We have a fairly small deployment (~15 million events per day) so haven't needed to tweak any settings in Event Distribution Policy as yet, but I'm keen to expand our deployment and find out what others have done along this line.
I can start...
Around 50% of our events were ObjectAudits. I picked apart sample after sample and tried to find how these events could be useful to us in any way, and couldn't think of a single use case for a rule that would be accurate or helpful. So, after turning object auditing off in the Event Distribution Policy, our LEM manager is now bringing in less than half of what it was before. Should this stuff be logged to LEM, or even at all? Not sure yet, we're still reviewing our domain-wide policies..but for now, it's still being logged and backed up locally (it's there if we do ever need it for whatever reason)..it's just not unnecessarily bogging down LEM.
edit: Is this a terrible idea? If so, tell me