First, the reason it's not working is because you have an "OR" in the logic. The orange line on the right with the round bump in your screen shot means "OR."
Second, you may be solving the wrong problem. Based on what you're trying to exclude, I'm guessing you ran a "Node Discovery" and then didn't uncheck the boxes for things you don't own. I bet if you go to Manage --> Appliances, click the gear next to your LEM, go into "Connectors" and look at the log readers you have configured, you have a bunch with the term "Connector Discovery" for products that aren't actually sending logs, like PAM, F5 and BSD. Instead of modifying the filter, just remove the bogus connectors (click gear, STOP, click gear, DELETE). That will solve the larger problem and improve LEM performance.