Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in responsive to the Amendment filed on 12/02/2021.
In the Instant Amendment, claims 1, 10, 11, and 16 have been amended; claims 1, 11, and 16 are independent claims.  Claims 1-20 have been examined and are pending in this application.  This Action is made FINAL. 
Applicants’ arguments in the instant Amendment, filed on 12/02/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: Carasso does not disclose “executing a search query to identify a set of events, wherein the search query indicates a computation to perform to produce metrics for the set of events, and wherein the metrics aggregate a set of fields included in the set of events; causing display of a first interface including a table, wherein column headings of the table include one or more fields from the set of fields included in the set of events, wherein a row of the table includes a set of values associated with the one or more fields and a metric from the metrics, and wherein the metric comprises a statistic computed, using the computation, from a quantity of events from the set of events that have all values in the set of the values in the row; causing, in response to first input indicating a first selection of the row, display of an option selectable to display a subset of events of the set of events, wherein the subset of events correspond to the set of the values in the row; causing, in response to first input  
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Carasso does disclose executing a search query to identify a set of events, wherein the search query indicates a computation to perform to produce metrics for the set of events, and wherein the metrics aggregate a set of fields included in the set of events (pages 14 and 21-31; Figs. 2-3, 3-1 to 3-3; a search dashboard is displayed search result in a results area; the search area displays date time and information of event. [the computing system will perform search request from a user]);  causing display of a first interface including a table, wherein column headings of the table include one or more fields from the set of fields included in the set of events  (page 14; Fig. 2-3;  IP address, Timestamp, Http Command, Status, byte, etc. [the IP address, Timestamp, Http Command, Status, byte, and etc. are known as headings the table, each column heading includes a set of events), wherein a row of the table includes a set of values associated with the one or more fields (page 14, 24; Figs. 2-3 and 3-3;  a table of result includes set of field; for example, IP address, Timestamp, Http Command, Status, byte, etc. will display values/information in the set of the values in the row) and a metric from the metrics, and wherein the metric comprises a statistic computed, using the computation, from a quantity of events from the set of events that have all values in the set of the values in the row (pages 23-24; Fig. 3-3; the Timeline show the number of events matching user’s search over time and the events information will display in ‘Search area’ field.  Also see pages 47-48; Figs. 4-10 and 4-11 show a result when the user search more details/specific; such as amount of event; for example the number of product views and purchases for per hour. [based on the user enter keyword and specific keyword, the Splunk search system will display search event result, time line, etc.]); causing, in response to first input indicating a first selection of the row, display of an option selectable to display a subset of events of the set of events, wherein the subset of events correspond to the set of the values in the row (pages 24 and 26; Figs. 3-2 and 3-6; a search navigation menu ‘Summary,’ ‘Search,’ ‘Status,’ ‘Dashboard &Views,’ and ‘Searches &Report’ and ‘Option’ are option menu so the user can select to switching viewing a search; for . [the user can view set of event search result based on selected navigation menu or option display event]; page 24-25, 119-120, 146-151; Figs. 3-3, 3-4; an evaluation function Table shows all function for searching.  the evaluation function “mvindex(X,Y,Z)” returns a subset of the multivalued field X from start position (zero-based) Y to Z (optional)); and causing, in response to second input indicating a second selection of the option, display of a second interface, wherein the second interface includes a listing of the subset of events (pages 14, 24-26; Figs. 2-3, 3-1, 3-3, and 3-6; “If you click the Search option or enter a search in the search bar, the page switches to the Search dashboard (sometimes called the timeline or flashtimeline view).”  The user can select one of icon or check ‘Options’ in the result area for various format). It is clear that Carasso does disclose the limitation argued above.
The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention.  Should the Applicant 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by David Carasso; Exploring Splunk; Copyright 2012 by Splunk Inc (Carosso).   
