Sending logs to SIEM

Good morning, my name is Francisco.

When a packet or a frame is generated, this can create a basic event entry, in some of the different logs:
- dns.log
- conn.log
- http.log
- certs.log

So I understand that a frame/packet can be equal to 1 or several basic events in zeek.

I have also found that the unique identifiers that are created in each entry is the UID of the session.

In a session different packets are sent, so I have the doubt if for each packet that is sent in a session a new entry is created in the records mentioned above, or if they are created only when the sent packets meet a series of conditions.

I need to understand this to know how I should send the information to the SIEM so as not to overload it.

With this doubt I also have the following question,
Do you have any recommendation about which basic records are usually sent to a SIEM?

I am referring to both events and specific alerts.

Thanks in advance!