We have the following filter applied to our ms_vistalog_filtered.conf, which is working:

    Exec if $EventID NOT IN (%MonitoredEventIds%) drop(); 
	<Exec>    
		$Hostname = hostname_fqdn();
        to_json();
	</Exec>

If I attempt to add anything to this filter, logs stop coming in entirely.  I have tried using a single block, multiple exec commands, and multiple exec blocks.  I ultimately I need to filter out EventID 4663 for some of our noisy applications.  My single block filter looks like this:

 <Exec> if 
				($EventID NOT IN (%MonitoredEventIds%)
				or (($EventID ==  4663)
					and ($raw_event =~ /c:\\\\program\sfiles\\\\java\\\\jre1\.8\.0_92\\\\bin\\\\java\.exe/i
					or $raw_event =~ /c:\\\\programdata\\\\oracle\\\\java\\\\javapath_target_185880968\\\\java\.exe/i
					or $raw_event =~ /c:\\\\program\sfiles\\\\java\\\\jdk1\.8\.0_92\\\\bin\\\\java\.exe/i
					or $raw_event =~ /d:\\\\java\\\\jdk1\.8\.0_181\\\\jre\\\\bin\\\\java\.exe/i
					or $raw_event =~ /c:\\\\program\sfiles\\\\git\\\\mingw64\\\\bin\\\\git\.exe/i
					or $raw_event =~ /c:\\\\programdata\\\\oracle\\\\java\\\\javapath_target_1471633062\\\\java\.exe/i
					or $raw_event =~ /c:\\\\windows\\\\system32\\\\netstat\.exe/i))
			) drop();
	$Hostname = hostname_fqdn();
    to_json();

</Exec>

I have also tried something as simple as:

Exec if $EventID NOT IN (%MonitoredEventIds%) drop();
Exec if $raw_event =~ /c:\\windows\\system32\\netstat.exe/i drop();
<Exec>

$Hostname = hostname_fqdn();
to_json();
</Exec>

There are many other iterations, but these I think illustrate the simplest filters we've tried.  Any change to the filter and restart of nxlog service results in all logs being dropped. not just eid 4663.  Is there something wrong in my syntax or some other issue I am missing?