For clients correct? This is found on Clients page on the Policies tab - Clients log settings. Is this where you set it? This is only client settings, not for sepm

However logs will be sent to sepm based on heartbeat setting. This is when this process is done.

Thanks, I thought it was based on the Heartbeat.

Logs will be sent based on Heartbeat setting..

Soem more reference to that:

Managing log data in the Symantec Endpoint Protection Manager (SEPM)
 http://www.symantec.com/docs/TECH153987

Accortind to the documentation - Heartbeat interval = Frequency in which client upload data to SEPM

You can also check this out in regards to the setting you set. It gives a full explanation:

About configuring event aggregation in the SEPM

On the Clients page, Policies page, Client Log Settings

Use this location to configure the aggregation of Network Threat Protection events. Events are held on the clients for the damper period before they are aggregated into a single event and then uploaded to the console. The damper period helps to reduce events to a manageable number. The default damper period setting is Auto (Automatic). The damper idle period determines the amount of time that must pass between log entries before the next occurrence is considered a new entry. The default damper idle is 10 seconds.