DETAILED ACTION
	The present application, filed on or after March 16, 2013 is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to submission of application on 11/5/2021.
Claims 1-4, 6, 7, 9-14, and 16-20 are pending.
After a thorough search and examination of the present application, and in light of the following:
The prior art made of record;
Claims 1-4, 6, 7, 9-14, and 16-20 are allowed.
EXAMINER’S AMENDMENT
	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Paul Franz, Attorney of Record, and Examiner Bart Rylander, and Primary Examiner Brian M. Smith on 3/21/2022.
The claims are amended as follows:
1(Amended). 	A method performed by one or more computers, the method comprising: 	generating training data, the training data comprising a plurality of training computer security data logs and, for each training computer security data log, a label that identifies a log type of the training computer security data log, wherein each log type is mapped to a 
	training a machine learning model to predict log types of unlabeled computer security data logs using the training data, wherein the machine learning model is a neural network; 
	obtaining an unlabeled computer security data log; 
	processing the unlabeled computer security data log using [[a]] the machine learning model after training the machine learning model to generate a probability distribution that includes a respective probability for each of a plurality of possible log types, wherein each of the plurality of possible log types is associated with a corresponding parser that parses logs of the possible log type to extract structured computer security data, and wherein the machine learning model does not parse the unlabeled computer security data specifically for each corresponding parser to determine the respective probabilities; 
	selecting the possible log type having the highest probability; and 
	parsing the unlabeled computer security data log using the parser corresponding to the selected possible log type.
REASONS FOR ALLOWANCE
	The following is an examiner’s statement of reasons for allowance: 
	Claim 1 requires, among other things, a method for training a machine learning model to predict log types of unlabeled computer security data logs using the training data, … and, training a machine learning model to predict log types of labeled computer security data logs … wherein each of the plurality of possible log types is associated with a corresponding parser that parses logs of the possible log type to extract structured computer security data, and wherein the machine learning model does not parse the unlabeled computer security data specifically for each corresponding parser to determine the respective probabilities.
	Claim 11 is the same as claim 1, but in addition, requires a system comprising one or more computers and one or more storage devices storing instructions that when executed by the one or more computers cause the one or more computers to perform the method of claim 1.
	Among the closest art identified:
	Saurabh (US 9135560 B1) discloses using either a parser or a rule set for each parser to determine which parser to use, but does not disclose training and using a machine learning model in which “the machine learning model does not parse the unlabeled computer security data specifically for each corresponding parser to determine the respective probabilities.”
	Du (Deeplog: Anomaly Detection and Diagnosis from System Logs through Deep Learning) discloses automatically learning log patterns from normal execution, and detecting anomalies when log patterns deviate from the model trained from log data under normal execution, but does not disclose training and using a machine learning model to select parsers.
	Zhu (Tools and Benchmarks for Automated Log Parsing) discloses benchmarked results of 13 different log parsers in terms of accuracy, robustness, and efficiency, for automated log parsing, but does disclose training and using a machine learning model to select parsers where “the machine learning model does not parse the unlabeled computer security data specifically for each corresponding parser to determine the respective probabilities.”
	However, none of the references, alone or in combination, teach a method for training and using a machine learning model to select parsers for computer security data logs in which 
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to BART RYLANDER whose telephone number is (571)272-8359. The examiner can normally be reached Monday - Thursday 8:00 to 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Miranda Huang can be reached on 571-270-7092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/B.I.R./Examiner, Art Unit 2124                                                                                                                                                                                                        

/BRIAN M SMITH/Primary Examiner, Art Unit 2122