Regarding claim 1, Carasso discloses a method implemented by a computing device, comprising: 
executing a search query to identify a set of events, wherein the search query indicates a computation to perform to produce metrics for the set of events, and wherein the metrics aggregate a set of fields included in the set of events (pages 14 and 21-31; Figs. 2-3, 3-1 to 3-3; a search dashboard is displayed search result in a results area; the search area displays date time and information of event. [the computing system will perform search request from a user]); 
causing display of a first interface including a table, wherein column headings of the table include one or more fields from the set of fields included in the set of events  (page 14; Fig. 2-3;  IP address, Timestamp, Http Command, Status, byte, etc. [the IP address, Timestamp, Http Command, Status, byte, and etc. are known as headings the table, each column heading includes a set of events), wherein a row of the table includes a set of values associated with the one or more fields (page 14, 24; Figs. 2-3 and 3-3;  a table of result includes set of field; for example, IP address, Timestamp, Http Command, Status, byte, etc. will display values/information in the set of the values in the row) and a metric from the metrics, and wherein the metric comprises a statistic computed, using the computation, from a quantity of events from the set of events that have all values in the set of the values in the row (pages 23-24; Fig. 3-3; the Timeline show the number of events matching user’s search over time and the events information will display in ‘Search area’ field.  Also see pages 47-48; Figs. 4-10 and 4-11 show a result when the user search more details/specific; such as amount of event; for example the number of product views and purchases for per hour. [based on the user enter keyword and specific keyword, the Splunk search system will display search event result, time line, etc.]); 
causing, in response to first input indicating a first selection of the row, display of an option selectable to display a subset of events of the set of events, wherein the subset of events correspond to the set of the values in the row (pages 24 and 26; Figs. 3-2 and 3-6; a search navigation menu ‘Summary,’ ‘Search,’ ‘Status,’ ‘Dashboard &Views,’ and ‘Searches &Report’ and ‘Option’ are option menu so the user can select to switching viewing a search; for . [the user can view set of event search result based on selected navigation menu or option display event]; page 24-25, 119-120, 146-151; Figs. 3-3, 3-4; an evaluation function Table shows all function for searching.  the evaluation function “mvindex(X,Y,Z)” returns a subset of the multivalued field X from start position (zero-based) Y to Z (optional)); and causing, in response to second input indicating a second selection of the option, display of a second interface, wherein the second interface includes (pages 14, 24-26; Figs. 2-3, 3-1, 3-3, and 3-6; “If you click the Search option or enter a search in the search bar, the page switches to the Search dashboard (sometimes called the timeline or flashtimeline view).”  The user can select one of icon or check ‘Options’ in the result area for various format).  
Regarding claim 2, Carasso discloses the method of claim 1, wherein the column headings of the table include the one or more fields based on the one or more fields being specified in the search query (page 14; Fig. 2-3; IP, address, Timestamp, Http Command, Status, byte, etc. are column heading of the table; and also see pages 22-24; Figs. 3-1 and 3-3; pages 67-68; Fig. 5-9; the Splunk search is performed search based on the keywords, specified keywords, and/or selected option and displayed one more field in the Search dashboard).  
Regarding claim 3, Carasso discloses the method of claim 1, wherein the set of fields is a subset of the set of fields included in the set of events (page 120; section ‘Solution’; “[i]f events with particular field values are a small subset of your events, you can efficiently use subsearches to find relevant events”).  
Regarding claim 4, Carasso discloses the method of claim 1, wherein the computation is performed based on being specified in the search query (pages 22-24; Figs. 3-1 and 3-3; the Splunk search is performed search based on the keywords and/or specified keywords).  
Regarding claim 5, Carasso discloses the method of claim 1, wherein the subset of events include the set of the values in the row based on the set of the values being associated with the row (pages 14 and 24; Fig. 2-3, 3-3).  
Regarding claim 6, Carasso discloses the method of claim 1, wherein the subset of events do not include the set of the values in the row based on the set of the values being associated with the row (page 110; “problem is that this would create a transaction with event2 and event4, ignoring event1 and event3 because they do not have a cookie value”).  
