DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/22/22 has been entered.
	
Response to Amendment
The amendment filed on 04/22/22 has been entered. Claims 1-15 remain pending in the application.
	
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Gao (US 2017/0364563) in view of Marquardt (US 2018/0218037).
Regarding claim 1, Gao discloses:
A universal data index generation and utilization method comprising: obtaining, by data processing hardware, from a database stored on memory in communication with the data processing hardware, a plurality of records, each record of the plurality of records: located at a respective … storage location… at least by ([0023] “Keys 112-114 may be used by data-processing system 102 to group parameters from multiple inputs into the merged records. Each row of data from an input may include one or more required keys, such as an entity key that represents an entity (e.g., member or company) in the online professional network and a partition key that represents a given partition (e.g., time interval, location, demographic, etc.) associated with the data” [0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the keys of the attribute-value pairs can store their storage location,
and comprising a field value associated with a respective data field of a plurality of data fields at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”),
each respective data field of the plurality of data fields having corresponding meta-data at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the metadata corresponding to each field are the attributes or attribute for each of the attribute-value pairs;
for each respective record of the plurality of records: generating, by the data processing hardware, a data structure based on a union of the field value and the corresponding meta-data of the respective data field at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.” [0042] “Second, merged records may be generated from records 212-214 in a number of ways. As mentioned above, the merged records may include some or all attribute-value pairs 232 for a given combination of entity and partition keys 230 from inputs 202.” [0043] “Attribute-value pairs 232 may further be grouped and consolidated into merged records according to different keys 230 or sets of keys.” [0063] “The attribute name of an attribute-value pair is also combined with an input name of the input to create a combined name (operation 506) that represents a unique, namespaced attribute name for the attribute. The combined name is also mapped to a unique identifier for the attribute name (operation 508), and the attribute name in the attribute-value pair is replaced with the unique identifier (operation 510). For example, the attribute name may be mapped to a numeric (e.g., integer) identifier, and the mapping may be stored in a file, table, list, and/or other type of structure for subsequent retrieval and use.”) and the data structure based on a union of the field and metadata (attributes) are the merged records consolidated according to different keys and values,
and storing, by the data processing hardware, the data structure and the respective … storage location of the respective record at a universal data index at least by ([0035] “Processing apparatus 204 may also index the sorted records of each data file in an index file (e.g., index files 224) for the data file. For example, processing apparatus 204 may index the records by entity key using attribute-value pairs, with each attribute representing an entity key and the corresponding value representing the location (e.g., offset) of the record with the entity key in the data file. Entity keys and the corresponding record locations in the data file may also be specified in the index file at periodic intervals (e.g., every 1000 records). By including an index with processed records 218, processing apparatus 204 may enable constant-time retrieval of records from data files 222” [0064] “An index file containing mappings of entity key values to positions of records in the data file is then generated (operation 514).”);
receiving, at the data processing hardware, from a client device, a keyword query comprising a particular field value, the keyword query requesting one or more records of the plurality of records from the database having the particular field value at least by ([0026] “To load records 212-214 from inputs 202, processing apparatus 204 may obtain one or more parameters 206 containing the names and/or locations of the inputs…the processing apparatus may provide an application-programming interface (API) for receiving the parameters and/or one or more queries 240 containing the parameters from one or more users.”) and the user queries can contain names of the inputs (keyword queries).
Gao fails to disclose “located at a respective database storage location of the database; …database storage locations; searching, by the data processing hardware, the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query; and retrieving, by the data processing hardware, the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations.”
However, Marquardt teaches located at a respective database storage location of the database; …database storage locations at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored”);
searching, by the data processing hardware, the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head”) and the indexer can search for event records responsive to a query based only on values for certain fields;
and retrieving, by the data processing hardware, the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations at least by ([0124] “This way, events containing these name-value pairs can be quickly located. In some embodiments, fields can automatically be generated for some or all of the name-value pairs at the time of indexing. For example, if the string “dest=10.0.1.2” is found in an event, a field named “dest” may be created for the event, and assigned a value of “10.0.1.2” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head” [0131] “At block 410, the search head combines the partial results or events received from the indexers to produce a final result for the query. This final result may comprise different types of data depending on what the query requested. For example, the results can include a listing of matching events returned by the query, or some type of visualization of the data from the returned events. In another example, the final result can include one or more calculated values derived from the matching events.”) and the retrieved results include the event records which can comprise name value pairs, wherein the name in the name value pair is the metadata. Additionally, the retrieved results can comprise visualizations of the data and/or calculated values (metadata) derived from the matching events.
Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate the teaching of Marquardt into the teaching of Gao because the references similarly disclose indexing and searching for data. Consequently, one of ordinary skill in the art would be motivated to further modify the system as in Gao to further include the searching and retrieving of data using an index as in Marquardt in order to prevent the system from having to search through each data record for a search term and, thus, provide a more efficient search method.
As per claim 2, claim 1 is incorporated, Gao further discloses:
wherein the corresponding meta-data includes a data field name associated with the requested one or more records of the plurality of records at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the metadata corresponding to each field are the attributes or attribute for each of the attribute-value pairs.
As per claim 3, claim 1 is incorporated, Gao further discloses:
wherein the particular field value of the keyword query comprises a name associated with the requested one or more records of the plurality of records at least by ([0026] “To load records 212-214 from inputs 202, processing apparatus 204 may obtain one or more parameters 206 containing the names and/or locations of the inputs…the processing apparatus may provide an application-programming interface (API) for receiving the parameters and/or one or more queries 240 containing the parameters from one or more users.”).
As per claim 4, claim 3 is incorporated, Marquardt further discloses:
wherein searching the universal data index using only the particular field value of the keyword query comprises identifying the requested one or more records of the plurality of records containing the particular field value as a reverse lookup of the name associated with the requested one or more records of the plurality of records based upon the particular field value at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head”) and the indexer looks up matching events based on values for certain fields specified in the query.
As per claim 5, claim 1 is incorporated, Marquardt further discloses:
wherein the keyword query includes a first field value and the issuing of the keyword query produces a second field value from a corresponding pair-wise field value of a co-occurrence list at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored”) and the second field value from a corresponding pair-wise field value of a co-occurrence list are the reference values associated with the field name and value pairs.
Regarding claim 6, Gao discloses:
A data analytics data processing system configured for universal data index construction comprising: a host computing system comprising one or more computers, each with memory and at least one processor; a database index persistent in the memory of the host computing system at least by ([0036] “Processing apparatus 204 may store data files 222, index files 224, and mapping 210 in a data repository 234 such as a distributed filesystem, network-attached storage (NAS), and/or other type of network-accessible storage, for subsequent retrieval and use.”);
and a universal data index construction module comprising computer program instructions executing in the memory of the host computing system, the program instructions performing: obtaining from a database stored on the memory of the host computing system in communication with the universal data index construction module, a plurality of records, each record of the plurality of records: located at a respective … storage location … at least by ([0023] “Keys 112-114 may be used by data-processing system 102 to group parameters from multiple inputs into the merged records. Each row of data from an input may include one or more required keys, such as an entity key that represents an entity (e.g., member or company) in the online professional network and a partition key that represents a given partition (e.g., time interval, location, demographic, etc.) associated with the data” [0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the keys of the attribute-value pairs can store their storage location,
and comprising a field value associated with a respective data field of a plurality of data fields at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”),
each respective data field of the plurality of data fields having corresponding meta-data at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the metadata corresponding to each field are the attributes or attribute for each of the attribute-value pairs;
for each respective record of the plurality of records: generating a data structure based on a union of the field value and the corresponding meta-data of the respective data field at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.” [0042] “Second, merged records may be generated from records 212-214 in a number of ways. As mentioned above, the merged records may include some or all attribute-value pairs 232 for a given combination of entity and partition keys 230 from inputs 202.” [0043] “Attribute-value pairs 232 may further be grouped and consolidated into merged records according to different keys 230 or sets of keys.” [0063] “The attribute name of an attribute-value pair is also combined with an input name of the input to create a combined name (operation 506) that represents a unique, namespaced attribute name for the attribute. The combined name is also mapped to a unique identifier for the attribute name (operation 508), and the attribute name in the attribute-value pair is replaced with the unique identifier (operation 510). For example, the attribute name may be mapped to a numeric (e.g., integer) identifier, and the mapping may be stored in a file, table, list, and/or other type of structure for subsequent retrieval and use.”) and the data structure based on a union of the field and metadata (attributes) are the merged records consolidated according to different keys and values,
and storing the data structure and the respective … storage location of the respective record at a universal data index at least by ([0035] “Processing apparatus 204 may also index the sorted records of each data file in an index file (e.g., index files 224) for the data file. For example, processing apparatus 204 may index the records by entity key using attribute-value pairs, with each attribute representing an entity key and the corresponding value representing the location (e.g., offset) of the record with the entity key in the data file. Entity keys and the corresponding record locations in the data file may also be specified in the index file at periodic intervals (e.g., every 1000 records). By including an index with processed records 218, processing apparatus 204 may enable constant-time retrieval of records from data files 222” [0064] “An index file containing mappings of entity key values to positions of records in the data file is then generated (operation 514).”);
receiving, from a client device, a keyword query comprising a particular field value, the keyword query requesting one or more records of the plurality of records from the database having the particular field value at least by ([0026] “To load records 212-214 from inputs 202, processing apparatus 204 may obtain one or more parameters 206 containing the names and/or locations of the inputs…the processing apparatus may provide an application-programming interface (API) for receiving the parameters and/or one or more queries 240 containing the parameters from one or more users.”) and the user queries can contain names of the inputs (keyword queries).
