DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Amendment

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given by Attorney Cameron Gale on 6/3/2021.

Claims 1, 11, and 21 are amended.

1.	(Amended) A system for processing network flow monitoring data comprising:
a data collection input coupled to at least one incoming data stream of network monitoring messages; and
a data processing segment comprising:
a load balancing operator coupled to the data collection input, the load balancing operator operable to distribute the network monitoring messages, for processing, amongst a plurality of downstream collector processing sub-units coupled to the load balancing operator, wherein the load balancing operator is configured to distribute the network monitoring messages based on a performance of one or more of the plurality of collector processing sub-units;
a data processing sequence that includes:

a plurality of parser sub-units coupled to the plurality of collector processing sub-units, each parser sub-unit operable to receive the network flow records from one of the collector processing sub-units and to generate parsed network flow records by converting the received network flow records from the first format to a second format; [[and]]
a combiner operator coupled to the plurality of parser sub-units, wherein the combiner operator is operable to combine the parsed network flow records from the plurality of parser sub-units into a synchronous output data stream; and
a data processing sub-unit configured to generate a profile store utilizing graphs, wherein the profiles from the profile store may be analyzed by either detection applications or machine learning, wherein the result of the analysis may be utilized for at least one of correlating applications, interacting with dashboards, or facilitating remedial network actions;
wherein 
the plurality of parser sub-units are directly connected to the plurality of collector processing sub-units within the data processing sequence;
the plurality of parser sub-units are directly connected to the combiner operator;
the plurality of collector processing sub-units are directly connected to the load balancing operator; and

11.	(Amended) A method of processing network flow monitoring data, the method comprising:
receiving at least one incoming data stream of network monitoring messages;
directing the network monitoring messages to a data processing segment comprising a load balancing operator, a data processing sequence that includes a plurality of collector processing sub-units and a plurality of parser sub-units, and a combiner operator, wherein the plurality of parser sub-units are directly connected to the plurality of collector processing sub-units, the plurality of parser sub-units are directly connected to the combiner operator, and the plurality of collector processing sub-units are directly connected to the load balancing operator such that data flows through the data processing segment sequentially from the load balancing operator to the plurality of collector processing sub-units to the plurality of parser sub-units to the combiner operator;
distributing by the load balancing operator, for processing, the network monitoring messages amongst the plurality of collector processing sub-units based on a performance of one or more of the plurality of collector processing sub-units;
generating, by the plurality of collector processing sub-units, network flow records from the received network monitoring messages, wherein the network flow records are generated in a first format and the network flow records are generated by augmenting the received network monitoring messages with additional information;
transmitting, by the plurality of collector processing sub-units, the network flow records to a plurality of parser processing sub-units downstream from the collector processing sub-units;

combining, by the combiner operator, the parsed network flow records from the plurality of parser sub-units into a synchronous output data stream; and
generating a profile store utilizing graphs, wherein the profiles from the profile store may be analyzed by either detection applications or machine learning, wherein the result of the analysis may be utilized for at least one of correlating applications, interacting with dashboards, or facilitating remedial network actions.
21.	(Amended) A computer program product comprising a non-transitory computer-readable medium having computer-executable instructions stored therein, the computer-executable instructions being executable by a processor to configure the processor to perform a method of processing network flow monitoring data, wherein the method comprises:
receiving at least one incoming data stream of network monitoring messages;
directing the network monitoring messages to a data processing segment comprising a load balancing operator, a data processing sequence that includes a plurality of collector processing sub-units and a plurality of parser sub-units, and a combiner operator, wherein the plurality of parser sub-units are directly connected to the plurality of collector processing sub-units, the plurality of parser sub-units are directly connected to the combiner operator, and the plurality of collector processing sub-units are directly connected to the load balancing operator such that data flows through the data processing segment sequentially from the load balancing operator to the plurality of collector processing sub-units to the plurality of parser sub-units to the combiner operator;
distributing by the load balancing operator, for processing, the network monitoring messages amongst the plurality of collector processing sub-units based on a performance of one or more of the plurality of collector processing sub-units;

transmitting, by the plurality of collector processing sub-units, the network flow records to a plurality of parser processing sub-units downstream from the collector processing sub-units;
generating, by the plurality of parser processing sub-units, parsed network flow records by converting the received network flow records from the first format to a second format; [[and]]
combining, by the combiner operator, the parsed network flow records from the plurality of parser sub-units into a synchronous output data stream; and
generating a profile store utilizing graphs, wherein the profiles from the profile store may be analyzed by either detection applications or machine learning, wherein the result of the analysis may be utilized for at least one of correlating applications, interacting with dashboards, or facilitating remedial network actions.


Allowable Subject Matter

Claims 1 - 21 are allowed. 


Reason for Allowance

The following is an examiner’s statement of reason for allowance: 




Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

 	Any inquiry concerning this communication or earlier communications from the Examiner should be directed to TODD L. BARKER whose telephone number is (571) 270 0257. The Examiner can normally be reached on Monday through Friday, 7:30am to 5:00pm.
	If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's supervisor Vivek Srivastava can be reached on (571) 272 7304.
 	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov.
 Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000

/TODD L BARKER/Primary Examiner, Art Unit 2449