DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
In response to communications filed on 22 February 2021, claims 1-19 are presently pending in the application, of which, claims 1 and 16 are presented in independent form. The Examiner acknowledges amended claims 1, 4, 12, 13, and 16 and newly added claims 17-19. No claims were cancelled. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 22 February 2021 has been entered.
 
Priority
The Examiner acknowledges the instant application is a continuation of U.S. Patent Application No. 15/465,727 (now issued as U.S. 10,055,481), filed 22 March 

Response to Remarks/Arguments
All objections and/or rejections issued in the previous Office Action, mailed 29 April 2020, have been withdrawn, unless otherwise noted in this Office Action.

Applicant’s arguments with respect to claims 1-19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-14 and16 are rejected under 35 U.S.C. 103 as being unpatentable over Luff, Robert (U.S. 2010/015926 and known hereinafter as Luff) in view of Hsiao, Fang, et al (U.S. 2015/0293954 and known hereinafter as Hsiao) and in further view of Beller, Charles, et al (U.S. 2018/0011838 and known hereinafter as Beller).

As per claim 1, Luff teaches a system for alerting based on system event classification, comprising: 
a memory (e.g. Luff, see Figure 9, item 918, discloses random access memory); 
a network interface (e.g. Luff, see Figure 9, item 924, discloses interface); and 
a processor (e.g. Luff, see Figure 9, item 924, discloses a processor) configured to execute a code for: 
monitoring a plurality of system events (e.g. Luff, see paragraph [0018], discloses monitor and analyze events on wireless devices.) received via the network interface (e.g. Luff, see paragraph [0022], discloses a communication interface);
accessing a plurality of online publicly available knowledge bases to collect information about said plurality of system events (e.g. Luff, see paragraph [0043-0050], which discloses metering, collection, and allocation system is configured to meter event information on wireless devices, transmit the metered information to a central collection and processing system. See further paragraph [0063], which discloses the application adapters included within the metering component are configured to monitor the corresponding application without causing a deviation or degradation of performance.), said plurality of publicly available knowledge bases include at least one member of a group consisting of Wiki sites, topic specific communities, Questions and Answers (Q&A) pages, source code sites, product documentation, system guides, system manuals and public expert systems (e.g. ; 
extracting, from the information, labeling data indicative of urgency of each of said plurality of system events (e.g. Luff, see paragraph [0051-0053], which discloses a data analyzer may analyze (e.g. extract) the order of event logs that extracts from the event logs data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.), by identifying mentioning of said extracted textual items in said information collected from at least some of the said plurality of online publicly available knowledge bases; and 
executing a code for generating alerts according to the decision rule structures (e.g. Luff, see paragraph [0100-0101], which discloses collection of events corresponding to the application and compiled by the wireless network resource.). 
Li does not explicitly disclose formulating decision rule structures for identification of an urgency level of each of said plurality of system events based on the labeling data.
Hsiao teaches formulating decision rule structures for identification of an urgency level of each of said plurality of system events by allocating a score to each of the extracted textual items, based on the labeling data (e.g. Hsiao, see paragraphs [0131-0132], discloses a dashboard that displays a plurality of system events based on notable events, where notable events are associated with an urgency value to identify the severity of the notable event and allows a user to view and act (e.g. formulating decision rule structures) on the notable events, based on (1) single event high importance or (2) multiple events that collectively warrant review, etc., are instances of a decision rule structure.).

The modified teachings of Luff with Hsiao does not explicitly teach analyzing textual content of log events recording said plurality of system events to extract, for each of said plurality of system events, textual items included in said textual content, describing event features of a respective system event.
Beller teaches analyzing textual content of log events recording said plurality of system events to extract (e.g. Beller, see paragraphs [0034, 0058], which discloses query results (e.g. log events) include an extraction module which extracts a portion of the corpus of data/information matching the criteria of the particular query.), for each of said plurality of system events, textual items included in said textual content, describing event features of a respective system event (e.g. Beller, see paragraphs [0034, 0058], which discloses query results (e.g. log events) include an extraction module which extracts a portion of the corpus of data/information matching the criteria of the particular query. The extractions of the event may be flagged as “candidate answers” for the respective log event, where a scoring module is applied to the “candidate answer” to determine the likelihood that the answer provided is correct.).
Luff is directed to system and methods to monitor and analyze events on wireless devices. Hsiao is directed to generating and managing event streams generated from captured network data. Beller is directed to generating semantic 