Gao fails to disclose “located at a respective database storage location of the database; …database storage locations; searching the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query; and retrieving the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations”
However, Marquardt teaches located at a respective database storage location of the database; …database storage locations at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored”);
searching the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head”) and the indexer can search for event records responsive to a query based only on values for certain fields;
and retrieving the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations at least by ([0124] “This way, events containing these name-value pairs can be quickly located. In some embodiments, fields can automatically be generated for some or all of the name-value pairs at the time of indexing. For example, if the string “dest=10.0.1.2” is found in an event, a field named “dest” may be created for the event, and assigned a value of “10.0.1.2” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head” [0131] “At block 410, the search head combines the partial results or events received from the indexers to produce a final result for the query. This final result may comprise different types of data depending on what the query requested. For example, the results can include a listing of matching events returned by the query, or some type of visualization of the data from the returned events. In another example, the final result can include one or more calculated values derived from the matching events.”) and the retrieved results include the event records which can comprise name value pairs, wherein the name in the name value pair is the metadata. Additionally, the retrieved results can comprise visualizations of the data and/or calculated values (metadata) derived from the matching events.
Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate the teaching of Marquardt into the teaching of Gao because the references similarly disclose indexing and searching for data. Consequently, one of ordinary skill in the art would be motivated to further modify the system as in Gao to further include the searching and retrieving of data using an index as in Marquardt in order to prevent the system from having to search through each data record for a search term and, thus, provide a more efficient search method.
Regarding claim 11, Gao discloses:
A computer program product for universal data index construction, the computer program product including a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a device to cause the device to perform a method including: obtaining from a database stored on the memory of the host computing system in communication with the universal data index construction module, a plurality of records, each record of the plurality of records: located at a respective … storage location … at least by ([0023] “Keys 112-114 may be used by data-processing system 102 to group parameters from multiple inputs into the merged records. Each row of data from an input may include one or more required keys, such as an entity key that represents an entity (e.g., member or company) in the online professional network and a partition key that represents a given partition (e.g., time interval, location, demographic, etc.) associated with the data” [0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the keys of the attribute-value pairs can store their storage location,
and comprising a field value associated with a respective data field of a plurality of data fields at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”),
each respective data field of the plurality of data fields having corresponding meta-data at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.”) and the metadata corresponding to each field are the attributes or attribute for each of the attribute-value pairs;
for each respective record of the plurality of records: generating a data structure based on a union of the field value and the corresponding meta-data of the respective data field at least by ([0028] “The attribute-value pairs in the record may represent metrics, dimensions, and/or other types of data associated with the entity and partition. More specifically, the attribute-value pairs may be identified by attribute names and the corresponding values associated with the attribute names.” [0042] “Second, merged records may be generated from records 212-214 in a number of ways. As mentioned above, the merged records may include some or all attribute-value pairs 232 for a given combination of entity and partition keys 230 from inputs 202.” [0043] “Attribute-value pairs 232 may further be grouped and consolidated into merged records according to different keys 230 or sets of keys.” [0063] “The attribute name of an attribute-value pair is also combined with an input name of the input to create a combined name (operation 506) that represents a unique, namespaced attribute name for the attribute. The combined name is also mapped to a unique identifier for the attribute name (operation 508), and the attribute name in the attribute-value pair is replaced with the unique identifier (operation 510). For example, the attribute name may be mapped to a numeric (e.g., integer) identifier, and the mapping may be stored in a file, table, list, and/or other type of structure for subsequent retrieval and use.”) and the data structure based on a union of the field and metadata (attributes) are the merged records consolidated according to different keys and values,
