DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
35 U.S.C 103
Applicant’s arguments filed with respect to the rejection(s) of claims 1-30 under U.S.C 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However upon further consideration, new grounds of rejection are made in view of Fletcher (U.S Pub # 20130318536).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-8, 14-15, 17-18, 23-24, 26-27 are rejected under 35 U.S.C. 103 as being unpatentable over Smith (U.S Pub # 20110099500) in view of Blank (U.S Pat # 8515963) and in further view of Fletcher (U.S Pub # 20130318536).
With regards to claim 1, Smith discloses a method comprising:
retrieving raw data from a data source ([0035] load from a stored repository of network event data, a fixed set of data);

in response to a selected event break option, parsing the raw data into a plurality of events using the selected event break option (Fig. 1 #130 Event table; [0050] event table comprises a listing of multiple individual events that matched the filter criteria within a time window. [0051] User can select a particular event to receive more information about the particular event) and concurrently displaying the plurality of events as the parsing occurs, each event in the plurality of events comprising at least a portion of the raw data ([0052] a subrange of events may be concurrently displayed).
Smith does not appear to disclose however Blank discloses:
wherein each event break option of the plurality of event break options indicates a different type of break used to generate distinct events when parsing the raw data ([Col. 14 lines 4-26] a user may modify the candidate configuration information by adding sets of rules that may be selected from among one or more proposed rules presented in a user-interface. the raw data may be processed based on configuration information that may be associated with the raw data and the results may be provided to the user).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith by the analysis system of Blank to allow a user to configure how to process raw data.

Fletcher discloses:
storing the selected event break option as part of a late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema
 to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Claims 14 and 23 correspond to claim 1 and are rejected accordingly. 
With regards to claim 2, Smith further discloses:
indexing a second set of data retrieved from the data source or another data source ([0066] the event table lists summary information about the events within the start time and end time. The event details comprises detailed data about a particular selected event).
Smith does not disclose however Fletcher discloses:

It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Claims 15 and 24 correspond to claim 2 and are rejected accordingly. 
With regards to claim 3, Smith further discloses:
indexing a second set of data retrieved from the data source or another data source ([0066] the event table lists summary information about the events within the start time and end time. The event details comprises detailed data about a particular selected event);
receiving a search query ([0076] in response to the event table, step 324 may involve forming and sending a query to a database); and
searching the indexed second set of data using the search query ([0076] use the query to receive a new set of event records and displays the new sub range of events). 
Smith does not disclose however Fletcher discloses:

It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
With regards to claim 7, Smith further discloses:
causing display of a graphical user interface that displays a plurality of selectable timestamp options indicating where a timestamp should occur in each event in the plurality of events ([0036] a time slider provides a graphical mechanism to specify a starting point for event data to be loaded);
in response to a selected timestamp option, parsing data in each event in the plurality of events to determine a timestamp associated with each event using the selected timestamp option (Fig. 1 #130 Event table; [0050] event table comprises a listing of multiple individual events that matched the filter criteria within a time window. [0051] User can select a particular event to receive more information about the particular event) and concurrently displaying the timestamp associated with each event as the parsing occurs ([0052] a subrange of events may be concurrently displayed); and

Smith does not disclose however Fletcher discloses:
as part of the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Claims 17 and 26 correspond to claim 7 and are rejected accordingly. 
With regards to claim 8, Smith further discloses: 
causing display of a graphical user interface that displays a plurality of selectable timestamp options indicating where a timestamp should occur in each event in the plurality of events ([0036] a time slider provides a graphical mechanism to specify a starting point for event data to be loaded);

storing the selected timestamp option ([0036-0037] a time slider provides a mechanism to specify a starting point for event to be loaded. Load from a stored repository, a fixed set number of data. A user can manipulate the time slider to rapidly focus the display of events to those of interests);
indexing a second set of data retrieved from the data source ([0066] the event table lists summary information about the events within the start time and end time. The event details comprises detailed data about a particular selected event).
Smith does not disclose however Fletcher discloses:
storing as part of the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.

