Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are presented for examination.
This is a Non-Final Action.

Claim Rejections - 35 U.S.C. §101

35 U.S.C. §101 reads as follows:

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 USC 101 as directed to an abstract idea without significantly more.
      With respect to independent claims, 1, 15 and 18, specifically claim 1 recites "generating...” and “detecting…” limitation. These limitations could be reasonably and practically performed by the human mind, for instance based on observation and evaluation of historical log data determine frequency of terms in logs or event types. Accordingly, the claim recites a mental process, which can be done utilizing pen and paper.
Accordingly, the claim recites an abstract idea.
                
                This judicial exception is not integrated into a practical application.  At step 2A, prong two, the claim recites “obtaining…, extracting… modifying…”. At best, these 
                
                The claims, 1, 15 and 18 at step 2B do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of accessing data is insignificant extra-solution activity. This data gathering, manipulation and display activities in the field of use, is well-understood, routine, and conventional. See MPEP 2106.05(d)(II), 2106.05(g), 2106.05(h),"Receiving or transmitting data over a network, e.g., using the Internet to gather data,", "storing and retrieving information in memory" and “displaying certain results of the collection and analysis”. 

Claims 2-5, 7-14, 16 and 19 are dependent claims and do not recite any additional elements that would amount to significantly more than the abstract idea.  Specifically, “wherein the given log processing node comprises a virtual computing instance of a distributed computing platform, the virtual computing instance comprising at least one of a virtual machine and a software container.” (claim 2), “pre-processing the obtained logs to remove noise, wherein pre-processing the obtained logs comprises identifying and removing at least one of stop words, punctuation, and uniform resource locators” (claim 3), “wherein the generated frequency score for the given term comprises an inverse document frequency score computed based at least in 
Claims 15, 16, 18 and 19 are similar to claims 1-5 and 7-14 hence rejected similarly.
The examiner concludes that further amendment is required to establish subject matter eligibility under 35 U.S.C. §101.

In view of compact prosecution, if claims 6, claims 17 and 20 recite additional elements that overcome the abstract idea therefore, if incorporated into the independent claim would overcome the abstract idea rejection.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1, 3, 7 and 9 recites the limitation "the obtained logs, however, the claims never recite “a obtained log”.  There is insufficient antecedent basis for this limitation in the claim, therefore appropriate action is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 rejected under 35 U.S.C. 103 as being unpatentable over Cohen et al. (US 9,672,279 – (IDS)) further in view of Togawa (US 2018/0349468) 

1. Cohen teaches, A method comprising steps of:
obtaining, in a given one of a plurality of log processing nodes, at least two different types of logs associated with a plurality of assets of an enterprise system (Col 5: lines 7-16 – constructing one or more in-domain dictionaries (log types), Col 6: lines 22-28 – teaches in an enterprise environment);
generating, at the given log processing node (Col 4: lines 50-67 – the clustering labeling system 104), frequency scores for terms in unstructured log data of each of the different log types (Col 5: lines 28-30 – topic generation for one or more in-domain dictionaries (log types)), the generated frequency score for a given term in unstructured log data of a given log type being based at least in part on (ii) occurrence of the given term in the obtained logs of the given log type (Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models);
extracting, at the given log processing node, features from the obtained logs based at least in part on the frequency scores (Fig 2: 202 – identifying topics form the unstructured text data);
detecting one or more events affecting the plurality of assets of the enterprise system utilizing the extracted features (Fig 2:204 – teaches assigning each documents (unstructured data, such as events) to each topic); and
wherein the method is performed by at least one processing device comprising a processor coupled to a memory (Fig 7:702-1 & 702-2..N processing devices).
However, Togawa teaches, 
(Paragraph 76 – teaches determining similarity of the abnormal logs based on past (historical occurrences of) abnormal logs) and modifying a configuration of one or more of the plurality of assets responsive to detecting the one or more events (Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated);
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains to allow Cohen’s invention to utilize historical log data as taught by Togawa, because both Cohen and Togawa are in the same field of endeavor of data analyzes and processing.  This would allow Cohen’s invention the ability to weight logs based on occurrence of the logs.

2. Cohen/Togawa teach, The combination The method of claim 1 wherein the given log processing node comprises a virtual computing instance of a distributed computing platform, the virtual computing instance comprising at least one of a virtual machine and a software container (Fig 6, Col 12: lines 21-38– virtual machines of the information processing system 100, and the cloud infrastructure 600, Cohen).

3. Cohen/Togawa teach, The method of claim 1 further comprising pre-processing the obtained logs to
remove noise, wherein pre-processing the obtained logs comprises identifying and removing at least one of stop words, punctuation, and uniform resource locators.



