Configuration Keys

All configuration keys live under Machine\System\eventd\. eventd ignores unknown keys in this subtree. Invalid values are ignored and the compiled-in default is retained. eventd MUST emit a synthetic synthetic.config_change event when a valid configuration change is applied.

§12.1.1 Required keys

These keys MUST exist for eventd to start. There are no compiled-in defaults.

Key	Type	Description
EventStorePath	REG_SZ	Directory path for event shard databases.
LogStorePath	REG_SZ	File path for the log store database.
MetricStorePath	REG_SZ	File path for the metric store database.
QuerySocketPath	REG_SZ	Unix socket path for query access.
LogSocketPath	REG_SZ	Unix socket path for log ingestion.
MetricSocketPath	REG_SZ	Unix socket path for metric ingestion.

§12.1.2 Event ingestion

Key	Type	Default	Valid range	Description
StorageShards	REG_DWORD	0	0--256	Number of event shard databases. 0 = CPU count.
MaxBatchSize	REG_DWORD	10000	100--100000	Maximum events per event writer transaction.
MaxBatchLatencyMs	REG_DWORD	100	10--5000	Maximum ms before an event batch is committed.

§12.1.3 Log ingestion

Key	Type	Default	Valid range	Description
LogMaxBatchSize	REG_DWORD	5000	100--100000	Maximum log records per transaction.
LogMaxBatchLatencyMs	REG_DWORD	500	10--5000	Maximum ms before a log batch is committed.

§12.1.4 Metric ingestion

Key	Type	Default	Valid range	Description
MetricMaxBatchSize	REG_DWORD	5000	100--100000	Maximum metric samples per transaction.
MetricMaxBatchLatencyMs	REG_DWORD	1000	10--5000	Maximum ms before a metric batch is committed.

§12.1.5 Adaptive indexing (events)

Key	Type	Default	Valid range	Description
AdaptiveIndexWindowHours	REG_DWORD	24	1--168	Rolling window for query frequency measurement.
AdaptiveIndexPolicyIntervalMinutes	REG_DWORD	60	60--1440	How often the desired index set is recomputed. Minimum 60 minutes.
AdaptiveIndexCreateThreshold	REG_DWORD	100	10--10000	Queries on a field required to trigger index creation.
AdaptiveIndexDropThreshold	REG_DWORD	10	1--1000	Queries below which an index is removed from the desired set. MUST be less than create threshold.

§12.1.6 Index shedding

Key	Type	Default	Valid range	Description
SheddingWindowSeconds	REG_DWORD	30	10--300	Sliding window for graduated shedding evaluation.
SheddingBatchPercent	REG_DWORD	75	50--100	Percentage of batches exceeding 75% of MaxBatchSize to trigger graduated shedding.
EmergencySheddingBufferPercent	REG_DWORD	75	50--95	Ring buffer fill percentage that triggers emergency shedding.

§12.1.7 Adaptive rollups (metrics)

Key	Type	Default	Valid range	Description
AdaptiveRollupWindowHours	REG_DWORD	48	1--168	Rolling window for rollup query frequency measurement.
AdaptiveRollupCreateThreshold	REG_DWORD	50	10--10000	Queries required to trigger rollup computation.
AdaptiveRollupDropThreshold	REG_DWORD	5	1--1000	Queries below which a rollup pair is removed. MUST be less than create threshold.

§12.1.8 Metric series cache

Key	Type	Default	Valid range	Description
MetricSeriesCacheSize	REG_DWORD	50000	1000--1000000	Maximum entries in the in-memory series resolution cache (LRU).

§12.1.9 Retention

Key	Type	Default	Valid range	Description
EventRetentionDays	REG_DWORD	30	1--3650	Maximum age of events in days.
EventRetentionMaxBytes	REG_QWORD	0	0--2^64-1	Maximum total size of event shard databases. 0 = no limit.
LogRetentionDays	REG_DWORD	14	1--3650	Maximum age of log entries in days.
LogRetentionMaxBytes	REG_QWORD	0	0--2^64-1	Maximum size of log store database. 0 = no limit.
MetricRetentionDays	REG_DWORD	90	1--3650	Maximum age of metric samples in days.
MetricRetentionMaxBytes	REG_QWORD	0	0--2^64-1	Maximum size of metric store database. 0 = no limit.
RetentionCheckIntervalMinutes	REG_DWORD	60	1--1440	How often the retention process runs.

§12.1.10 Querying

Key	Type	Default	Valid range	Description
QueryTimeoutMs	REG_DWORD	30000	1000--300000	Maximum query execution time in ms.
MaxConcurrentQueries	REG_DWORD	128	1--4096	Maximum concurrent queries (streaming and non-streaming) globally.
MaxStreamingQueries	REG_DWORD	64	1--1024	Maximum concurrent streaming queries globally.
MaxQueryMessageBytes	REG_DWORD	65536	1024--16777216	Maximum query message size in bytes.

§12.1.11 Cross-type filtering

Key	Type	Default	Valid range	Description
CrossTypeWindowMs	REG_DWORD	15000	1000--300000	Time window for cross-type event/log existence checks.
CrossTypeMaxLookbackSeconds	REG_DWORD	604800	3600--2592000	Maximum time range a cross-type filter may scan. Default 7 days.

§12.1.12 Security subtree

SDs for read-path access control are stored under Machine\System\eventd\Security\:

Machine\System\eventd\Security\Events\*
Machine\System\eventd\Security\Events\<pattern>
Machine\System\eventd\Security\Logs\*
Machine\System\eventd\Security\Logs\<pattern>
Machine\System\eventd\Security\Metrics\*
Machine\System\eventd\Security\Metrics\<pattern>

See §9.1 for SD structure and default values.

§12.1.13 Runtime vs restart

Change	Effect
Tuning parameters (batch sizes, latencies, retention, adaptive thresholds, query timeout, cross-type window)	Applied immediately.
Socket paths	Requires restart.
Store paths	Requires restart.
StorageShards	Requires restart.
Security SDs	Applied on next query (SD cache invalidated by registry watch).

§12.1.1 Required keys #

§12.1.2 Event ingestion #

§12.1.3 Log ingestion #

§12.1.4 Metric ingestion #

§12.1.5 Adaptive indexing (events) #

§12.1.6 Index shedding #

§12.1.7 Adaptive rollups (metrics) #

§12.1.8 Metric series cache #

§12.1.9 Retention #

§12.1.10 Querying #

§12.1.11 Cross-type filtering #

§12.1.12 Security subtree #

§12.1.13 Runtime vs restart #