DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is a reply to the amendment filed on 04/06/2021, in which, claim(s) 1-30 are pending. Claim(s) 1, 3, 6, 12-16, 18-20, 25, 26, 28, 29, and 30 are amended. No claim(s) are cancelled or newly added.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 1, 12-16, 29, and 30, have been considered. The objection of claim(s) 1, 12-16, 29, and 30 have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 101:
Applicants’ arguments with respect to claim(s) 29-30 have been fully considered and are persuasive.  The rejection of 35 USC §101 regarding claim(s) 29-30 have been withdrawn in view of the amendment to claim. 

Double Patenting Rejection:
Applicants’ remarks with respect to the non-provisional nonstatutory double patenting rejection over Claims 1-29 of Patent 10,282,455 have been acknowledged.   of Patent 10,282,455 is maintained.

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicants’ arguments, see pages 14-21, filed 04/06/2021, regarding the U.S.C. 102 and 103 rejections of Claims 1-30 have been fully considered and are not persuasive.
Applicants argue that “The cited references fail to teach or suggest "determining a number of events of the plurality of events generated from the raw data from a particular data source… wherein each event of the plurality of events is determined as generated from the raw data at a time…” (Remarks page 15 of 22). 
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees.  Merza teaches the above limitations, e.g. a number of events generated from a particular data source ([0026], and [0085]); and Applicant’s arguments with respect to the new limitation above have been considered but are moot in view of the new ground(s) of rejection.
Applicants then argue that “The cited references fail to teach or suggest "determining one or more metrics related to an amount of raw data ingested, wherein…” (Remarks pages 16 of 19). Furthermore, Applicants argue that “The cited references fail to teach or suggest generating a user interface…” (Remarks pages 17 of 19).
Applicant’s interpretation of the reference has been noted; however, examiner metrics. a standard for measuring or evaluating something, especially one that uses figures or statistics”. Merza teaches determining and displaying of metrics (e.g. [0064], “determining access counts”, [0077], “FIGS. 8A-8D show examples of objects representing access counts”); and Applicant’s arguments with respect to the new limitation above have been considered but are moot in view of the new ground(s) of rejection.
Besides, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Therefore, the rejection is maintained.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1-30 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-29 of Patent 10,282,455.

Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-30 are anticipated by claims 1-29 of Patent 10,282,455.
Patent application No. US 10,282,455 (14/691,475)  
Instant Application No.(16/394,733) 
Claim 1. A method comprising: 

receiving raw data from one or more data sources, the raw data including first raw data received via one or more first devices for a first user account and second raw data received via one or more second devices for a second user account; 
generating a plurality of events from the raw data by parsing the raw data into the plurality of events, each event of the plurality of events including a portion of the raw data, the plurality of events enabling execution of time-based searches across the portions of the raw data included in the plurality of events; 


determining a number of events of the plurality of events that were generated from the raw data during a defined time period by determining a first number of events generated from the first raw data during the defined time period and a second number of events generated 

calculating one or more first metrics related to a first amount of data ingestion based on the determined first number of events generated from the first raw data during the defined time period and one or more second metrics related to a second amount of data ingestion based on the determined second number of events generated from the second raw data during the defined time period; 
generating a user interface that includes a display of the one or more first metrics related to the first amount of data ingestion associated with the first user account, a display of the one or more second metrics related to the second amount of data ingestion associated with the second user account, and a display of a threshold input option to receive a user-specified threshold value related to data ingestion associated with at least the first user account that, when exceeded, results in an alert; and 
causing display of the user interface. 


generating a plurality of events from raw machine data generated by a plurality of data sources in an information technology environment and reflecting activity of the plurality of data sources in the information technology environment, wherein the plurality of events are generated by parsing the raw machine data into the plurality of events, each event of the plurality of events including a portion of the raw machine data and a time value indicating a time when the event is parsed from the raw machine data to identify event data of the event, the plurality of events enabling execution of time-based searches across the portion of the raw machine data included in each event of the plurality of events; 

determining a number of events of the plurality of events generated from the raw machine data from a particular data source of the plurality of data sources, wherein the number of events are generated during a 

determining one or more metrics related to an amount of raw machine data ingested, wherein raw machine data ingestion includes receiving the raw machine data from the particular data source and processing the raw machine data for storage and searching, and wherein the one or more metrics include one or more quantities associated with the number of events generated from the raw machine data from the particular data source during the defined time period; and 

generating a user interface that includes a display of the one or more metrics related to the amount of data ingestion.  