As per claim 16, Luff teaches a method for classification of events, the method comprising: 
receiving, by a processor, from a user interface, a user query about a system event, using a query interface of said user interface (e.g. Luff, see paragraph [0040], which disclose the collection system sends a request or query to the wireless devices.); 
monitoring, by a processor, user behavior associated with a plurality of previous queries, in relation to the user interface (e.g. Luff, see paragraph [0018], discloses monitor and analyze events on wireless devices.);
accessing a plurality of publicly available knowledge bases to collect information about said plurality of system events (e.g. Luff, see paragraph [0043-0050], which discloses metering, collection, and allocation system is configured to meter event information on wireless devices, transmit the metered information to a central collection and processing system. See further paragraph [0063], which discloses the application adapters included within the metering component are configured to monitor the corresponding application without causing a deviation or degradation of performance.), said plurality of publicly available knowledge bases include at least one member of a group consisting of Wiki sites, topic specific communities, Questions and Answers (Q&A) pages, source code sites, product documentation, system guides, system manuals and public expert systems (e.g. ; 
extracting, from the information, labeling data indicative of urgency of each of said plurality of system events (e.g. Luff, see paragraph [0051-0053], which discloses a data analyzer may analyze (e.g. extract) the order of event logs that extracts from the event logs data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.); and 
executing a code for generating alerts according to the decision rule structures (e.g. Luff, see paragraph [0100-0101], which discloses collection of events corresponding to the application and compiled by the wireless network resource.). 
Li does not explicitly disclose formulating decision rule structures for identification of an urgency level of each of said plurality of system events based on the labeling data.
Hsiao teaches formulating decision rule structures for identification of an urgency level of each of said plurality of system events by allocating a score to each of the extracted textual items, based on the labeling data (e.g. Hsiao, see paragraphs [0131-0132], discloses a dashboard that displays a plurality of system events based on notable events, where notable events are associated with an urgency value to identify the severity of the notable event and allows a user to view and act (e.g. formulating decision rule structures) on the notable events, based on (1) single event high importance or (2) multiple events that collectively warrant review, etc., are instances of a decision rule structure.).
Luff is directed to system and methods to monitor and analyze events on wireless devices. Hsiao is directed to generating and managing event streams generated from captured network data. Both are analogous art, because they are directed to events based in event logs and therefore it would have been obvious to one 
The modified teachings of Luff with Hsiao does not explicitly teach analyzing textual content of log events recording said plurality of system events to extract, for each of said plurality of system events, textual items included in said textual content, describing event features of a respective system event.
Beller teaches analyzing textual content of log events recording said plurality of system events to extract (e.g. Beller, see paragraphs [0034, 0058], which discloses query results (e.g. log events) include an extraction module which extracts a portion of the corpus of data/information matching the criteria of the particular query.), for each of said plurality of system events, textual items included in said textual content, describing event features of a respective system event (e.g. Beller, see paragraphs [0034, 0058], which discloses query results (e.g. log events) include an extraction module which extracts a portion of the corpus of data/information matching the criteria of the particular query. The extractions of the event may be flagged as “candidate answers” for the respective log event, where a scoring module is applied to the “candidate answer” to determine the likelihood that the answer provided is correct.).
Luff is directed to system and methods to monitor and analyze events on wireless devices. Hsiao is directed to generating and managing event streams generated from captured network data. Beller is directed to generating semantic variants of the natural language expressions. All are analogous art, because they are directed to events based in event logs and therefore it would have been obvious to one of ordinary skilled in the art at the time the invention was filed to modify the teachings of 

As per claim 2, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the labeling data comprises at least one of data about stability, data about criticality, data about failure imminent, data about a denial-of-service attack, data about threats detected, data about anomalies detected, data about business impact, and data about relevance (e.g. Hsiao, see paragraphs [0131-0132], discloses a dashboard that displays a plurality of system events based on notable events, where notable events are associated with an urgency value to identify the severity of the notable event and allows a user to view and act (e.g. formulating decision rule structures) on the notable events, based on (1) single event high importance or (2) multiple events that collectively warrant review, etc., are instances of a decision rule structure.). 

As per claim 3, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein a signature-less self learning system is used for formulating the decision rule structures (e.g. Hsiao, see paragraphs [0131-0132], discloses a dashboard that displays a plurality of system events based on notable events, where notable events are associated with an urgency value to identify the severity of the notable event and allows a user to view and act (e.g. formulating decision rule structures) on the notable events, based on (1) single event high importance or (2) multiple events that collectively warrant review, etc., are instances of a decision rule structure.). 

As per claim 4, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the plurality of system events are classified according to their locations in log events (e.g. Luff, see paragraphs [0051-0053], which discloses a data analyzer may analyze (extract) the order of event logs that extracts from the event log data pertaining to an event, where the . 

As per claim 5, the modified teachings of Luff with Hsaio teaches the system of claim 1, further comprising a user interface configured to receive user feedback about the plurality of system events, wherein said labeling data comprises data extracted from the user feedback (e.g. Luff, see paragraphs [0051-0053], which discloses a data analyzer may analyze (extract) the order of event logs that extracts from the event log data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.). 

As per claim 6, the modified teachings of Luff with Hsaio teaches the system of claim 5, wherein the processor is configured to execute code for building a user profile based on the feedback an utilizing the user profile to enhance the labeling data extraction (e.g. Luff, see paragraphs [0051-0053], which discloses a data analyzer may analyze (extract) the order of event logs that extracts from the event log data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.). 

As per claim 7, the modified teachings of Luff with Hsaio teaches the system of claim 1, further comprising a query interface to receive user queries about the plurality of system events and to extract the respective labeling data for responding the user queries (e.g. Luff, see paragraphs [0051-0053], which discloses a data analyzer may analyze (extract) the order of event logs that extracts from the event log data pertaining to an event, where the data . 

