Stream rules logic to process only public IPV4 into it from the default 'all messages stream'

We have real-time events containing ‘public ip addresses’ coming into the All message Streams . Now , i wanted to create a new stream with a condition saying only if the messages contain public ip addresses in them , please route them into a different stream to apply some pipeline rules .

I have created a Grok Pattern to identify the public IP’s in the messages and has also created a new field dedicated to only public IP’s like shown here

Need a idea on how to map them in the stream rules ??

The simplest way is to use Stream rule - Type: field presence, if you have already field which contains only public IPs.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.