Filter logs by logon type

Graylog Add-ons
1

I’m trying to filer out logs by logon type where I don’t want to receive logons with LogonType 5 and 3 with:

<Input eventlog>
    Module im_msvistalog
<QueryXML>
        <QueryList>
            <Query Id="0">
                <Select Path="Security">*[System[(Level=1  or Level=2 or Level=3 or Level=4 or Level=0)
                        and (EventID=1102 or EventID=4719 or EventID=4634 or EventID=4800 or EventID=4801 or EventID=4779 or EventID=4778 or EventID=4704 or EventID=4717 or EventID=4738
                        or EventID=4798 or EventID=4705 or EventID=4723 or EventID=4946 or EventID=4950 or EventID=6416 or EventID=4624
                        or EventID=4625 or EventID=4732)]]
                </Select>
            </Query>
         </QueryList>
    </QueryXML>
Exec if ($EventID == 4624 and ($EventData.LogonType == 3 or $EventData.LogonType == 5)) or \
    ($EventID == 4625 and ($EventData.LogonType == 3 or $EventData.LogonType == 5)) drop();

    SavePos TRUE
    ReadFromLast TRUE
</Input>

There are no errors in nx log logs but events with logon type 5 and 3 are still sent, can anybody assist here?