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-4, 6-10, 21-24, 29, and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1).
Regarding Claims 1, 29, and 30, Merza discloses
generating a plurality of events from raw machine data generated by a plurality of data sources in an information technology environment and reflecting activity of the plurality of data sources in the information technology environment ([0026], “security monitoring system 150 can collect data from one or more resources 160, process the data (e.g., internally and/or using one or more resources) to identify events in the (raw) data”, “determine accessed universal resource locators (URLs) based on the events, and count a number of times each URL was accessed”, “online activity of user”), wherein the plurality of events are generated by parsing the raw machine data into the plurality of events, each event of the plurality of events including a portion of the raw machine data ([0051], “Using the schema, an event parser 320 can separate the received data into events. For example, event parser 320 can separate data between particular start and stop tags, or separate data within a table's row, or separate data within particular character numbers in the data”), the plurality of events enabling execution of time-based searches across the portion of the raw machine data included in each event of the plurality of events ([0056], “search engine 340 can retrieve all events having a timestamp within a defined time period”);
determining a number of events of the plurality of events generated from the raw machine data from a particular data source of the plurality of data sources ([0026], “A resource from which data is collected can include, e.g., a server, a router and/or a user device 120”, [0085], “identifies an access count and first and last access times for each source”, “provided by the particular (data) source”), wherein the number of events are generated during a defined time period ([0037], “Events pertaining to a particular analysis can be clustered into a set of events. The set of events can include those, e.g., with a timestamp within a defined absolute or relative time period”) and are associated with a particular user ([0032], “view events pertaining to actions from select users”);
determining one or more metrics related to an amount of raw machine data ingested ([0077], “FIGS. 8A-8D show examples of objects representing access counts and registration times (i.e. one or more metrics). FIG. 8A includes a table, where each row in the table is associated with a domain name. The table lists, for each domain name, a first and last access time.”, “Based on a current time and the registration time, an age of the domain name is determined and represented. The table lists a number of accesses occurring within a time window being analyzed”), wherein raw machine data ingestion includes receiving the raw machine data from the particular data source and processing the raw machine data for storage and searching ([0006], process for storing and using big data”, [0026], “collect data from one or more resources 160, process the data to identify events in the data”, [0031], “A search engine 220 can then retrieve select events”); and 
generating a user interface that includes a display of the one or more metrics related to the amount of data ingestion ([0077], “FIGS. 8A-8D show examples of objects representing access counts (the metric related to the amount of data ingestion)”, i.e. Figures 8A-8D displays the user interface with the metric”).  
Merza does not explicitly teach but Patel teaches
a time value indicating a time when the event is parsed from the raw machine data to identify event data of the event ([0045], “Indexers 121-123 may collect, parse, and store data to facilitate fast and accurate information retrieval…by: separating a data stream into individual, searchable events; creating or identifying timestamps”, i.e. a time value is generated with the parsed events);
a particular user with a user account ([0032], “an end-user account”);
wherein each event of the plurality of events is determined as generated from the raw machine data at the time when the event is parsed from the raw machine data to identify event data of the event ([0045], “Indexers 121-123 may collect, parse, and store data to facilitate fast and accurate information retrieval…by: separating a data stream into individual, searchable events; creating or identifying timestamps”, i.e. a time value is generated with the parsed events to identify event data);

The combined teaching of Merza and Patel does not explicitly teach but Wood teaches wherein the one or more metrics include one or more quantities associated with the number of events generated from the raw machine data from the particular data source during the defined time period ([0054], “a first metric comprises a viewing usage metric. The viewing usage metric measures the number of set top boxes tuned to a particular program for a period of time”, [0056], “Another example of a metric … is to track simultaneous DVR recording and watching usage. This metric measures the number of times consumers are watching one show and recording another”, [0058], “Another example of a metric … is channel changes. The channel changes metric measures the number of times consumers change channels during a 24-hour day”).
Merza, Patel and Wood are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to determine one or more metrics based on the number of events with a user of a particular user account and each event is generated at a time when it is identified and parsed (as the combined 

Regarding Claim 2, the combined teaching of Merza, Patel and Wood teaches storing the plurality of events in an indexed store (Merza, [0030], “stores each event in an appropriate index in an event data store”, i.e. an indexed store).

Regarding Claim 3, the combined teaching of Merza, Patel and Wood teaches receiving the raw machine data generated by the plurality of data sources from the plurality of data sources (Merza, [0026], “collect data from one or more resources 160”).

Regarding Claim 4, the combined teaching of Merza, Patel and Wood teaches causing display of the user interface (Merza, [0077], “FIGS. 8A-8D show examples of objects representing access counts”).

