I would not log the entire list of group memberships but just populate a user-defined variable in the matching rule. Without knowing your rule structure it's hard to tell but let's assume you have a list of rules that match specific OU membership, you could add an event to each rule to just write the string you want to log into a user-defined property. Subsequently you need to modify the logging rules to pull that user-defined property instead of the Authentication.UserGroups.
That is a very good workaround. I need to rewrite a little bit how my policy works but this will a much easier work than finding a way to actually filter the list of strings of my OUs.
Thanks a lot ifrank!