Signal boosting this question. I know it's a slightly older post, but I'm having the same issue. Usually it's with exchange or our DCs. We only have around 100 people in our company, but we can hit 9999+ logs in a matter of minutes with this logon/logoff spam. Any ideas on how to clean it up?
For future reference for anyone else having this problem. I contacted Solarwinds Support and they informed me that there wasn't anyway for SEM to pick and choose which user logons come in so they need to be mitigated at the source. They also included this link to a best practice article:
Hopefully this helps the next person.