DETAILED ACTION

1.  Claims 1-20 are presented for examination.

2.  The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed.

3.  The applicant’s Specification (page 1 of 25 (paragraph [0002])) must be updated with corresponding United States Patent Numbers and/or United States Patent Application numbers.

4.  The applicant should use this period for response to thoroughly and very closely proof read and review the whole of the application for correct correlation between reference numerals in the textual portion of the Specification and Drawings along with any minor spelling errors, general typographical errors, accuracy, assurance of proper use for Trademarks ™, and other legal symbols ®, where required, an Abstract on a clean page (i.e., no Titles, Attorney information, line numbers, page numbers, exc… (37 CFR 1.72(b)) just a heading “ABSTRACT” and a paragraph less than 150 words), and clarity of meaning in the Specification, Drawings, and specifically the claims (i.e., provide proper antecedent basis for “the” and “said” within each claim) with each claim increasing in numerical order and ending in a period {if amended}.  Minor typographical errors could render a Patent unenforceable and so the applicant is strongly encouraged to aid in this endeavor.

5.  A non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Van Ornam, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); and In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993), In re Berg 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998), 195 F.3d 1322, 1326, 52 USPQ2d (Fed. Cir. 1999), Eli Lilly CAFC on petition for rehearing En Banc (58 USPQ2d 1869).

6.  A timely filed terminal disclaimer in compliance with 37 C.F.R. 1.321 (c) may be used to overcome an actual or provisional rejection based on a non-statutory based double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application. See 37 C.F.R. 1.130(b).  Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 C.F.R. 3.73(b).

7.  Claims 1-3 and 6-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claim 1, claims 5-9, and claims 11-20 of United States 

8.  Per the following; the claims of this application are on the left map to the claims of United States Patent US 10,855,707 B2 are on the right below:

1.    A computer-implemented method for enabling automated log analysis with controllable resource requirements, comprising:
generating, by a processor operatively coupled to a memory, a training set for log pattern learning based on heterogeneous logs generated by a computer system;
implementing, by the processor, an incremental learning process to generate a set of log patterns from the training set, wherein implementing the incremental learning process comprises:





defining a first set as the training set, a second set as a set of log patterns that have been generated, and a third set as a set of logs of the training set that lack a matching pattern in the second set;


sampling the third set to generate a fourth set having a size corresponding to a parameter controlling a maximum resource requirement for the incremental learning process; and

performing automatic log pattern recognition to generate a fifth set; 

parsing, by the processor, the heterogeneous logs using the set of log patterns; and applying, by the processor, a set of applications to the parsed logs.









define a first set as the training set, a second set as a set of log patterns that have been generated, and a third set as a set of logs of the training set that lack a matching pattern in the second set; 

sample the third set to generate a fourth set, wherein the fourth set has a size corresponding to a parameter controlling a maximum resource requirement for the incremental learning process; 


perform automatic log pattern recognition to generate a fifth set; and perform a log filtering process based on the fifth set.

Claim 1 above and claim 7 as shown below:

3.    The method as recited in claim 1, wherein performing the automatic log pattern recognition further comprises:
tokenizing logs of the fourth set to generate tokens from the logs of the fourth set; 
applying a similarity measurement on the logs to capture similarities among the logs of the fourth set;
implementing a hierarchical clustering algorithm to generate a log cluster hierarchy for the logs of the fourth set;
aligning the logs of the fourth set within each cluster associated with a given level of the log cluster hierarchy;
conducting log motif discovery on the aligned logs to find log motifs; and 
performing pattern recognition from the log motifs by recognizing one or more log fields.

6.    The method as recited in claim 1, further comprising performing, by the processor, a log filtering process based on the fifth set.
7.    The method as recited in claim 6, wherein performing the log filter process comprises determining if the fifth set is empty.
8.    The method as recited in claim 7, wherein, in response to determining that the fifth set is empty, performing the log filtering process further comprises:
updating the third set by subtracting the fourth set from the third set; in response to 
in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set.

9.    The method as recited in claim 7, wherein, in response to determining that the fifth set includes at least one log pattern, performing the log filtering process further comprises:
updating the second set by adding the fifth set to the second set;
updating the third set with logs identified in the third set that lack a matching pattern in the second set;
in response to determining that the updated third set is empty, outputting the updated second set; and
in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set.

