Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
2.	This action is in response to the communication filed on September 01, 2021.
3.	In view of the amendment filed on 09/01/2021, claims 1, 3-7, 9-11, 13-16 and 19 has been amended, claims 2, 8, 12, 17-18 and 20 has been cancelled, and claims 21-26 has been newly added.
4.	After a thorough search and examination of the present application and in light of the prior art made of record and applicant’s amendment and remarks filed on 09/01/2021, and the examiner’s amendment stated below, claims 1, 3-7, 9-11, 13-16, 19 and 27-32 (renumbered as claim 1-20) are allowed.
	Information Disclosure Statement
5.	The information disclosure statement (IDS) submitted on 09/01/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Continued Examination Under 37 CFR 1.114
6.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/01/2021 has been entered.
 					Examiner’s Amendment
7.	Authorization for this examiner’s amendment stated below was given in a telephone interview with David Grant (Reg. No. 74,373) on 09/29/2021.
	In the Claims:
	Please amend claims 1, 6-7, 9-11, 16, 19, 21-26, and 27-32 as follows:
(Currently Amended) A computer-implemented method, comprising:
receiving a set of machine data; 
determining a frequency of occurrence of at least one token in a portion of the set of machine data, wherein the frequency of occurrence corresponds to a number of distinct instances of the at least one token in the portion of the set of machine data, wherein the at least one token is a punctuation character;
determining a source of the set of machine data by comparing the frequency of occurrence with a signature from one or more known sources, 
determined source 
segmenting the set of machine data into a plurality of events using the set of rules, thereby allowing application of time-based search phrases across the plurality of events.
6.	(Currently Amended) The computer-implemented method of Claim 1, wherein said determining the source 
matching the frequency of occurrence to the signature 
7.	(Currently Amended) The computer-implemented method of Claim 1, further comprising:
determining that the[[a]] source of the set of machine data is not known; and
creating an additional signature, wherein the additional signature corresponds to [[for ]]the source and the frequency of occurrence.
9.	(Currently Amended) The computer-implemented method of Claim 1, 

determining that the set of machine data is binary machine data; and
converting the binary machine data into textual machine data using a process defined for the determined source.
10.	(Currently Amended) The computer-implemented method of Claim 1, further comprising:

determining that the set of machine data is binary machine data by comparing a number of machine data lines in the set of machine data that appear to be binary and a number of machine data lines in [[at ]]the set of machine data that appear to be textual; and
converting the binary machine data into textual machine data using a process defined for the determined source.
11.	(Currently Amended) A non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of:

determining a frequency of occurrence of at least one token in a portion of the set of machine data, wherein the at least one token is a punctuation character;
determining a source of the set of machine data by comparing the frequency of occurrence with a signature from one or more known sources;
based at least in part on the determined source 
segmenting the set of machine data into a plurality of events using the set of rules, thereby allowing application of time-based search phrases across the plurality of events.
16.	(Currently Amended) The non-transitory computer-readable storage media of Claim 11, wherein executing the one or more sequences of instructions further causes the performance of:
determining [[a ]]the source 
19.	(Currently Amended) An apparatus, comprising:
one or more processors configured to:
receive a set of machine data; 
determine a frequency of occurrence of at least one token in a portion of the set of machine data, wherein the frequency of occurrence corresponds to a number of distinct instances of the at least one token in the portion of the set of machine data, wherein the at least one token is a punctuation character;
determine a source of the set of machine data by comparing the frequency of occurrence with a signature from one or more known sources;
identify a set of rules to segment the set of machine data into events using the determined source
segment the set of machine data into a plurality of events using the set of rules, thereby allowing application of time-based search phrases across the plurality of events.
21.	Cancelled.
22.	Cancelled.
23.	Cancelled.
24.	Cancelled.
25.	Cancelled.
26.	Cancelled.
New) The non-transitory computer-readable storage media of claim 11, wherein executing the one or more sequences of instructions further causes the performance of:
determining that the source of the set of machine data is not known; and
creating an additional signature, wherein the additional signature corresponds to the source and the frequency of occurrence. 
28.	(New) The apparatus of claim 19, wherein each event in the plurality of events includes a part of the set of machine data.
29.	(New) The apparatus of claim 19, wherein each event in the plurality of events includes a part of the set of machine data, and wherein each event is field-searchable.
30.	(New) The apparatus of claim 19, wherein the one or more processors are configured to: create a time stamp for each event in the plurality of events by extracting time stamp information from machine data included in each event.
31.	(New) The apparatus of claim 19, wherein to determine the source, the wherein the one or more processors are configured to:
match the frequency of occurrence to the signature using a nearest neighbor search.
32.	(New) The apparatus of claim 19, wherein the one or more processors are configured to:
determine that the source of the set of machine data is not known; and
create an additional signature, wherein the additional signature corresponds to the source and the frequency of occurrence. 
					Allowable Subject Matter
8.	Claims 1, 3-7, 9-11, 13-16, 19 and 27-32 are allowed.
	The following is an examiners statement of reasons for allowance:
	In the examiner’s final office action dated on June 01, 2021, claims 1-5, 7-15 and 17-20 were rejected under 3.5. U.S.C 103(a) based primarily on US 2004/0049693 A1 to Douglas, US 2006/0161816 A1 to Gula et al and US 7,546,234 B1 to Deb et al, claims 6 and 16 were rejected based primarily on US 2004/0049693 A1 to Douglas, US 2006/0161816 A1 to Gula et al and US 7,546,234 B1 to Deb et al and US 2007/0074147 A1 to Wold.
	The claimed invention is directed towards a computer-implemented method, comprising: receiving a set of machine data; determining a frequency of occurrence of at least one token in a portion of the set of machine data, wherein the frequency of occurrence corresponds to a number of distinct instances of the at least one token in the portion of the set of machine data, wherein the at least one token is a punctuation character; determining a source of the set of machine data by comparing the frequency of occurrence with a signature from one or more known sources, identifying a set of rules to segment the set of machine data into events using the determined source; and segmenting the set of machine data into a plurality of events using the set of rules, thereby allowing application of time-based search phrases across the plurality of events.

	The prior art of record US 2004/0049693 A1 to Douglas, US 2006/0161816 A1 to Gula et al and US 7,546,234 B1 to Deb et al and US 2007/0074147 A1 to Wold, do not explicitly teach, show or suggest the feature of determining a frequency of occurrence of at least one token in a portion of the set of machine data, wherein the frequency of occurrence corresponds to a number of distinct instances of the at least one token in the portion of the set of machine data, wherein the at least one token is a punctuation character; determining a source of the set of machine data by comparing the frequency of occurrence with a signature from one or more known sources in combination with other claimed features.
An updated search of prior art in domains (EAST, Google, Google Scholar, and ip.com) has been conducted.  The prior art searched and investigated do not fairly teach or suggest teaching of the subject matter as described by the combination of the element presented in each of the independent claims 1, 11 and 19.               
The dependent claims 3-7 and 9-10 depending on independent claim 1, dependent claims 13-16 and 27 depending on independent claim 11, and dependent claims 28-32 depending on independent claim 19 are also distinct from the prior art for the same reasons.
9.	Any comments considered necessary by applicant must be submitted no later than the payment of issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.
				Contact Information
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED R UDDIN whose telephone number is (571)270-3138.  The examiner can normally be reached on M-F: 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Beausoliel Robert can be reached on 571-272-3645.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED R UDDIN/Primary Examiner, Art Unit 2167