DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This action is in response to Application filed 02/12/2021. 
Claims 1-18 are pending.
Applicant’s claimed foreign priority. However, the certified copy of the priority document was not submitted. As such, the foreign priority is not given at this time.
No Information Disclosure Statement (IDS) filed by Applicant with this Application. If the applicant is aware of any prior art or any other co-pending applications not already of record, he/she is reminded of his/her duty under 37 CFR 1.56 to disclose the same.
Specification
6.	The Specification has been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any grammatical/spelling or any other errors of which applicant may become aware in the specification.
Objection
7.	Claim 1 recited the limitations of “a method”, which should read as “a computer-implemented method”.
Dependent claims are objected for incorporating the same deficiencies of their respective base claims.
8.	The drawings are objected to under 37 CFR § 1.84(o) because the following drawing elements lack meaningful legends (e.g., descriptive legend):
Figure 1 needed identifying legends for understanding of the drawing.
Correction is required. No new matter should be entered.
	Corrected drawing sheets are required in reply to the Office action to avoid abandonment of the application.  Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended.  The figure or figure number of an amended drawing should not be labeled as “amended.”
Claim Rejections - 35 USC § 112
9.	The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


	Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 6, 12 and 18 each of them recited the limitations of “abnormal behavior”. The phrase previous is not defined by the claims and one of ordinary skill in the art would not able to appraised the scope of the claimed invention. The term abnormal behavior is indefinite as it fails to point out what is being described. 

