Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are pending and are being examined in this application.

Allowable Subject Matter
Claims 3, 4, and 15-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 5, 7, 8, 11, 13, 14, 19, and 20 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Lin et al. (US Pub. 20180165173).

Referring to claim 1, Lin discloses A computer-implemented method comprising: 
receiving a dataset comprising records, wherein each record of the records comprises information descriptive of an event corresponding to an entity [pars. 70 and 77; event messages are received from various components of computer systems and stored as event records]; 
clustering the records into cluster categories, each cluster category being indicative of an event category of the events, wherein each record of the records is associated with a cluster identifier indicating a cluster to which the record belongs [par. 77; the event records are assigned to clusters, each cluster representing a message type and identified using a cluster identifier]; 
determining one or more event attributes descriptive of the events [par. 77; the event records include parameters (e.g., date and time parameters)]; 
selecting, from the dataset, records having values of the determined event attributes [fig. 34A; par. 116; note analysis of a column of event records associated with time values]; 
grouping the selected records according to a grouping criterion into groups, the grouping criterion being based on the values of the determined event attributes [fig. 34A; par. 116; the column of event records is grouped by time windows based on the time values], wherein each group comprises a set of records representing respective ones of the event categories [fig. 34A; par. 116; each group of event records comprises event records representing respective message types]; and 
determining at least one association rule using the groups and the cluster identifiers, wherein each association rule indicates a relationship between the event categories of a respective group [pars. 116 and 117; patterns of time-correlated event message types (i.e., events with message types that co-occur in the same time window) that are recurring are identified as transactions (e.g., an event of type “h19” occurs after an event of type “n68”)].

Referring to claim 2, Lin discloses The method of claim 1, wherein the determining of the at least one association comprises: identifying in the groups at least one pattern of a set of cluster identifiers, the at least one pattern being defined by at least two groups of the groups, wherein each group defining the at least one pattern comprises a set of records having said set of cluster identifiers, wherein the event categories between which the relationship is determined are categories of the clusters having said set of cluster identifiers respectively; and for each pattern of the at least one pattern, creating the determined association rule between the event categories of the pattern [pars. 77, 116, and 117; note the recurring patterns of time-correlated event message types for identifying transactions, each message type represented by a cluster identifier].

Referring to claim 5, Lin discloses The method of claim 1, wherein the determined event attribute comprises a time of the event, wherein the group associated with the event categories of each of the association rules comprises a sequence of records which are sequential in time, wherein the last record of the sequence has an event category that is caused by the event categories of the other earlier records of the sequence according to the association rule [fig. 34A; pars. 77, 116, and 117; note the time parameters and identification of strictly time-ordered transactions (i.e., transactions where a preceding event is required for a subsequent event to occur)].

Referring to claim 7, Lin discloses The method of claim 1, wherein the event attribute comprising a datum chosen from the group consisting of: a time of the event, a location of the event, and a frequency of occurrence of the event [pars. 71, 73, and 118; note the date, time, and host computer (i.e., location) parameters and the use of counters to track event frequency].

Referring to claim 8, Lin discloses The method of claim 1, wherein the dataset comprises data chosen from the group consisting of: unstructured data and structured data records [pars. 72 and 83; the event message may be unstructured (i.e., requiring extraction of the parameters via tokenization) or structured according to a specific format].

Referring to claim 11, Lin discloses The method of claim 1, wherein the clustering is performed using an unsupervised clustering algorithm [par. 79; the clusters are assigned based on numeric metrics].

Referring to claim 13, Lin discloses The method of claim 2, wherein: the groups are time buckets; and the pattern is identified by processing the time buckets via an overlapping or nonoverlapping moving window strategy [par. 124; each of the time windows is generated by sliding upward as new event records are received].

Referring to claim 14, Lin discloses The method of claim 1, wherein the determined event attribute is the time of the event; and wherein the grouping comprises: generating a subset of the dataset by selecting a subset of the event categories associated to the records in the dataset; for each record in the subset, generating a time bucket such that the end of the time bucket represents the timestamp of the each record; and assigning each record in the dataset to the generated time buckets such that the timestamp of the record is within each respective time bucket [pars. 116, 117, and 124; note the time windows, where each time window is generated by sliding upward as new event records are received, with the time window extending downward from the most-recently stored event].