10.    The method as recited in claim 9, further comprising using a log parser to identify the logs in the third set that lack a matching pattern in the second set.

11.    The method as recited in claim 1, wherein the set of applications include a log-based fault 


12.    The method as recited in claim 1, wherein each pattern of the set of log patterns is in terms of regular expression.
Per claims 13-20, these claims do not teach or define as indicated above and are also rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims indicated above right.

7. The security system as recited in claim 1, wherein, in performing the automatic log pattern recognition, the at least one hardware processor of the security log analysis service is further configured to: tokenize logs of the fourth set to generate tokens from the logs of the fourth set; 
apply a similarity measurement on the logs to capture similarities among the logs of the fourth set; 
implement a hierarchical clustering algorithm to generate a log cluster hierarchy for the logs of the fourth set; 
align the logs of the fourth set within each cluster associated with a given level of the log cluster hierarchy; 
conduct log motif discovery on the aligned logs to find log motifs; and 
perform pattern recognition from the log motifs by recognizing one or more log fields. 
8. The security system as recited in claim 1, wherein, in performing the log filtering process, the security log analysis service is further configured to: determine if the fifth set is empty;

in response to determining that the fifth set is empty;

update the third set by subtracting the fourth set from the third set; in response to 
in response to determining that the updated third set includes at least one log, update the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set; and

in response to determining that the fifth set includes at least one log pattern: 

update the second set by adding the fifth set to the second set; 
update the third set with logs identified in the third set that lack a matching pattern in the second set;
in response to determining that the updated third set is empty, output the updated second set; and 
in response to determining that the updated third set includes at least one log, update the fourth set by sampling the updated third set, and update the fifth set by performing automatic pattern recognition using the updated fourth set. 

9. The security system as recited in claim 8, wherein the security log analysis service is further configured to use a log parser to identify the logs in the third set that lack a matching pattern in the second set.
11. The security system as recited in claim 1, wherein the one or more security applications include a log-based fault management 


6. The security system as recited in claim 1, wherein each pattern of the set of log patterns is in terms of regular expression. 
Per claims 12-20, these claims do not teach or define as indicated above and also map to the claims on the left as shown above.


9.  Claims 1-3, claims 6-10 and claims 13-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-4 of United States Patent US 10,567,409 B2. Although the conflicting claims are not identical, they are not patentably distinct from each other because the United States Patent claims(s) contain every element of the instant application and as such is encompassed by the claims of this instant application. Claims 1-3, claims 6-10, and claims 13-20 of the instant application therefore is/are not patently distinct from the earlier United States Patent claim(s) and as such is/are unpatentable over obvious-type double patenting.  A later patent/application claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim.  A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim (see In re Longi, 759 F.2d at 896,225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus); ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001); (Cf., Titanium Metals Corp. v. Banner, 778 F.2d 775, 227 USPQ 773 (Fed. Cir. 1985)); and In re Van Ornum, 686 F.2d 937, 944, 214 USPQ 761, 767 (CCPA 1982); In re Goodman (CAFC) 29 USPQ2d 2010 (12/3/1993)).

10.  Per the following; the claims of this application are on the left map to the claims of United States Patent US 10,567,409 B2 are on the right below:

1.    A computer-implemented method for enabling automated log analysis 
generating, by a processor operatively coupled to a memory, a training set for log pattern learning based on heterogeneous logs generated by a computer system;
implementing, by the processor, an incremental learning process to generate a set of log patterns from the training set, wherein implementing the incremental learning process comprises:


defining a first set as the training set, a second set as a set of log patterns that have been generated, and a third set as a set of logs of the training set that lack a matching pattern in the second set;
sampling the third set to generate a fourth set having a size corresponding to a parameter controlling a maximum resource requirement for the incremental learning process; and
performing automatic log pattern recognition to generate a fifth set; 


parsing, by the processor, the heterogeneous logs using the set of log patterns; and applying, by the processor, a set of applications to the parsed logs.