Regarding Claim 6, the combined teaching of Merza, Patel and Wood teaches wherein parsing the raw machine data into the plurality of events further comprises determining event boundaries for the plurality of events (Merza, [0051], “an event parser 320 can separate the received data into events. For example, event separate data between particular start and stop tags”, i.e. determining the boundaries).

Regarding Claim 7, the combined teaching of Merza, Patel and Wood teaches wherein the plurality of events are searchable using a late-binding schema comprising one or more extraction rules for extracting values from the events (Merza, [0051], “using the (late-binding) schema, a field extractor 325 can extract various field values” from the events).

Regarding Claim 8, the combined teaching of Merza, Patel and Wood teaches wherein the defined time period corresponds to one or more days (Merza, [0065], “The time period can include an absolute time period (e.g., Jun. 15, 2013 through Jul. 14, 2013) or a relative time period (e.g., last 30 days)”).

Regarding Claim 9, the combined teaching of Merza, Patel and Wood teaches wherein the defined time period corresponds to one or more seconds (Merza, [0065], “The time period can include an absolute time period (e.g., 60 seconds)”).

Regarding Claim 10, the combined teaching of Merza, Patel and Wood teaches determining an average number of events that were generated over a plurality of time periods (Merza, [0038], “updated for relative (plurality of) time periods”, [0058], “processing can be performed across values, e.g., to determine an average (number of events)”).

Regarding Claim 21, the combined teaching of Merza, Patel and Wood teaches wherein the one or more metrics include the number of events generated during defined period of time (Merza, [0065], “The time period can include an absolute time period (e.g., Jun. 15, 2013 through Jul. 14, 2013)”).

Regarding Claim 22, the combined teaching of Merza, Patel and Wood teaches wherein the one or more metrics include a number of events generated during each of one or more previous periods of time (Merza, [0065], “The time period can include an absolute time period (e.g., Jun. 15, 2013 through Jul. 14, 2013) or a relative time period (e.g., last 30 days)”).

Regarding Claim 23, the combined teaching of Merza, Patel and Wood teaches wherein the one or more metrics include a comparison of a number of events generated during at least two different time periods (Merza, [0085], “FIG. 9 shows an example of an object with expanded detail relating to a selected domain name”, “The detail table identifies an access count and first and last access times for each source”, i.e. compare the number of events for each source for different time periods).

Regarding Claim 24, the combined teaching of Merza, Patel and Wood teaches determining a number of events that are stored in one or more particular indexes of one or more indexes (Merza, [0030], “stores each event in an appropriate (i.e. particular) index in an event data store”).

Claims 5 and 26-27 are rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1) and further in view of Applebaum et al. (US 2008/0301175 A1).
Regarding Claim 5, the combined teaching of Merza, Patel and Wood does not explicitly teach but Applebaum teaches
wherein the plurality of events includes a first set of events associated with a first project and a second set of events associated with a second project (Fig. 1, block 1100 for “Web Page”, block 1110 for “RSS Feed”, block 1120 for “Database”, which could be a first project, a second project, etc., [0027], “As shown in FIG. 1, a plurality of information sources (1100, 1110, 1120, & 1130)”, “place said event objects into appropriate event queues (1200, 1210 & 1220)” as a first number of events (1200), a second number of events (1210)); and 
wherein the user interface displays both a first set of metrics associated with the first project and a second set of metrics associated with the second project ([0211], “allow a user to view event objects currently in the system. Using an exemplary web (user) interface, a user can select one or more views of event” i.e. display both first project and second project, [0213], “By default, event objects are sorted by timestamp. The sort order can be altered to sort event objects by other mechanisms, such as based on parameters (persistent/not persistent, topic specification, producer service that created the event object, etc.), by event queue, by by other means (metrics)”, i.e. based on different metrics).
Merza, Patel and Wood and Applebaum are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Applebaum with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor information events for managing event processing rules for security purposes (Applebaum, [0003], [0080]).

