View NTP logs all BUT certain IP

This is NOT about a rule at all. Nothing to do with blocking or not, configuring the firewall or IPS, etc.
This is about VIEWING the logs - the results. VIEWing, choosing what to NOT view.

Scenario - SEP management console.
Choose Monitors tab on the left.
Choose Logs tab on the top.
Under "What type of log would you like to see?" choose Network Threat Protection from the Log type dropdown.
Choose "attacks" from Log content dropdown.
Under "What filter settings would you like to use?" choose any time you like - I picked "Past Week".
Severity - choose Critical from the dropdown.
The QUESTION - How can I view all entries that this would show EXCEPT a certain IP address under "Remote IP address".
The default is * - meaning show ALL log entries related to attacks in the past week that were critical in severity involving ANY remote IP address.
I want to EXCLUDE certain remote IP addresses as there's a test that runs on occasion that triggers dozens of "attack" entries. That's fine, that's what I hope, however, when I view the logs as above, I want to view everything EXCEPT that IP address.
Actually you can apply that request to most logs, be it application control, device control, NTP, etc. - how can I view logs but choose to NOT view those related to a certain computer or certain remote host or IP address?
Say a computer has a problem that causes it to generate numerous entries in the application control logs - I use all of the above list but choose application control and not NTP/attacks - and want to see all entries for application control EXCEPT for a computer named "his-computer".

Is there a way to create a NEGATIVE filter, so far all I see are "positive" filters - "include", I see no "exclude" available.
Where there is a * by default, I want to put in <>10.111.222.12 for example and view all log entries except those involving that IP.
Or for some applicatin control checks, I want to put in <>COMPUTERNAME  (or ! COMPUTERNAME )
I guess if there is no such thing - I'm pretty suprised - but perhaps not really as the logging/reporting doesn't allow to receive alerts on just BLOCKED devices, either - it's all detected be it allowed or not, or get no reports at all.

I'm hoping this isn't a limitation on SEP logs - logs are the most important tool for me and my work.
Without logs, I'd never be able to claim 29 months VIRUS FREE here  (protecting 350 users who like to click anything that remotly resembles a link...............).