@Marinela Boksan ,
To filter the audit logs in Azure DevOps to show only the actions related to adding or deleting group members, you can use the area and actionId fields in your request.
Here is an example of how you can use these fields in a REST API request:
GET https://dev.azure.com/{organization}/{project}/_apis/audit/events?api-version=6.1-preview.3
&area=Group
&actionId=Group.UpdateGroupMembership.Add,Group.UpdateGroupMembership.Remove
This request will retrieve only the audit events related to the Group area and have an actionId of Group.UpdateGroupMembership.Add or Group.UpdateGroupMembership.Remove.
You can also use the Azure DevOps web interface to filter the audit logs. To do this, go to the "Audit logs" page in the project settings, and use the filters on the page to select the Group area and the Add or Remove action.
Keep in mind that the audit logs in Azure DevOps are retained for a limited time (90 days by default), so you may not be able to retrieve all the events you are interested in if they occurred more than 90 days ago. You can change the retention period for the audit logs in the project settings.
----------
Please "Accept as Answer" and Upvote if any of the above helped so that it can help others in the community looking for remediation for similar issues.