Regarding Claim 26, the combined teaching of Merza, Patel and Wood does not explicitly teach but Applebaum teaches
wherein the raw machine data includes first data received from one or more first devices, and the raw machine data further includes second data received from one or more second devices (Fig. 1, block 1100 for “Web Page”, block 1110 for “RSS Feed”, block 1120 for “Database”, as a first data from first device, a second data from second device, etc., [0027], “As shown in FIG. 1, a plurality of information sources (1100, 1110, 1120, & 1130)”, “place said event objects into appropriate event queues (1200, 1210 & 1220)” as a first number of events (1200), a second number of events (1210), [0181], “distributed across any number of computing systems (as one or more first and second devices), consistent with computing resource restrictions configured into the system to maintain desired partitioning of information and processing”); 
determining a first number of events associated with the one or more first devices generated during a defined time period ([0181], “a particular set of events any number of computing systems (as one or more first devices), consistent with computing resource restrictions configured into the system to maintain desired partitioning of information and processing”); 
determining a second number of events associated with the one or more second devices generated during the defined time period ([0181], “a particular set of events (such as a second number of events (1210) associated with second devices) all occurring within a given period of time”, “distributed across any number of computing systems (as one or more second devices), consistent with computing resource restrictions configured into the system to maintain desired partitioning of information and processing”).
Merza, Patel and Wood and Applebaum are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Applebaum with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor information events for managing event processing rules for security purposes (Applebaum, [0003], [0080]).

Regarding Claim 27, the combined teaching of Merza, Patel and Wood does not explicitly teach but Applebaum teaches
wherein a first number of events is associated with a first project, and a second number of events is associated with a second project (Fig. 1, block 1100 
determining a first number of events associated with the first project generated during a defined time period ([0181], “a particular set of events (such as a first number of events (1200) associated with the first project 1100) all occurring within a given period of time”); 
determining a second number of events associated with the second project generated during the defined time period ([0181], “a particular set of events (such as a second number of events (1210) associated with the second project 1110) all occurring within a given period of time”).
Merza, Patel and Wood and Applebaum are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Applebaum with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor information events for managing event processing rules for security purposes (Applebaum, [0003], [0080]).

Claims 11 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US .
Regarding Claim 11, the combined teaching of Merza, Patel and Wood teaches the number of events of the plurality of events generated during the defined time period (Merza, [0056], “retrieve all events having a timestamp within a defined time period”);
The combined teaching of Merza, Patel and Wood does not explicitly teach determining a fee amount based on the events.
Nguyen teaches determining a fee amount based on the events ([0017], “collect payment from event”, i.e. a fee amount will be determined).
Merza, Patel and Wood, and Nguyen are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nguyen with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to have an appropriate pricing arrangement for data ingestion.

Regarding Claim 17, the combined teaching of Merza, Patel and Wood teaches a peak number of events generated during the defined time period (Merza, [0056], “retrieve all events (i.e. peak number of events) having a timestamp within a defined time period”);
The combined teaching of Merza, Patel and Wood does not explicitly teach determining a fee amount based on the events.
determining a fee amount based on the events ([0017], “collect payment from event”, i.e. a fee amount will be determined).
Merza, Patel and Wood, and Nguyen are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nguyen with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to have an appropriate pricing arrangement for data ingestion.

Regarding Claim 18, the combined teaching of Merza, Patel and Wood teaches a number of devices from which the raw machine data is received (Merza, [0048], “Data intake 305 receives data, e.g., from a data provider, client, or user”, i.e. from a number of devices);
The combined teaching of Merza, Patel and Wood does not explicitly teach determining a fee amount.
Nguyen teaches determining a fee amount ([0017], “collect payment from event”).
Merza, Patel and Wood, and Nguyen are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nguyen with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to have an appropriate pricing arrangement for data ingestion.

Regarding Claim 19, the combined teaching of Merza, Patel and Wood teaches a first number of events generated and a second number of events generated (Merza, [0057], “(a first number of) events having a timestamp within a defined time period”, “(a second number of) events having a first field value (e.g., HTTP method) set to a specified value (e.g., GET)”).
The combined teaching of Merza, Patel and Wood does not explicitly teach determining a fee amount based on the events and a first fee rate, a second fee rate.
Nguyen teaches determining a fee amount based on the events ([0017], “collect payment from event”, i.e. a fee amount will be determined) and a first fee rate, a second fee rate ([0252], “response rate”, [0316], “room rates”).
Merza, Patel and Wood, and Nguyen are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nguyen with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to have an appropriate pricing arrangement for data ingestion.

Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1) and further in view of Vijay et al. (US 2014/0013449 A1).
Regarding Claim 12, the combined teaching of Merza, Patel and Wood does not explicitly teach but Vijay teaches 
comparing the number of events to a licensed amount; in response to determining that the number of events exceeds the licensed amount, storing excess events in a non-searchable index ([0047], “the number of licenses that have been exercised has exceeded the allowed limit”, “deny future requests for rendering of templates in accessible form (as in a non-searchable index) until the number of licenses is increased”).
Merza, Patel and Wood and Vijay are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vijay with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to protect the customer for the software from potential lawsuits because of license misuse (Vijay, [0002]).

