I'm sorry you are finding the product difficult to use. I'd be happy to schedule some time to give you a quick intro to the product and how to use it. There is a learning curve but I find that once customers get over that initial bump, they find it very powerful. Of course, we are always working to improve this.
No, LEM does not delete the local logs. It's possible that the server you are looking at isn't the same one that processed the account lockout event. If you go to Explore - nDepth then change from "Drag & Drop" mode to "Text Input" you can do a search on the event ID and it will show you all of the events. Once you are more familiar with the product, the Drag & Drop mode will be faster, but sometimes it's easier for people new to the product to start with the text input.
Next, you probably want to change the view to see the logs instead of the charts. At the very bottom of the screen there is a row of icons that allows you to visualize the data in different ways. Try changing to the Results Detail view to see the matching events.
Once you are viewing the full results, it should be clear which machine is logging the account disable messages. I would double check that it's the machine you expect. If the logs are really not on that server, you'll need to check for other reasons why. I hope that helps, but if not, let me know!