Regarding claim 7, Carasso discloses the method of claim 1, wherein the display of the option is in a menu that includes a designation of a field from the one or more fields and a corresponding value associated with the row (page 24; Fig. 3-3; option menu display in results area).  
Regarding claim 8, Carasso discloses the method of claim 1, wherein the listing of the subset of events in the second interface includes a portion of raw machine data of an event in the subset of events (pages 14 and 24; Figs. 2-3 and 3-3).  
Regarding claim 9, Carasso discloses the method of claim 1, wherein the option is displayed in the menu that includes a plurality of options, Page 3 of 13Application No. 17/029,773Attorney Docket No. SP0097.02US.C1/347500 Response Filed: 12/02/2021a first of the plurality of options being selectable to transition to the second interface that includes the listing of the subset of events based on the subset of events including field-value pairs that match the one or more fields and the set of values in the row, and a second of the plurality of options being selectable to transition to the second interface that includes the listing of the subset of events based on the subset of events including field-value pairs that match the one or more fields and the set of values in the row (page 24-26; Figs. 3-2 to 3-6; Splunk search is performed search based on the user enters star ‘*’ into search field for default search, or enter keywords/special keywords into search field and choose ‘Option’).  
Regarding claim 10, Carasso discloses the method of claim 1, further comprising causing, in response to third input indicating a third selection of the row, an emphasis indicator of the row in the first interface, wherein the first input is to the emphasis indicator of the row (page 14; Fig. 2-3; “[t]he result is a file that looks something like Figure 2-3 (without the fancy highlighting to help you see the fields.” And also pages 58 and 86; Fig. 5-2), and wherein the row represents the events from the set of events that have all values in the set of the values in the row (pages 14 and 24; Fig. 2-3, 3-3).  
Regarding claim 11, claim 11 is directed to a computer-implemented system associated with the method claimed in claim 1; Claim 11 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 12, Carasso discloses the system of claim 11, wherein the computation and the one or more fields are user specified using the first interface (page 14; Fig. 2-3; IP, address, Timestamp, Http Command, Status, byte, etc. are column heading of the table; and also see pages 22-24; Figs. 3-1 and 3-3; pages 67-68; Fig. 5-9; the Splunk search is performed search based on the keywords, specified keywords, and/or selected option and displayed one more field in the Search dashboard).  
Regarding claim 13, Carasso discloses the system of claim 11, wherein the table only includes column headings for the one or more fields and the metrics (page 14; Fig. 2-3; IP, address, Timestamp, Http Command, Status, byte, etc. are column heading of the table; and also see pages 22-24; Figs. 3-1 and 3-3; the Splunk search is performed search based on the keywords and/or specified keywords).  
Regarding claim 14, Carasso discloses the system of claim 11, wherein the causing of the display of the first interface is in response to a command in the search query that indicates the computation and the set of fields (pages 14 and 21-31; Figs. 2-3, 3-1 to 3-3; a search dashboard is displayed search result in a results area; the search area displays date time and information of event. [the computing system will perform search request from a user]).  
Regarding claim 15, Carasso discloses the system of claim 11, wherein the computation is an average (pages 85-87; “the average delay or minimum bytes per second, and consider different time ranges, such as day over day”).  
Regarding claims 16-20, claims 16-20 are directed to a One or more computer-readable non-transitory associated with the method claimed in claims 1-5 respectively; Claims 16-20 are similar in scope to claims 16-20 respectively, and are therefore rejected under similar rationale.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the 
The prior art made of record and not relied upon is consider pertinent to applicants’ discloser: 
Subramaniam et al., (“Subramaniam,” 2007/0094230) is directed to a method/system for searching on filter search specification.
Subramaniam et at. (Subramaniam’504; US 2007/0118504) is directed to a method/system for searching based on search visual rules.
Inquiry
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LINH K PHAM whose telephone number is (571)270-3230.  The examiner can normally be reached on Monday-Thursday from 8:00 AM to 6:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sherief Badawi can be reached on (571) 272-9782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/LINH K PHAM/
Primary Examiner, Art Unit 2174