Claims 18 and 27 correspond to claim 8 and are rejected accordingly. 
Claims 4-5, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith (U.S Pub # 20110099500) in view of Blank (U.S Pat # 8515963) and in further view of Fletcher (U.S Pub # 20130318536) and Tsirogiannis (U.S Pub # 20140279838).
With regards to claim 4, Smith further discloses:
indexing a second set of data retrieved from the data source or another data source ([0066] the event table lists summary information about the events within the start time and end time. The event details comprises detailed data about a particular selected event);
organizing the second set of data ([0065] the network event list organizes the group of network events based on start time and end time);
receiving a search query ([0076] in response to the event table, step 324 may involve forming and sending a query to a database); and
searching the second set of data that has been indexed using the search query ([0076] use the query to receive a new set of event records and displays the new sub range of events).
Smith does not disclose however Fletcher discloses:
by applying the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that 
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Smith does not appear to disclose however Tsirogiannis discloses:
organizing into a plurality of buckets ([0233] s3 bucket);
searching in a particular bucket among the plurality of buckets ([0233] scans the bucket for files);
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith, Blank and Fletcher by the system of Tsirogiannis to index and retrieve data from buckets
One of ordinary skill in the art would have been motivated to make this modification in order to achieve scalability, low costs, and flexibility (Tsirogiannis [0017]).
With regards to claim 5, Smith further discloses:
indexing a second set of data retrieved from the data source or another data source into a plurality of timestamped events ([0052] The event graph represents events 
organizing events in the plurality of events based on a timestamp associated with each event in the plurality of events ([0052] The event graph represents events that occurred between a particular sub range of time corresponding to or defined by a result of processing a query or view against all events in the database);
receiving a search query ([0076] in response to the event table, step 324 may involve forming and sending a query to a database); and
searching events using the search query ([0089] running a query to find records of stored events matching user specified filters for a time window in the past).
Smith does not disclose however Fletcher discloses:
by applying the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Smith does not appear to disclose however Tsirogiannis discloses:

searching in a particular bucket among the plurality of buckets ([0233] scans the bucket for files);
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith, Blank and Fletcher by the system of Tsirogiannis to index and retrieve data from buckets
One of ordinary skill in the art would have been motivated to make this modification in order to achieve scalability, low costs, and flexibility (Tsirogiannis [0017]).
With regards to claim 13, Smith does not appear to disclose however Tsirogiannis discloses wherein the data source is an S3 file system ([0076] leverage various components of AWS like S3).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith,  Blank and Fletcher by the system of Tsirogiannis to index and retrieve data from buckets
One of ordinary skill in the art would have been motivated to make this modification in order to achieve scalability, low costs, and flexibility (Tsirogiannis [0017]).
Claims 6, 9-12, 16, 19-22, 25, 28-30 are rejected under 35 U.S.C. 103 as being unpatentable over Smith (U.S Pub # 20110099500) in view of Blank (U.S Pat # .
With regards to claim 6, Smith further discloses defining parsing instructions relating to one of the selectable event break options of the plurality of selectable event break options (Fig. 1 #130 Event table; [0050] event table comprises a listing of multiple individual events that matched the filter criteria within a time window).
Smith does not disclose however Fletcher discloses:
storing as part of the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Smith does not appear to disclose however Netz discloses causing display of a graphical user interface that displays a menu for selecting a source type ([0077] user can select a data source from a drop-down menu);
storing the selected source type ([0077] user can select an existing data source view utilizing the menu).

One of ordinary skill in the art would have been motivated to make this modification in order to load from one or more data sources (Netz [0008]).
Claims 16 and 25 correspond to claim 6 and are rejected accordingly. 
With regards to claim 9, Smith further discloses:
causing display of a graphical user interface that displays a plurality of selectable timestamp options indicating where a timestamp should occur in each event in the plurality of events ([0036] a time slider provides a graphical mechanism to specify a starting point for event data to be loaded);
defining parsing instructions relating to one of the selectable timestamp options of the plurality of selectable timestamp options (Fig. 1 Receive times [0036] a set of records to be loaded is determined as a specified number of records that are earlier in time than a position indicated by the time slider);
in response to a selected timestamp option, parsing data in each event in the plurality of events to determine a timestamp associated with each event using the selected timestamp option (Fig. 1 #130 Event table; [0050] event table comprises a listing of multiple individual events that matched the filter criteria within a time window. [0051] User can select a particular event to receive more information about the particular event) and concurrently displaying the timestamp associated with each event as the parsing occurs ([0052] a subrange of events may be concurrently displayed); abd

Smith does not disclose however Fletcher discloses:
storing as part of the late binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Smith does not appear to disclose however Netz discloses:
causing display of a graphical user interface that displays a menu for selecting a source type ([0077] user can select a data source from a drop-down menu);
receiving a selected source type ([0077] indicate the identified data source view);
storing the selected source type ([0077] user can select an existing data source view utilizing the menu).

