This information is based on the information provided by the logs directly on the server. There isn't likely to be another connector that will read the data as this is what's being presented in the logs. You can find the event in the Event Viewer of the machine to verify.
That being said, there may be another event that does a better job of capturing what you want. Can you tell which Windows Event ID is giving you the information you provided above?
From a quick search it looks like you'll want event ID 4733 for removing a user from a group which should show up in the LEM as DeleteGroupMember.
When I tested with a domain and then again with a local user account it presents the username in the event so either there may be another setting for your machine/policy to work with or something else is going on. Is the user account being deleted instead of simply removed from the local group?
Additionally you may be able to get the information for the username from a different field, such as DestinationAccount or MemberID.
You are correct, it is event 4733. The event shows the correct information in the log: Member: Security ID: domain\userid; however, when LEM sends the error it turns it into a SID. If I look at the Friendly View of the XML, I can see the MemberSid is listed instead of Security ID. With that in mind, I think the server Event Viewer is doing the conversion from SID to ID when you look at it there; however, when it sends the alert to LEM, it sends the XML data instead (which contains the SID and no ID)... LEM can't do the Active Directory lookup to give you the appropriate user id...