EXAMINER’S AMENDMENT
This action is responsive to the following communication: Amendment filed on 8/19/2021.  
The Amendment filed on 8/19/2021 is entered. 
Claims 1-31 are pending.  
Authorization for this examiner's amendment was given in an email by Mr. Jordan Becker on Aug. 31 2021.

Please Amend Claims:
1.	(Currently amended) A computer-implemented method comprising:
	retrieving a plurality of events from a data source in accordance with a selected data subset type of a plurality of defined, user-selectable data subset types, wherein the selected data subset type is a combination of at least two of the plurality of defined, user-selectable data subset types;
	identifying similarity between two or more of the retrieved events;
	determining whether any of the retrieved events form a group, based on the identified similarity;
	selecting, based on a determination that two or more of the retrieved events form a group, at least a subset of the retrieved events that form the group, as a representative data subset; and
	causing display of the selected events in a user interface as the representative data subset, wherein said causing display comprises causing display of the selected events in a user interface that enables development of a field extraction rule that specifies how to extract a value for a field from information in one or more events.
2.	(Original) The method of claim 1, wherein said determining whether any of the retrieved events form a group comprises applying a clustering algorithm to the retrieved events.

	receiving, from a user, a selection of a data source type from which to generate the representative data subset.
4.	(Original) The method of claim 1, further comprising:
	receiving, from a user, a selection of the data subset type, of the plurality of defined data subset types, for identifying an event to include in the representative data subset.
5.	(Original) The method of claim 1, further comprising:
	receiving, from a user, a selection of a number of desired representative events to be included in the representative data subset.

6.	(Original) The method of claim 1, further comprising:
receiving, from a user, selections of:
	a data source type from which to generate the representative data subset,
	one or a combination of subset types, of a plurality of defined data subset types, for identifying an event to include in the representative data subset, and
	a number of desired representative events to be included in the representative data subset.
7.	(Currently amended) The method of claim 1, wherein each of the retrieved events includes raw data indicative of performance or activity of one or more components of an information technology environment.
8.	(Original) The method of claim 1, wherein the plurality of defined data subset types corresponds to a plurality of subtype processes that include one or more of a diverse event-identification process, an outlier event-identification process, a random event identification process, an earlier event-identification process, or a later event-identification process.

	the method further comprising:
	determining that a number of clusters in the plurality of clusters is not of a sufficiently large number; and
	clustering a larger group of events in the plurality of events than the group of events.
10.	(Original) The method of claim 1, wherein each event in the plurality of events is associated with a time stamp.
11.	(Currently amended) The method of claim 1, wherein each event in the plurality of events is associated with a time stamp that has been extracted from data in that event.
12.	(Original) The method of claim 1, wherein retrieving events from the data source includes using a process to identify outlier events.
13.	(Original) The method of claim 1, wherein retrieving events from the data source includes using a process to identify events associated with earliest events in the plurality of events.
14.	(Original) The method of claim 1, wherein retrieving events from the data source includes using a process to identify events associated with latest events in the plurality of events.
15.	(Currently amended) A non-transitory, machine-readable storage medium storing instructions, execution of which in a computer system causes the computer system to perform operations comprising:
	retrieving a plurality of events from a data source in accordance with a selected data subset type of a plurality of defined, user-selectable data subset types, wherein the 
	identifying similarity between two or more of the retrieved events;
	determining whether any of the retrieved events form a group, based on the identified similarity;
	selecting, based on a determination that two or more of the retrieved events form a group, at least a subset of the retrieved events that form the group, as a representative data subset; and
	causing display of the selected events in a user interface as the representative data subset, wherein said causing display comprises causing display of the selected events in a user interface that enables development of a field extraction rule that specifies how to extract a value for a field from information in one or more events.
16.	(Original) The machine-readable storage medium of claim 15, wherein said determining whether any of the retrieved events form a group comprises applying a clustering algorithm to the retrieved events.
17. 	(Original) The machine-readable storage medium of claim 15, storing further instructions, execution of which in a computer system causes the computer system to perform operations comprising:
	receiving, from a user, a selection of a data source type from which to generate the representative data subset.
18.	(Original) The machine-readable storage medium of claim 15, storing further instructions, execution of which in a computer system causes the computer system to perform operations comprising:
	receiving, from a user, a selection of the data subset type, of the plurality of defined data subset types, for identifying an event to include in the representative data subset.

	receiving, from a user, a selection of a number of desired representative events to be included in the representative data subset.

