd (U.S. Patent Application Publication No. 2002/0078131 A1) (cited in Applicant’s IDS of 9/6/2016). 

	Regarding claim 8: 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of same, to have included: the method of claim 1, wherein each indicator among the plurality of indicators is an absolute or relative indication of the number of time stamped, searchable events and is displayed using a color or shade, the color or shade is applied to each intersection according to a linear scale, 
	the color or shade is applied to each intersection of a row and a time period according to a rank assigned to that intersection based on a corresponding number of events, and the results of the modification would have been predictable to one of ordinary skill in the art as of the effective filing date of the claimed invention.  See MPEP §2143(A).   
	Garr teaches using color or shade as an absolute or relative indication of data in a graph or chart (see claim 9, which teaches using a heatmap timeline display, where the data values are represented by symbols that include hue, saturation and/or value of color, and/or pattern and/or shading). See also [0032] and Fig. 4: 75, which shows a color bar that corresponds to a linear color scale, ranging from -1.0 to + 1.0, with associated variations in color. 
	Garr also teaches applying color or shade to intersections of rows and a time period (see Fig. 2 top columns, time period is hours, colors applied to intersections of rows and time periods).
	However, Garr does not teach applying the color or shade according to a rank assigned based on a corresponding number of events. 
	Dowd teaches that applying a graduated color scheme to data, wherein the graduated color scheme corresponds to a ranking of importance, is known (see claim 5).  This corresponds to a teaching of: the color or shade is applied according to a rank assigned based on a corresponding number of events (i.e. applied to intersections, as per Perez). 
	Perez also teaches displaying indicators using a color or shade (see Fig. 2: 220), wherein each indicator is an absolute or relative indication of the number of time stamped, searchable events (paras. 26-29 and Fig. 2).  Modifying the indicators of Perez (see Fig. 2) to be displayed using a color or shade applied to each intersection according to a scale, per Garr and or Perez, whereby the color or shade is applied according to a rank, per Dowd, based on a corresponding number of events, i.e. message events, as per Perez, would have been obvious and predictable to one of ordinary skill in the art. 
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


Claims 11, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Carasso in view of Perez and Garr, and further in view of: Cardno (U.S. Patent Application Publication No. 2011/0261049 A1). 

	Regarding claim 11: 
	The applied references to claim 1 do not proactively teach claim 11. 
	In analogous art, Cardno teaches that it is known in data visualization systems to have a predictive modeling interface to assist users in analyzing forecasted outcomes in 'what if' analysis ([0176]).  As per Cardno, forecasts are used to predict future events and provide estimates for missing data ([0231]). See [1200], which describes a visualization where supplemental information has been added to predict how data is changing (the supplemental information conveys predicted data based on current and historical data, and how those correlated with each other). Cardno also teaches that expansion of data sets (i.e. expansion by adding predicted values) can be done by extrapolation ([0474] and [0481]). Finally, Cardno teaches graphical representations of data (see e.g. claim 539), such as plots (see Figs. 11A-11E, for example). 
	It would have been obvious for one of ordinary skill in the art to have further modified the applied references, in view of Cardno, to have obtained: 
	the method of claim 1, further comprising: predicting what a plot of a number of events having a specified value for the particular field would look like for future time periods based on extrapolating from an actual number of events for previous time periods; and
	causing display of a graphical representation of a plot based on the predicting.  Basically, to have applied the teachings of Cardno to the data as described by Carasso and/or Perez, to display a graphical representation of a plot based on predicting, the graphical representation, plot and predicting all taught by Cardno.  
	One of ordinary skill in the art could have combined the elements as claimed by known methods, and in that combination, each element merely performs the same function as it does separately.  One of ordinary skill in the art would have also recognized that the results of the combination were predictable.  


	Regarding claim 17: please see above regarding claim 11. 
	Claim 17 recites features, which are substantially similar to those of claim 11. Thus, the above rationale for rejecting claim 11 equally applies to claim 17. 


	Regarding claim 19: please see above regarding claim 11. 
	Claim 19 recites features, which are substantially similar to those of claim 11. Thus, the above rationale for rejecting claim 11 equally applies to claim 19. 


Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Carasso in view of Perez and Garr, and further in view of: Sukhenko (U.S. Patent Application Publication No. 2011/0289475 A1) (cited in Applicant’s IDS of 9/6/2016). 

	Regarding claim 15: 
	The applied references to claim 1 do not proactively teach claim 15. 
	In analogous art, Sukhenko teaches: the method of claim 1, further comprising: reordering the plurality of rows based on a drag and drop gesture received from a user input device (see e.g. claim 1, which teaches that a plurality of rows can be reordered based on a drag and drop gesture received from a user input device, such as [0036], a mouse, trackball, touch pad, or touch screen). 
	It would have been obvious for one of ordinary skill in the art  as of the effective filing date of Applicant’s claims to have further modified the applied references, in view of Sukhenko, to have obtained claim 15. 
	The motivation would be to increase functionality with a dataset. 



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Sarah Lhymn whose telephone number is (571)270-0632.  The examiner can normally be reached on M-F, 8:00 AM to 6:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Xiao Wu can be reached on 571-272-7761.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


Sarah Lhymn
Examiner
Art Unit 2613




/Sarah Lhymn/Primary Examiner, Art Unit 2613