3.    The method as recited in claim 1, wherein performing the automatic log pattern recognition further comprises:
tokenizing logs of the fourth set to generate tokens from the logs of the fourth set; 
applying a similarity measurement on the logs to capture similarities among the logs of the fourth set;
implementing a hierarchical clustering algorithm to generate a log cluster hierarchy for the logs of the fourth set;

aligning the logs of the fourth set within each cluster associated with a given level of the log cluster hierarchy;
conducting log motif discovery on the aligned logs to find log motifs; and 
performing pattern recognition from the log motifs by recognizing one or more log fields.
6.    The method as recited in claim 1, further comprising performing, by the processor, a log filtering process based on the fifth set.
7.    The method as recited in claim 6, wherein performing the log filter process comprises determining if the fifth set is empty.

8.    The method as recited in claim 7, wherein, in response to determining that the fifth set is empty, performing the log filtering process further comprises:

in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set.

9.    The method as recited in claim 7, wherein, in response to determining that the fifth set includes at least one log pattern, performing the log filtering process further comprises:
updating the second set by adding the fifth set to the second set;
 updating the third set with logs identified in the third set that lack a matching pattern in the second set;

in response to determining that the updated third set is empty, outputting the updated second set; and
in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set.
10.    The method as recited in claim 9, further comprising using a log parser to identify the logs in the third set that lack a matching pattern in the second set.




defining a first set as the training set, a second set as a set of log patterns that have been generated, and a third set as a set of logs of the training set that lack a matching pattern in the second set; 

sampling the third set to generate a fourth set having a size corresponding to a parameter controlling a maximum resource requirement for the incremental learning process; 

performing automatic log pattern recognition to generate a fifth set; and 

performing a log filtering process based on the fifth set. 


See claim 1 above and claim 4: The computer program product as recited in claim 3, further comprising using a log parser to identify the logs in the third set that lack a matching pattern in the second set.






2. The computer program product as recited in claim 1, wherein performing the automatic log pattern recognition further comprises: 

tokenizing logs of the fourth set to generate tokens from the logs of the fourth set; 

applying a similarity measurement on the logs to capture similarities among the logs of the fourth set; 

implementing a hierarchical clustering algorithm to generate a log cluster hierarchy for the logs of the fourth set; 

aligning the logs of the fourth set within each cluster associated with a given level of the log cluster hierarchy; 

conducting log motif discovery on the aligned logs to find log motifs; and 

performing pattern recognition from the log motifs by recognizing one or more log fields. 

See end of claim 1 above “performing a log filtering process based on the fifth set.”


3. The computer program product as recited in claim 1, wherein performing the log filtering process further comprises: determining if the fifth set is empty; 


in response to determining that the fifth set is empty: 




in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set; and 


in response to determining that the fifth set includes at least one log pattern: 



updating the second set by adding the fifth set to the second set; 

updating the third set with logs identified in the third set that lack a matching pattern in the second set; 

in response to determining that the updated third set is empty, outputting the updated second set; and 

in response to determining that the updated third set includes at least one log, updating the fourth set by sampling the updated third set, and updating the fifth set by performing automatic pattern recognition using the updated fourth set.

4. The computer program product as recited in claim 3, further comprising using a log parser to identify the logs in the third set that lack a matching pattern in the second set.



See claims 1-4 above.


11.  The other evidence of record, indicated on FORM PTO-892, but not relied upon in the above rejections, taught of analyzing logs for system training.

12.  In light of the whole of the specification (including drawings), claims 1-20 are allowable over the evidence of record since the evidence of record fails to teach or remotely suggest the invention as currently defined in the whole of each of the claims 1-20.  However, claim 4 and claim 5 stand objected to as allowable claims dependent on a rejected parent claim.

13.  A shortened statutory period for response to this action is set to expire 3 (three) months and 0 (zero) days from the mailing date of this letter, which may be extended.  Failure to respond within the period for response will cause the application to become abandoned (see MPEP 710.02, 710.02(b)).

14.  Any inquiry concerning this communication or earlier communications from the examiner should be directed to Robert B. Harrell whose telephone number is (571) 272-3895.  The examiner can normally be reached Monday to Friday, from 5:30 am to 11:30 am (Eastern Standard Time).

15.  If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, William G. Trost, can be reached at (571) 272-7872.  The fax phone number for all papers is (571) 273-8300.

16.  Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the Group receptionist whose telephone number is (703) 305-9600.

17.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/ROBERT B HARRELL/
   Primary Examiner
     Art Unit 2442