I see, so part of the problem is that events expiration, querying evented tables is all a bit complex. I would need to double check but what

events_optimize

is doing, is to prevent events that have already been queried to show again at a subsequent query from the same scheduled query. The problem though is that when you query/join two separate evented table, the events can appear at different times. Like the process events can appear before the query actually runs but the socket event appears after