and storing the data structure and the respective … storage location of the respective record at a universal data index at least by ([0035] “Processing apparatus 204 may also index the sorted records of each data file in an index file (e.g., index files 224) for the data file. For example, processing apparatus 204 may index the records by entity key using attribute-value pairs, with each attribute representing an entity key and the corresponding value representing the location (e.g., offset) of the record with the entity key in the data file. Entity keys and the corresponding record locations in the data file may also be specified in the index file at periodic intervals (e.g., every 1000 records). By including an index with processed records 218, processing apparatus 204 may enable constant-time retrieval of records from data files 222” [0064] “An index file containing mappings of entity key values to positions of records in the data file is then generated (operation 514).”);
receiving, from a client device, a keyword query comprising a particular field value, the keyword query requesting one or more records of the plurality of records from the database having the particular field value at least by ([0026] “To load records 212-214 from inputs 202, processing apparatus 204 may obtain one or more parameters 206 containing the names and/or locations of the inputs…the processing apparatus may provide an application-programming interface (API) for receiving the parameters and/or one or more queries 240 containing the parameters from one or more users.”) and the user queries can contain names of the inputs (keyword queries).
Gao fails to disclose “located at a respective database storage location of the database; …database storage locations; searching the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query; and retrieving the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations”
However, Marquardt teaches located at a respective database storage location of the database; …database storage locations at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored”);
searching the universal data index using only the particular field value of the keyword query to identify the respective database storage locations of the requested one or more records of the plurality of records having the particular field value of the keyword query at least by ([Abstract] “Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head”) and the indexer can search for event records responsive to a query based only on values for certain fields;
and retrieving the requested one or more records of the plurality of records and the corresponding meta-data of the respective data field from the database using the identified respective database storage locations at least by ([0124] “This way, events containing these name-value pairs can be quickly located. In some embodiments, fields can automatically be generated for some or all of the name-value pairs at the time of indexing. For example, if the string “dest=10.0.1.2” is found in an event, a field named “dest” may be created for the event, and assigned a value of “10.0.1.2” [0130] “At block 408, the indexers to which the query was distributed, search data stores associated with them for events that are responsive to the query. To determine which events are responsive to the query, the indexer searches for events that match the criteria specified in the query. These criteria can include matching keywords or specific values for certain fields…In an embodiment, one or more rules for extracting field values may be specified as part of a source type definition. The indexers may then either send the relevant events back to the search head, or use the events to determine a partial result, and send the partial result back to the search head” [0131] “At block 410, the search head combines the partial results or events received from the indexers to produce a final result for the query. This final result may comprise different types of data depending on what the query requested. For example, the results can include a listing of matching events returned by the query, or some type of visualization of the data from the returned events. In another example, the final result can include one or more calculated values derived from the matching events.”) and the retrieved results include the event records which can comprise name value pairs, wherein the name in the name value pair is the metadata. Additionally, the retrieved results can comprise visualizations of the data and/or calculated values (metadata) derived from the matching events.
Therefore, it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to incorporate the teaching of Marquardt into the teaching of Gao because the references similarly disclose indexing and searching for data. Consequently, one of ordinary skill in the art would be motivated to further modify the system as in Gao to further include the searching and retrieving of data using an index as in Marquardt in order to prevent the system from having to search through each data record for a search term and, thus, provide a more efficient search method.
Claims 7-10, 12-15 recite similar claim limitations as the method of claims 2-5, except that they set forth the claimed invention as a system and computer program product, respectively, as such they are rejected for the same reasons as applied hereinabove.	
	
Response to Arguments
The following is in response to the amendment filed on 04/22/22.
Applicant’s arguments with respect to the prior art rejections have been considered but are moot because they do not apply to all of the references being used in the current rejection.

	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM P BARTLETT whose telephone number is (469)295-9085.  The examiner can normally be reached on M-Th 11:30-8:30, F 11-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 5712724046.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WILLIAM P BARTLETT/
Examiner, Art Unit 2169

/USMAAN SAEED/Supervisory Patent Examiner, Art Unit 2169