A couple of clarifications to make sure we're on the same page:
Log and Event Manager maintains the raw logs by default for a short period of time, namely in order to "normalize" them which means that the LEM connectors read the data, parse the data, and put key data into specific fields so that it can be searched, correlated, etc.
Typically for most customers maintaining the "raw" events (such as EVTX or Syslog) natively is not required.
If you just want to search for the correlated data to make sure that you're getting events, you can do it from ndepth:
In your situation, if it is required by management or for auditing purposes, the LEM can be configured to retain the raw events in a separate database. If you feel this database has been enabled, this article will discuss confirming that and how to use it:
Search raw log messages in LEM using nDepth search - SolarWinds Worldwide, LLC. Help and Support
If it is enabled, there is a steep resource cost associated with it, so you will want to make sure that it is absolutely necessary in advance and I usually suggest reaching out to Support as well so that they can discuss all of the options available to you. If you would like to know more about enabling the raw database, you can find that article here: