after some tries with different configurations I use follow settings for 6000 nodes:
90 minutes for agent - server communication
bring only 10 major events each time
filter most of events, especially "scan time out" in server settings, and this policy actually left most of "junk" on client
+ NAC events for basic policies for 3000 clients
+ RSD events for 300+ subnets
have more than 4gb db with events on last 90 days only.
product subset in my signature.
will start use more heavily Policy auditor and then db will grow up at least twice (for monthly scan and keep records for 90 days)
And is there a way to count the number of clients events for example within 24 hours.
I know that there is a query "Clients Events" under Events queries, but I do not believe that it couts all the events because there is also Threat Events query which reports differents events.
The question is how to count all the events reported by client systems.