One of ordinary skill in the art would have been motivated to make this modification in order to load from one or more data sources (Netz [0008]).
Claims 19 and 28 correspond to claim 9 and are rejected accordingly. 
	With regards to claim 10, Smith further discloses: 
causing display of a graphical user interface that displays a plurality of selectable timestamp options indicating where a timestamp should occur in each event in the plurality of events ([0036] a time slider provides a graphical mechanism to specify a starting point for event data to be loaded);
defining parsing instructions relating to one of the selectable timestamp options of the plurality of selectable timestamp options ([0036] a set of records to be loaded is determined as a specified number of records that are earlier in time than a position indicated by the time slider);
in response to a selected timestamp option, parsing data in each event in the plurality of events to determine timestamps associated with each event using the selected timestamp option (Fig. 1 #130 Event table; [0050] event table comprises a listing of multiple individual events that matched the filter criteria within a time window. [0051] User can select a particular event to receive more information about the particular event) and concurrently displaying timestamps associated with each event as the parsing occurs ([0052] a subrange of events may be concurrently displayed);

indexing a second set of data retrieved from the data source or another data source ([0066] lists summary information about the events within the start time and end time).
Smith does not disclose however Fletcher discloses:
storing as part of the late binding schema and applying as part of the binding schema ([0048] late binding schema can be used, which imposes structure on the data at query time [0074] receive a search query that can include one or more criteria which can specify or constrain field fields values to search event data store. The search can produce identifiers of events of interest.).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the event data interface of Smith and Blank by the system of Fletcher to apply a late binding schema to a specified data structure.
One of ordinary skill in the art would have been motivated to make this modification in order to collect data and break data into discrete events (Fletcher [0003]).
Smith does not appear to disclose however Netz discloses:
causing display of a graphical user interface that displays a menu for selecting a source type ([0077] user can select a data source from a drop-down menu);

storing the selected source type ([0077] user can select an existing data source view utilizing the menu).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file system of Smith, Blank and Fletcher by the menu system of Netz to select a source type.
One of ordinary skill in the art would have been motivated to make this modification in order to load from one or more data sources (Netz [0008]).
Claims 20 and 29 correspond to claim 10 and are rejected accordingly. 
With regards to claim 11, Smith further discloses:
Wherein the retrieving step retrieves the raw data from the selected data source provider ([0035] load data).
Smith does not disclose however Netz discloses:
causing display of a graphical user interface that displays a menu for selecting a data source provider ([0077] user can select a data source from a drop-down menu).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file system of Smith, Blank and Fletcher by the menu system of Netz to select a source type.
One of ordinary skill in the art would have been motivated to make this modification in order to load from one or more data sources (Netz [0008]).
Claim 21 corresponds to claim 11 and is rejected accordingly. 
With regards to claim 12, Smith further discloses:

 Smith does not disclose however Netz discloses:
causing display of a graphical user interface that displays a menu for selecting ([0077] user can select a data source from a drop-down menu).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file system of Smith, Blank and Fletcher by the menu system of Netz to select a source type.
One of ordinary skill in the art would have been motivated to make this modification in order to load from one or more data sources (Netz [0008]).
Claims 22 and 30 correspond to claim 12 and are rejected accordingly. 
Conclusion
                                                                                                                                                                                                   
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONY WU whose telephone number is (571)272-2033. The examiner can normally be reached Monday-Friday (9-5).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached on 7032703750. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/T.W./Examiner, Art Unit 2166                                                                                                                                                                                                        
/MARK D FEATHERSTONE/Supervisory Patent Examiner, Art Unit 2166