Anonymize IPv4 address

Sometimes you need to anonymize IPv4 address. There are lot of solutions, one simple is to replace last octet with some text. This little snippet uses this approach to replace all ipv4 address in message:

rule "Anonymize IPv4"
when
   has_field("message")
then
      let anon_ip = regex_replace(pattern: "(?<![0-9])(?:([0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.]([0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.]([0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.]([0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])",
        value: to_string($message.message),
        replacement: "$1.$2.$3.xxx"
    );
    set_field("message", anon_ip);
end
2 Likes

Thanks for the first post, @shoothub . Let us know if we need to add anything to this category