Are they Domain Admins, or just Local Admins, or both? You could possibly do this more simply if you wanted to by looking for domain admins and ANY local account logins (since presumably on a domain local logons really shouldn't be happening). If you integrate LEM with Active Directory you can pull down the Domain Admins group and then create a "UserLogon.LogonType = *Interactive*" AND "UserLogon.DestinationAccount = Domain Admins" rule.
However, to answer the question.... we need a field that is the same across the two of them to tie them together, then we can do something like:
UserLogon.ProviderSID = *4624
and
PolicyScopeChange.ProviderSID = *4762
and
UserLogon.DestinationAccount = PolicyScopeChange.DestinationAccount
within ~30 seconds.
(You might also want to toss in a DetectionIP or DestinationMachine in case that user could be logging on more than one place at once, but that's pretty unlikely.)
...but from the screenshots it looks like the logon has the bare username and the privilege assignment has DOMAIN\username?