Windws Server 2012 R2 Event Log / Audit deleted files / Only last minutes visible

My goal: I want to find out who deletes files on a network share. Users are sometimes complaining that a file is missing and as usual the others are to blame.

I have file auditing enabled for this network shares. If I go to the event viewer to have a look at the audit events I see a ton of them, sometimes more than 100 from the same user in the same second, only "ReadAttributes" or "ReadData (or ListDirectory)". (I assume search index or similar)

How can I disable logging this events so they do not flood my event log?

My workaround is to make an XML filter using

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
    *
</Select>
<Suppress Path="Security">
    *[EventData[Data[@Name='AccessMask'] and (Data='0x80' or Data='0x1' or Data='0x81' or Data='0x20080' or Data='0x20089')]]
</Suppress>
</Query>
</QueryList>

to only display the important logs like changes and delete. There are always between 28-29k events in the security log.

Maybe because of that flooding I can only see the logs of the last minutes but not from 1 hour ago or longer. Also if I use XML filters. For example if I run

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
 *[EventData[Data[@Name='AccessMask'] and (Data='0x10000')]]
</Select>
</Query>
</QueryList>

to show the file deletions I only see the ones from like the past five minutes. If I look ten minutes later I see a completely different output and no longer files that were deleted 15 minutes ago.

Is there a maximum number of events in the log and if it is reached older ones are deleted? An archive? Where can I find the logs from one day ago?

Altogether this makes the audit log a non-sense as normally only after days (if not weeks) some user discovers that an important file was deleted. Suggestions?