hate to tell you, but the http://C.Net|C.Net function is expensive. Regex might be a little lighter, beleive it or not.

specifically if you have a high volume of data you're checking as to whether it's RFC1918 or not

I cratered Stream until we figured that out while I was checking the same thing for Palo Alto logs (lots of big logs with lots of IPs).

my new subnet falls on clean octet boundaries, so that shouldn't be too hard

I'd move the initial check to your pre-process pipeline/pack and create a temporary boolean variable to use in your filter.

something like, `__isPrivate==true` kind of thing