| start_at | enum | end | Start reading logs from beginning or end. |
| collection_mode | enum | Streaming | Collection mode to use. When set to Streaming, the source streams events as they arrive. When set to Polling, the source polls for new events at a fixed interval. |
| polling_interval | float | 5 | The interval (seconds) at which the channel is checked for new log entries. |
| wait_timeout | float | 5 | Maximum duration (seconds) to wait for new events before performing a safety-net poll. |
| resolve_sids.enabled | bool | false | Enable Security Identifier (SID) resolution. When enabled, SID values in event logs (e.g., S-1-5-18) are resolved to human-readable account names (e.g., NT AUTHORITY\SYSTEM). For more information, see#sid-resolution. |
| resolve_sids.cache_size | uint | 10000 | Maximum number of resolved SIDs to cache. Increase for environments with many unique accounts. |
| resolve_sids.cache_ttl | duration | 15m | How long resolved SID entries are cached before re-lookup. Lower values detect account changes faster; higher values reduce API calls. |
| raw_logs | bool | true | When enabled, the XML log is not parsed into a structure but instead saved to the log body. |
| event_data_format | enum | map | Sets the format used to express Event Data in the parsed log body. Options are 'map' or 'array'. Only exposed if raw_logs is false. |
| suppress_rendering_info | bool | true | When this is enabled, the source will not attempt to resolve rendering info. This can improve performance but comes at a cost of losing some details in the event log. |
| include_log_record_original | bool | true | When enabled, the original log record is included in the log body. |
| ignore_channel_errors | bool | true | When enabled, prevents shutdown of collector when failing to open channels, and instead logs a warning. |
| enable_file_offset_storage | bool | true | When enabled, the current position in the Windows Events will be saved to disk, and reading will resume from where it left off after a collector restart. |
| offset_storage_directory | string | ${OIQ_OTEL_COLLECTOR_HOME}/storage | The directory that the offset storage file will be created in. |
| enable_retry_on_failure | bool | true | Attempt to resend telemetry data that has failed to be transmitted to the destination. |
| retry_on_failure_initial_interval | int | 1 | Time (in seconds) to wait after the first failure before retrying. |
| retry_on_failure_max_interval | int | 30 | The upper bound (in seconds) on backoff. |
| retry_on_failure_max_elapsed_time | int | 300 | The maximum amount of time (in seconds) spent trying to send a batch, used to avoid a never-ending retry loop. |