Regarding Claim 13, the combined teaching of Merza, Patel and Wood does not explicitly teach but Vijay teaches 
comparing the number of events to a licensed amount; in response to determining that the number of events exceeds the licensed amount, storing excess events in a non-searchable index ([0047], “the number of licenses that have been exercised has exceeded the allowed limit”, “deny future requests for rendering of templates in accessible form (as in a non-searchable index) until the number of licenses is increased”); and
enabling access the indexed events stored in the non-searchable index when additional capacity to increase the licensed amount is purchased ([0047], “the number of licenses that have been exercised has exceeded the allowed limit”, “deny future requests for rendering of templates in accessible form (as in a non-searchable index) until the number of licenses is increased”, i.e. additional license amount is purchased).
Merza, Patel and Wood and Vijay are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vijay with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to protect the customer for the software from potential lawsuits because of license misuse (Vijay, [0002]).

Claims 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1) and further in view of Koehler et al. (US 2014/0379593 A1).
Regarding Claim 14, the combined teaching of Merza, Patel and Wood does not explicitly teach but Koehler teaches 
comparing the number of events to a licensed amount; in response to determining that the number of events exceeds the licensed amount, automatically increasing the licensed amount ([0018], “the customer is allowed to temporarily exceed license entitlements within a defined grace period”, i.e. the licensed amount is automatically increased while the number exceeds the licensed amount).
Merza, Patel and Wood and Koehler are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Koehler with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor the license consumption of a customer (Koehler, Abstract).

Regarding Claim 15, the combined teaching of Merza, Patel and Wood does not explicitly teach but Koehler teaches 
comparing the number of events to a licensed amount; in response to determining that the number of events exceeds the licensed amount, generating an alert ([0033], “Should the customer exceed the entitlements of the given license pool (at 415), the vendor license manager alerts the customer”).
Merza, Patel and Wood and Koehler are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Koehler with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor the license consumption of a customer (Koehler, Abstract).

Regarding Claim 16, the combined teaching of Merza, Patel and Wood does not explicitly teach but Koehler teaches 
comparing the number of events to a licensed amount; in response to determining that the number of events exceeds the licensed amount, sending an alert to a particular user ([0033], “Should the customer exceed the entitlements of the given license pool (at 415), the vendor license manager alerts the customer”).
Merza, Patel and Wood and Koehler are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Koehler with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to monitor the license consumption of a customer (Koehler, Abstract).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1) and further in view of Michael Scheidell (US 2004/0098623 A1).
Regarding Claim 20, the combined teaching of Merza, Patel and Wood teaches receiving the raw machine data from one or more devices (Patel, Figure 1 shows multiple devices; [0027], “client devices 101-106”);
The combined teaching of Merza, Patel and Wood does not explicitly teach wherein the one or more devices are managed by a managed security service provider (MSSP).

wherein the one or more devices are managed by a managed security service provider (MSSP) ([0039], “a Managed Security Service provider”).
Merza, Patel and Wood and Scheidell are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scheidell with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been to detect and protect against security breaches (Scheidell, [0001]).

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Munawar Monzy Merza (US 2013/0318603 A1) in view of Patel et al. (US 2013/0311428 A1) further in view of Wood et al. (US 2007/0074258 A1) and further in view of Patel et al. (US 2012/0239660 A1; hereinafter Patel ‘9660).
Regarding Claim 25, the combined teaching of Merza, Patel and Wood does not explicitly teach wherein the raw machine data is associated with a particular project of a plurality of projects, each project of the plurality of projects having an associated licensed amount of data ingestion.
Patel ‘9660 teaches wherein the raw machine data is associated with a particular project of a plurality of projects, each project of the plurality of projects having an associated licensed amount of data ingestion ([0066], “the data volume capacity of each stack of licenses (of a plurality of projects) is configured for at least one pool of at least one indexer to process the corresponding type of data. Members of a 
Merza, Patel and Wood, and Patel ‘9660 are analogous art as they are in the same field of endeavor of information technology. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Patel ‘9660 with the combined teaching of Merza, Patel and Wood. The motivation/suggestion would have been for enabling data volume and data type based licensing of software in a distributed system (Patel ‘9660, Abstract).

Allowable Subject Matter
Claim 28 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and also overcomes double patenting rejection issued in this office action against claims 1-29 of Patent 10,282,455 by filing a valid eTD.

Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHENG-FENG HUANG/Examiner, Art Unit 2497