5. Cohen/Togawa teach, The method of claim 4 wherein the extracted features comprise term frequency-inverse document frequency scores, a given term frequency-inverse document frequency score for the given term in a given log of the given log type being determined based at least in part on a number of occurrences of the given term in the given log and the generated frequency score for the given term.

6. Cohen/Togawa teach, The method of claim 1 wherein generating the frequency scores at the given log processing node comprises:
reading a meta corpus for the given log type from a first data store accessible by the plurality of log processing nodes, the meta corpus comprising historical frequency scores previously computed by the plurality of log processing nodes indicating occurrence of terms in the historical logs of the given log type (Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models);
writing a delta corpus for the given log type to a second data store local to the given log processing node, the delta corpus comprising updates to the previously-computed historical frequency scores (Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated based on historical occurrence, Togawa); and
(the combination of Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models, Fig 2 is a periodically repeated , Cohen and Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated based on historical occurrence, Togawa -  teaches that based on new logs, weights would be updated in Togawa).

7. Cohen/Togawa teach, The method of claim 6 wherein writing the delta corpus for the given log type comprises incrementally re-computing inverse document frequency scores for terms responsive to detecting occurrence of the terms in the obtained logs of the given log type (Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models, and Fig 2: 204-208 – assigning each document to a clusters and generating additional visualizations based on the selected clusters, would require re-computing TF-IDF, for each clusters, Cohen).

8. Cohen/Togawa teach, The method of claim 7 further comprising pausing incrementally re-computing the inverse document frequency scores while updating the meta corpus (the combination of Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models  by Cohen and Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated based on historical occurrence, Togawa -  teaches that based on new logs, weights would be updated in Togawa).

9. Cohen/Togawa teach, The method of claim 7 wherein incrementally re-computing the inverse document frequency scores comprises, when the given term has an associated inverse document frequency score in the meta corpus, generating an update to a previously-computed inverse document frequency score for the given term by (i) incrementing the previously-computed inverse document frequency score for the given term based at least in part on a number of times that the given term occurs in the obtained logs of the given log type and (ii) saving the updated inverse document frequency score for the given term to the delta corpus for the given log type (the combination of Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models  by Cohen and Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated based on historical occurrence, Togawa -  teaches that based on new logs, weights would be updated in Togawa).

10. Cohen/Togawa teach, The method of claim 7 wherein incrementally re-computing the inverse document frequency scores comprises, when the given term does not have an associated inverse document frequency score in the meta corpus, creating a new inverse document frequency score for the given term and adding the new inverse document frequency score to the delta corpus for the given log type (Paragraph 77 – weighting the abnormal log based on the historical occurrence of the abnormal log, wherein the weighting is updated based on historical occurrence, Togaw further in combination with the Fig 2:202, Col; 7: lines 37-61 document term matrix, which would be updated when new logs are introduced, Cohen)

 (Fig 2:202, Col; 7: lines 37-61 – creating a document term matrix and building a in-domain dictionary to be utilized in topic models, Fig 2 is a periodically repeated , Cohen).

12. Cohen/Togawa teach, The method of claim 1 wherein the at least two different types of logs comprise:
a first type of logs obtained from a first monitoring tool that monitors a given type of assets in the enterprise system; and at least a second type of logs obtained from a second monitoring tool that monitors the given type of assets in the enterprise system (Fig 4A-4D – discloses different types of logs in a enterprise system, Cohen).

13. Cohen/Togawa teach, The method of claim 1 wherein modifying the configuration of the one or more assets comprises:
identifying a given one of the plurality of assets as a malfunctioning asset; and utilizing the extracted features to identify the one or more assets as assets affected by the malfunctioning asset (Fig 4A-4D – discloses different types of logs in an enterprise system, which can be clustered and identified, Cohen in combination with  Fig 4B – teaches identifying and ranking anomaly parts wherein the identified asset also discloses the feature it was utlized in, (A3), Togawa).


applying one or more security hardening procedures to the configuration of the one or more assets;
identifying and correcting a misconfiguration of one or more aspects of the one or more assets (Fig 4E – discloses identifying bug fixes which would include identifying and correcting miconfigurations in the assests, Cohen); and
blocking one or more connections to the one or more assets.

Claim 15 is similar to claim 1 hence rejected similarly.
Claim 16 is similar to the combination of claims 4 and 5 hence rejected similarly.
Claim 17 is similar to claim 6 hence rejected similarly.
Claim 18 is similar to claim 1 hence rejected similarly.
Claim 19 is similar to the combination of claims 4 and 5 hence rejected similarly.
Claim 20 is similar to claim 6 hence rejected similarly.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMRESH SINGH whose telephone number is (571)270-3560.  The examiner can normally be reached on Monday-Friday 8am-5pm.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Amresh Singh/
Primary Examiner, Art Unit 2159