Referring to claim 19, Lin discloses A computer program product comprising a computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code configured to implement the method of claim 1 [fig. 1; par. 48; note one or more CPUs 102-105 with memory subsystem 110].

Referring to claim 20, Lin discloses A computer system comprising a one or more processors and a memory communicatively coupled to the one or more processors, wherein the memory comprises instructions which, when executed by the one or more processors, cause the one or more processors to perform a method comprising the claimed steps [fig. 1; par. 48; note computer system comprising one or more CPUs 102-105 with memory subsystem 110].

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Dittmer et al. (US Pub. 20210149384).

Referring to claim 6, Lin discloses The method of claim 1, wherein the relationship is a casual relationship indicating that one outcome event category of the set of event categories is caused by remaining subset of event categories of the set of event categories [fig. 34A; pars. 77, 116, and 117; note the time parameters and identification of strictly time-ordered transactions comprising sequences of event records, which means that preceding events in a sequence are required for a last event to occur]; and the method further comprising: monitoring the function of the entity to generate monitoring status records; detecting a group of monitoring status records that have the subset of event categories respectively, the detected group fulfilling the grouping criterion [par. 151; the identified transactions are used to filter display event messages in an event log and discover state changes of interest].
Lin does not appear to explicitly disclose controlling the entity to prevent the occurrence of the outcome event category.
However, Dittmer discloses controlling the entity to prevent the occurrence of the outcome event category [pars. 45-47; potential events are resolved before they occur by making event predictions based on analysis of log data stored about time-series events].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the event monitoring taught by Lin so that potential events are revolved before they occur based on the identified transactions as taught by Dittmer. The motivation for doing so would have been to prevent problems before they occur [Dittmer, pars. 45-47].

Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Pande et al. (US Pub. 20180270261).
	
Referring to claim 9, Lin discloses The method of claim 1, wherein the dataset comprises unstructured records; and the method further comprises: tokenizing the unstructured records into tokens [par. 83; the event messages are tokenized in order to extract the parameters]; ...representing the record in a vector space, each record of the dataset having a vector representation in the vector space [pars. 85 and 86; the parameters of the event messages are represented as feature vectors in a vector space], wherein the clustering and the grouping is performed using the vector representations [pars. 77 and 116; note that the clustering and grouping are performed based on the parameters].
Lin does not appear to explicitly disclose inputting the tokens of each record to a trained machine learning model for representing the record in the vector space.
However, Pande discloses inputting the tokens of each record to a trained machine learning model for representing the record in the vector space [par. 25; features within event logs are represented as vectors using Word2Vec (i.e., a neural network machine learning model)].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the event monitoring taught by Lin so that the feature vectors are generated using a neural network machine learning model as taught by Pande. The motivation for doing so would have been to facilitate context-specific feature representation [Pande, par. 25].

Referring to claim 10, Lin discloses The method of claim 9, wherein the machine learning model is a neural network [par. 25; note the neural network machine learning model].

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Hevizi et al. (US Pub. 20170134240).

Referring to claim 12, Lin discloses The method of claim 1, wherein: the determined event attribute is the time of the event; and the grouping criterion groups the records into time buckets of variable length of time, wherein the groups are the time buckets [fig. 34A; pars. 116 and 117; note the time windows].
Lin does not appear to explicitly disclose that the time buckets are of variable length of time.
However, Hevizi discloses that the time buckets are of variable length of time [par. 31; events are correlated based on time using variable sized time windows].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the event monitoring taught by Lin so that the time windows are of variable size as taught by Hevizi. The motivation for doing so would have been to check for consistency of detected correlations [Hevizi, par. 31].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Kobayashi et al. (US Pub. 20050283680) discloses detecting an occurrence pattern of an event from an event log based on rule-based relationships.
Ladnai et al. (US Pub. 20170302685) discloses generating an event graph showing causal relationships between events.


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GRACE PARK whose telephone number is (571) 270-7727.  The examiner can normally be reached on M-F 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JAMES TRUJILLO can be reached on (571) 272-3677.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.


/Grace Park/Primary Examiner, Art Unit 2157