Depending on the type of organisation you are working for, you may have requirements to remain compliant to a set of guidelines or have to monitor, audit or report on certain activities on your systems. It is worth seeking this guidance from your company and identifying how LEM can help you achieve this. Note that the out of the box configuration may not necessarily achieve this, so you may have to add and start specific connectors, manage additional nodes, schedule reports and perform nDepth queries. Filters are fine for monitoring current events, but if you close the console and re-open it, you will have a gap in the events received to your console. I would tend to use nDepth and rules for auditing and alerting of events.
I must say Garreth's suggestions are right on point. I could be off base with my thinking but asking what are some best practices is a little like playing darts blind folded. You can not hit your requirements without knowing what they are. With SIEM solutions the best best practice you can have is learn to find out what your monitoring requirements are. I am not saying many users on the community do not have specific rules that we implement over and over again but they like in my case I support clients primarily within the Federal Government. This means I have a baseline and best practices for monitoring that encompasses regulations and compliance in that community. All organizations infrastructure is different and have different policies and regulations that govern them. I am sure this may not be what you wanted to hear. If you are looking for specific Filters, Rules and Reports it would help to post what your organizations general requirements or pains are and then ask what are some best practices the community uses to meet them.
Hope this helps.