20.	(Original) The machine-readable storage medium of claim 15, storing further instructions, execution of which in a computer system causes the computer system to perform operations comprising:
receiving, from a user, selections of:
	a data source type from which to generate the representative data subset,
	one or a combination of subset types, of a plurality of defined data subset types, for identifying an event to include in the representative data subset, and
	a number of desired representative events to be included in the representative data subset.
21.	(Currently amended) The machine-readable storage medium of claim 15, wherein each of the retrieved events includes raw data indicative of performance or activity of one or more components of an information technology environment.
22.	(Original) The machine-readable storage medium of claim 15, wherein the plurality of defined data subset types corresponds to a plurality of subtype processes that include one or more of a diverse event-identification process, an outlier event-identification process, a random event identification process, an earlier event-identification process, or a later event-identification process.

	wherein the machine-readable storage medium stores further instructions, execution of which in a computer system causes the computer system to perform operations comprising:
	determining that a number of clusters in the plurality of clusters is not of a sufficiently large number; and
	clustering a larger group of events in the plurality of events than the group of events.
24.	(Original) The machine-readable storage medium of claim 15, wherein each event in the plurality of events is associated with a time stamp.
25.	(Currently amended) The machine-readable storage medium of claim 15, wherein each event in the plurality of events is associated with a time stamp that has been extracted from data in that event.
26.	(Original) The machine-readable storage medium of claim 15, wherein retrieving events from the data source includes using a process to identify outlier events.
27.	(Original) The machine-readable storage medium of claim 15, wherein retrieving events from the data source includes using a process to identify events associated with earliest events in the plurality of events.
28.	(Original) The machine-readable storage medium of claim 15, wherein retrieving events from the data source includes using a process to identify events associated with latest events in the plurality of events.
29.	(Currently amended) A computer system comprising:
	a data store to store data; and

		retrieving a plurality of events from a data source in accordance with a selected data subset type of a plurality of defined, user-selectable data subset types, wherein the selected data subset type is a combination of at least two of the plurality of defined, user-selectable data subset types;
		identifying similarity between two or more of the retrieved events;
		determining whether any of the retrieved events form a group, based on the identified similarity;
		selecting, based on a determination that two or more of the retrieved events form a group, at least a subset of the retrieved events that form the group, as a representative data subset; and
		causing display of the selected events in a user interface as the representative data subset, wherein said causing display comprises causing display of the selected events in a user interface that enables development of a field extraction rule that specifies how to extract a value for a field from information in one or more events.

30.	(Original) The computer system of claim 29, wherein:
	said determining whether any of the retrieved events form a group comprises applying a clustering algorithm to the retrieved events; and
	said operations further include receiving, from a user, selection of at least one of:
		a data source type from which to generate the representative data subset,
		one or a combination of subset types, of a plurality of defined data subset types, for identifying an event to include in the representative data subset, or
		a number of desired representative events to be included in the representative data subset.

31.  (Canceled) 
Allowable Subject Matter
Claims 1-30 are allowed.
The following is an examiner’s statement of reasons for allowance:
Independent claims 1, 15 and 29 when considered as a whole, are allowable over the prior art of record.  Specifically, prior art of record fail to clearly teach or fairly suggest the combination of the following limitations:

retrieving a plurality of events … selected data subset type is a combination of at least two of the plurality of defined, user-selectable data subset types; identifying similarity between two or more of the retrieved events … causing display of the selected events in a user interface that enables development of a field extraction rule that specifies how to extract a value for a field from information in one or more events.


The dependent claims further add limitations to the allowable subject matter of the corresponding independent claims; thus are also allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Inquiry
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PEIYONG WENG whose telephone number is (571)270-1660.  The examiner can normally be reached on Mon.-Fri.  8 am to 5 pm.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://portal.uspto.gov/external/portal. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PEI YONG WENG/Primary Examiner, Art Unit 2179