Windows server 2016 Security Log - Remove extra description text?
All Windows events exist in two formats: Xml, and Rendered Text. Usually you only need the Xml data. If the Sumo collectors are configured to send Rendered Text (seems like it), 80% of your log data is useless redundant junk.
The "renderMessages" setting seems applicable. default: True
Flag indicating if full event messages are collected (true) or just core event metadata (false)
https://help.sumologic.com/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/JSON-Parameters-for-Installed-Sources#Local_Windows_Event_Log_Source