Claim Rejections- 35 USC § 103

10.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
                    
11.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
         
12.	Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Swan et al. (US 2016/0140238 A1), hereinafter Swan in view of Arye et al. (US 2020/0334254 A1), hereinafter Arye.  
As for claim 1, Swan teaches a method stored in one or more data-storage devices and executed using one or more processors of a computer system for aggregating and querying log messages generated by event sources in a distributed computing system, the method comprising: determining event types of log message generated by event sources of the distributed computing system (see [0042], aggregation process include log files, network management data, out of any given application, logging, auditing, messaging);
aggregating the event types into aggregated records for a shortest time unit and storing the aggregated records in an aggregated records database; retrieving aggregated records from the aggregated records database, aggregating the event types into aggregated records for longer time units than the shortest time unit (see abstract, [0019]-[0020], aggregating time series data streams and time stamping the events, time bucketed indices are created by assigning the time stamped events to time buckets according to their time stamps. The time buckets have the same time duration, or different time durations. [0077], period of time that applying the indexing process to time series data will cause a large amount of persistent data to accumulate, a trailing time window (events older than 3 months need not be returned in search results), a time range (events earlier than January 1 of this year need not be returned in search results), a maximum number of events (no more than 1 million events need be returned in search results)
and storing the aggregated records for longer time units in the aggregated records database; and in response to receiving a query regarding occurrences of an event type in a query time interval via an interface,….the query time interval into subintervals with time lengths that range from the shortest time unit to a longest time unit that lie within the query time interval, and determining a total event count of occurrences of the event type in the query time interval based on the aggregated records with time stamps in the subintervals (see [0068], incoming events have time stamps, perform lookups in the search process, store the raw data of the event with its segmentation, create indices that map segments and time stamps in the event data store, and compute and store metadata related to the indices, [0057], intervals, defined by a start time and an end time where the start time is an inclusive boundary and the end time is an exclusive boundary, [0058], segment is a substring of the incoming event text and a segmentation is the collection of segments implied by the segmentation algorithm on the incoming event data. A segment sub string overlap another substring/it must be contained entirely within that substring. so that the segment hierarchy forms a tree on the incoming text, [0021],  a time series search request is divided into different sub-searches for the affected time buckets with each sub-search executed across the corresponding time bucket index).
Swan teaches the claimed invention including the limitations of query time interval into subintervals with time lengths ([0021], [0058]), but does not explicitly teach limitations of splitting the query time interval into subintervals with time lengths. In the same field of endeavor, Arye teaches the limitations of splitting the query time interval into subintervals with time lengths (see [0018], time intervals, having a start and end time, such that records within the region have timestamps (or time attribute values) that are between the start and end time (either inclusively or exclusively), [0060], split into a plurality of chunks along two dimension attributes, a time attribute and another dimension attribute).
Swan and Arye both references teach features that are directed to analogous art and they are from the same field of endeavor, such as user interface to design layout objects arranged at different coordinates. Update values associated with objects and design layouts. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Arye’s teaching to Swan system for creating and maintaining continuously up-to-date materialized views for time-series databases. Thus,  enable faster analytics over large data sets. An automatic analysis of query logs enable a system to infer materialization that could speed up queries, ensure that queries return up-do-date data while operating on materialized view (see Arye, [0015]).
As for claim 7, 
		The limitations therein have substantially the same scope as claim 1 because claim 7 is a system claim for implementing those steps of claim 1. Therefore, claim 7 is rejected for at least the same reasons as claim 1.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Arye’s teaching to Swan system for creating and maintaining continuously up-to-date materialized views for time-series databases. Thus,  enable faster analytics over large data sets. An automatic analysis of query logs enable a system to infer materialization that could speed up queries, ensure that queries return up-do-date data while operating on materialized view (see Arye, [0015]).
As for claim 13, 
		The limitations therein have substantially the same scope as claim 1 because claim 13 is a non-transitory computer-readable medium claim for implementing those steps of claim 1. Therefore, claim 13 is rejected for at least the same reasons as claim 1.
		It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Arye’s teaching to Swan system for creating and maintaining continuously up-to-date materialized views for time-series databases. Thus,  enable faster analytics over large data sets. An automatic analysis of query logs enable a system to infer materialization that could speed up queries, ensure that queries return up-do-date data while operating on materialized view (see Arye, [0015]).
As to claim 2, this claim is rejected based on the same reason as above to reject the claim above and are similarly rejected including the following:
	Swan and Arye teach:
wherein aggregating the event types into aggregated records for a shortest time unit comprises: for each lowest level time interval with a length that matches the shortest time unit, for each event type occurring in the lowest time interval, determining an event type label for the event type; determining an event count of the number of times the event type occurs in the lowest time interval; creating a new lowest-level aggregated record for the event type, the new aggregated record of the event count and the shortest time unit; adding system identification, event type label, and timestamp associated with the lowest time interval to the aggregated record; and storing the lowest-level aggregated record in the aggregated records database (see Swan, [0012], [0044], [0055]).
As to claim 3, this claim is rejected based on the same reason as above to reject the claim above and are similarly rejected including the following:
	Swan and Arye teach:
wherein aggregating the event types into aggregated records for longer time units comprises: initializing a time unit to a shortest time unit of a lowest time level; and for each time interval of a higher time level, for each event type with a time stamp in the time interval, retrieving aggregated records for the event type and time unit with time stamps in the time interval from an aggregated records database, summing event counts of the aggregated records for the event type to obtain a total count for the event type, creating a new higher-level aggregated record for the event type with a next longer time unit that matches a length of the time interval of the higher time level, adding system identification, event type label, the event count of the event type, and a time stamp of the time interval to the higher-level aggregated record, and storing the higher-level aggregated record in the aggregated records database (see Swan, [0094], [0098], [0044], [0055]).
As to claim 4, this claim is rejected based on the same reason as above to reject the claim above and are similarly rejected including the following:
	Swan and Arye teach:
wherein splitting of the query time interval into subintervals comprises determining one or more adjacent subintervals of the query time interval, time length of the one or more subintervals matching a longest time unit of aggregated records stored in an aggregated records database and fitting within the query time interval; and for each time unit less the longest time unit, determining one or more subintervals of the query time interval that correspond to the time unit and fits within portions of the query time interval located outside previously determined subintervals of the query time interval (see Swan, [0051], [0057]; Also see, Arye [0060]).
As to claim 5, this claim is rejected based on the same reason as above to reject the claim above and are similarly rejected including the following:
	Swan and Arye teach:
wherein determining the event count of an event type over the query time interval comprises: for each subinterval of the query time interval, retrieving an aggregated record for the event type with a time stamp in the subinterval and time unit that matches the length of the subinterval from an aggregated records database, and reading an event count from the aggregate record; and summing the event counts of the event type to obtain the total event count of occurrences of the event type in the query time interval (see Swan, [0046], [0082], [0097]).
As to claim 6, this claim is rejected based on the same reason as above to reject the claim above and are similarly rejected including the following:
	Swan and Arye teach:
further comprising: using the event count in the query time interval to detect abnormal behavior in one or more of the event sources; and reporting the abnormal behavior to a user (see Swan, [0012]).
Claims 8-12 correspond in scope to claims 2-6 and are similarly rejected.
Claims 14-18 correspond in scope to claims 2-7 and are similarly rejected.
Prior Arts
13. 	WO2013/002811 A1 teaches executes a specified query on a defined schedule and time duration to calculate the aggregate results over the specified time duration, aggregation of the query results includes frequency, duration or time interval in which query is applied on the events ([0014]).
US 2018/0173739 A1 teaches time series data streams includes server logs and other types of machine data (i.e., data generated by machines). The time series data streams are time stamped to create time stamped events. The time stamped events are time indexed to create time bucketed indices, which are used to fulfill search requests ([0016]).
US 2019/0165990 A1 teaches time-based range events are received via the event stream, the duration of time that the second event is eligible to remain in the time-based window. The first and second events have the same associated timestamp or different timestamps. Enable amount of time that an event spends in a time-based window to be controlled ([0010]).

Conclusion
14.	The examiner suggests, in response to this Office action, support being shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application because: 
a.	37 C.F.R. § 1.75(d)(1) requires antecedent basis in the Specification or original disclosure for any new language, including terms and phrases, added to the claims; 
and because:
b.	37 C.F.R. § 1.83(a) requires the Drawings to illustrate or show all claimed features.
Applicant must clearly point out the patentable novelty that they think the claims present, in view of the state of the art disclosed by the references cited or the objections made, and must also explain how the amendments avoid the references or objections. See 37 C.F.R. § 1.111(c).
The examiner has cited particular columns and line numbers in the references as applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant, in preparing the responses, to fully consider each of the cited references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage disclosed by the examiner.
15.	The prior art made of record on form PTO-892 and not relied upon is considered pertinent to applicant's disclosure. Applicant is required under 37 C.F.R. § 1.111(c) to consider these references fully when responding to this action (see MPEP § 7.96). 
Contact Information
16.	Any inquiry concerning this communication or earlier communication from the examiner should be directed to Daniel A Kuddus whose telephone number is (571) 270-1722. The examiner can normally be reached on Monday to Thursday 8.00 a.m.-5.30 p.m. The examiner can also be reached on alternate Fridays from 8.00 a.m. to 4.30 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Hosain Alam can be reached on (571) 272-3978. The fax phone number for the organization where this application or processing is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from the either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
6/16/22								/DANIEL A KUDDUS/            							Primary Examiner, Art Unit 2154