As per claim 8, the modified teachings of Luff with Hsaio teaches the system of claim 1, further comprising a solution database configured to store a plurality of formulated solution lists each in association with one of the plurality of system events (e.g. Luff, see paragraph [0052-0054], discloses data analyzer monitors usage behavior.); 
wherein the processor is further configured to receive user queries about at least one of the plurality of system events and to provide at least one associated solution list from the plurality of system in response to the user queries (e.g. Luff, see paragraph [0018], discloses collecting event metering information associated with a wireless device (e.g. web resource).). 

As per claim 9, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the processor is further configured to extract from the labeling data a user behavior monitored by a user service engine and to perform the formulating according to the user behavior (e.g. Luff, see paragraphs [0053-0055], discloses the data analyzer analyzes based on trends of panel members (e.g. users).). 

As per claim 10, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the processor is further configured to execute a translator to translate the plurality of system events to computable machine data for the extraction of the labeling data (e.g. Luff, see paragraphs [0054-0057], discloses a cluster of event logs organized in a particular manner.).  

(e.g. Luff, see paragraphs [0054-0057], discloses a cluster of event logs organized in a particular manner.). 

As per claim 12, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the labeling data comprises clusters of events, wherein each cluster has a corresponding label (e.g. Luff, see paragraphs [0054-0057], discloses a cluster of event logs organized in a particular manner.); 
wherein at least one of the plurality of system events belongs to more than one cluster (e.g. Luff, see paragraphs [0054-0057], discloses a cluster of event logs organized in a particular manner.). 

As per claim 13, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the processor is configured to store the plurality of system events in an event log along with a respective time stamp (e.g. Luff, see paragraph [0100-0101], which discloses collection of events corresponding to the application and compiled by the wireless network resource.). 

As per claim 14, the modified teachings of Luff with Hsaio teaches the system of claim 1, wherein the processor is further configured to classify the collected information (e.g. Luff, see paragraph [0051-0053], which discloses a data analyzer may analyze (e.g. extract) the order of event logs that extracts from the event logs data pertaining to an event, where the data analyzer . 

As per claim 17, the modified teachings of Luff with Hsaio and Beller teaches the system of claim 1, wherein said collected information about said plurality of system events is selected from a group consisting of pattern matching for reserved words, recognizable product names, recognizable severity and combination of words and/or phrases that have been learned to be of significance (e.g. Luff, see paragraph [0051-0053], which discloses a data analyzer may analyze (e.g. extract) the order of event logs that extracts from the event logs data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.).

As per claim 18, the modified teachings of Luff with Hsaio and Beller teaches the system of claim 1, wherein said textual items include at least one member of a group consisting of an error, a warning and a notice, and wherein each of said at least one member of said group is allocated with a different score (e.g. Luff, see paragraph [0051-0053], which discloses a data analyzer may analyze (e.g. extract) the order of event logs that extracts from the event logs data pertaining to an event, where the data analyzer extracts the relationship between the event type and wireless network resource usage and then provides metadata tags to produce reports.).

As per claim 19, the modified teachings of Luff with Hsaio and Beller teaches the system of claim 1, wherein for textual content of a certain log event comprising a plurality of textual items, said decision rule structures are formulated by calculating a cumulative score of the extracted textual items of the certain log event (e.g. Luff, see .

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Luff, Robert (U.S. 2010/015926 and known hereinafter as Luff) in view of Hsiao, Fang, et al (U.S. 2015/0293954 and known hereinafter as Hsiao) and in further view of Beller, Charles, et al (U.S. 2018/0011838 and known hereinafter as Beller) and in further view of Gross, Daniel, et al (U.S. 2016/0360336 and known hereinafter as Gross).
As per claim 15, the modified teachings of Luff with Hsiao and Beller teaches the system of claim 1, however it does not explicitly disclose wherein said extracting is performed using natural language processing (NLP). 
Gross teaches wherein said extracting is performed using natural language processing (NLP) (e.g. Gross, see paragraph [0139, 0159-0160] discloses using NLP to collect and analyze information from a knowledge base.).
Luff is directed to system and methods to monitor and analyze events on wireless devices. Hsiao is directed to generating and managing event streams generated from captured network data. Beller is directed to generating semantic variants of the natural language expressions. Gross is directed to system and methods for proactively identifying relevant content. All are analogous art, because they are directed to events based in event logs and therefore it would have been obvious to one of ordinary skilled in the art at the time the invention was filed to modify the teachings of Luff with the teachings of Hsiao and Beller and with the further teachings of Gross to .
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. See attached PTO-892 that includes additional prior art of record describing the general state of the art in which the invention is directed to.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FARHAN M SYED whose telephone number is (571)272-7191.  The examiner can normally be reached on M-F 8:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on 571-270-1760.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  




/FARHAN M SYED/Primary Examiner, Art Unit 2165                                                                                                                                                                                                        May 21, 2021