DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 3-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Anand et al. U.S. Patent Application Publication 2014/0129536A1.
As per claim 1, Anand teaches a system, comprising: a processor; and a memory, accessible by the processor, the memory storing instructions, that when executed by the processor, cause the processor to perform operations comprising: receiving machine-generated textual data associated with one or more computing resources of a managed network (¶ 0003-0005); classifying the machine-generated textual data into ome or more statistical metrics(¶ 0052); identifying a plurality of incident patterns associated with respective incidents in the managed network based on the one or more statistical metrics (¶ 0003-0005, 0040-0041, 0052, Table 3); correlating at least two incident patterns of the plurality of incident patterns (¶ 0053-0059); determining a root cause of the respective incidents associated with the at least two incident patterns based on an increase in a trend of one of the at least two incident patterns toward a threshold, or a time-proximity between respective anomalies in the at least two incident patterns, or both (¶ 0054, wherein events can be occurring at the same time or re-occuring); and generating an alert for the respective incidents associated with the at least two incident patterns, wherein the alert indicates the determined root cause (¶ 0054).
As per claim 3, Anand teaches the system of claim 1, wherein the one or more statistical metrics are represented as a gauge, a meter, or a histogram, or a combination thereof (¶ 0034, wherein the meter comprises ratings/rankings in order).
As per claim 4, Anand teaches the system of claim 1, wherein classifying the machine-generated textual data into the one or more statistical metrics comprises: processing the machine-generated textual data into one or more elements including one or more events (¶ 0003-0005), one or more tokens, one or more key-value pairs, or one or more properties, or a combination thereof; and generating one or more graphical representations of the one or more statistical metrics based on the one or more elements (¶ 0024, wherein the rankings are graphically presented).
As per claim 5, Anand teaches the system of claim 4, wherein the alert comprises the one or more elements (¶ 0054).
As per claim 6, Anand teaches the system of claim 1, wherein the at least two incident patterns are correlated based on an amplitude of an incident pattern of the at least two incident patterns, a frequency of an incident pattern of the at least two incident patterns, or a similarity of an incident pattern of the at least two incident patterns to a previously detected incident pattern, or a combination thereof (¶ 0020).
As per claim 7, Anand teaches the system of claim 1, wherein the operations comprise grouping the alert with one or more additional alerts generated at the same time or substantially at the same time (¶ 0054).
As per claim 8, Anand teaches a method, comprising: receiving, by one or more processors, machine-generated textual data associated with one or more computing resources of a managed network; classifying, by the one or more processors, the machine-generated textual data into one or more statistical metrics; identifying, by the one or more processors, a plurality of incident patterns associated with respective incidents in the managed network based on the one or more statistical metrics; correlating, by the one or more processors, at least two incident patterns of the plurality of incident patterns; determining, by the one or more processors, a root cause of the respective incidents associated with the at least two incident patterns based on an increase in a trend of one of the at least two incident patterns toward a threshold, or a time-proximity between respective anomalies in the at least two incident patterns, or both; and generating, by the one or more processors, an alert for the respective incidents associated with the at least two incident patterns, wherein the alert indicates the determined root cause (¶ 0003-0005, 0040-0044, Table 3, 0053-0054, as mapped in claim 1).
As per claim 9, Anand teaches the method of claim 8, wherein the one or more statistical metrics are represented as a gauge, a meter, or a histogram, or a combination thereof (¶ 0004).
As per claim 10, Anand teaches the method of claim 8, wherein classifying the machine-generated textual data into the one or more statistical metrics comprises: processing, by the one or more processors, the machine-generated textual data into one or more elements including one or more events, one or more tokens, one or more key-value pairs, or one or more properties, or a combination thereof (¶ 0003-0005); and generating, by the one or more processors, one or more graphical representations of the one or more statistical metrics based on the one or more elements (¶ 0024).
As per claim 11, Anand teaches the method of claim 10, wherein the alert comprises the one or more elements (¶ 0054).
As per claim 12, Anand teaches the method of claim 8, wherein the at least two incident patterns are correlated based on an amplitude of an incident pattern of the at least two incident patterns, a frequency of an incident pattern of the at least two incident patterns, or a similarity of an incident pattern of the at least two incident patterns to a previously detected incident pattern, or a combination thereof (¶ 0020).
As per claim 13, Anand teaches the method of claim 8, comprising grouping the alert with one or more additional alerts generated at the same time or substantially at the same time (¶ 0054).
As per claim 14, Anand teaches the method of claim 8, wherein the respective incidents associated with the at least two incident patterns comprise an unobserved incident in the managed network (¶ 0003-0005).
As per claim 15, Anand teaches a non-transitory, computer-readable medium, comprising instructions that when executed by one or more processors, cause the one or more processors to perform operations comprising: receiving machine-generated textual data associated with one or more computing resources of a managed network; processing the machine-generated textual data into one or more elements; classifying the machine-generated textual data into the one or more statistical metrics one or more statistical metrics based on the one or more elements; identifying a plurality of incident patterns associated with respective incidents in the managed network based on the one or more statistical metrics; correlating at least two incident patterns of the plurality of incident patterns; determining a root cause of the respective incidents associated with the at least two incident patterns based on an increase in a trend of one of the at least two incident patterns toward a threshold, or a time-proximity between respective anomalies in the at least two incident patterns, or both; and generating an alert for the respective incidents associated with the at least two incident patterns, wherein the alert indicates the determined root cause and at least one of the one or more elements (¶ 0003-0005, 0053-0054, Table 3 , as mapped in claim 1).
As per claim 16, Anand teaches the non-transitory, computer-readable medium of claim 15, wherein the one or more statistical metrics are represented as a gauge, a meter, or a histogram, or a combination thereof (¶ 0024).
As per claim 17, Anand teaches the non-transitory, computer-readable medium of claim 15, wherein the one or more elements comprise one or more events, one or more tokens, one or more key-value pairs, or one or more properties, or a combination thereof (¶ 0003-0005).
As per claim 18, Anand teaches the non-transitory, computer-readable medium of claim 15, wherein the at least two incident patterns are correlated based on an amplitude of an incident pattern of the at least two incident patterns, a frequency of an incident pattern of the at least two incident patterns, or a similarity of an incident pattern of the at least two incident patterns to a previously detected incident pattern, or a combination thereof (¶ 0020).
As per claim 19, Anand teaches the non-transitory, computer-readable medium of claim 15, wherein the operations comprise grouping the alert with one or more additional alerts generated at the same time or substantially at the same time (¶ 0054).
As per claim 20, Anand teaches the non-transitory, computer-readable medium of claim 15, wherein the respective incidents associated with the at least two incident patterns comprise an unobserved incident in the managed network (¶ 0003-0005).


Response to Arguments
5.	Applicant's arguments filed 3/16/22 have been fully considered but they are not persuasive.
	With respect to the independent claims, the applicant has amended and has argued that Anand does not teach classifying the machine-generated textual data into the one or more statistical metrics.  The examiner respectfully disagrees.  In paragraph 0052, Anand teaches wherein the data is classified according to causes, which can include metrics, such as traffic (see also ¶ 0056).  Anand also teaches using the groups to identify incident patterns, e.g. incidents on the same server, based on the metrics since the group is based on the collected metric, such as traffic.


Conclusion
6.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 2022/0019588A1 to Jha et al.:  Extracting metric data from logs to find root causes.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER S MCCARTHY whose telephone number is (571)272-3651. The examiner can normally be reached Monday-Friday 8:30-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached on (571)272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER S MCCARTHY/Primary Examiner, Art Unit 2113