I manage to get assistance from another graylog ninja, so thought i will share the solution to help anyone who is in the same situation.
So, we enabled allow_leading_wildcard_searches=true in the server.conf file
Then i could use this search query to get all user minus computer accounts.
EventID:4624 AND NOT TargetUserName:*$